Skip to content

MASTG-TEST-0269: Runtime Use Of APIs Allowing Fallback to Non-Biometric Authentication

Overview

This test is the dynamic counterpart to References to APIs Allowing Fallback to Non-Biometric Authentication.

In this case we'll hook SecAccessControlCreateWithFlags and its specific flags.

Steps

  1. Use Installing Apps to install the app.
  2. Use Method Hooking to hook the relevant APIs.
  3. Exercise the app extensively to trigger as many flows as possible and enter sensitive data wherever you can.

Observation

The output should contain a list of locations where the SecAccessControlCreateWithFlags function is called including all used flags.

Evaluation

The test case fails if the app uses SecAccessControlCreateWithFlags with the kSecAccessControlUserPresence or kSecAccessControlDevicePasscode flags for any sensitive data resource that needs protection.

Demos

MASTG-DEMO-0044: Runtime Use of kSecAccessControlUserPresence with Frida