Skip to content

MASTG-TEST-0271: Runtime Use Of APIs Detecting Biometric Enrollment Changes

Overview

This test is the dynamic counterpart to References to APIs Detecting Biometric Enrollment Changes.

In this case we'll hook SecAccessControlCreateWithFlags and its specific flags.

Steps

  1. Use Installing Apps to install the app.
  2. Use Method Hooking to hook the relevant APIs.
  3. Exercise the app extensively to trigger as many flows as possible and enter sensitive data wherever you can.

Observation

The output should contain a list of locations where the SecAccessControlCreateWithFlags function is called including all used flags.

Evaluation

The test case fails if the app uses SecAccessControlCreateWithFlags with any flag except the kSecAccessControlBiometryCurrentSet flag for any sensitive data resource worth protecting.

Demos

MASTG-DEMO-0046: Runtime Use of kSecAccessControlBiometryCurrentSet with Frida