|
|
|
|
|
|
by rucceett
4239 days ago
|
|
|
Summary: The Dropbox passcode lock is only a view preventing access to the app, but does not encrypt anything. Dropbox' use of Touch ID does not improve on this and it uses a Touch ID API that only provides a yes/no answer. > Instead, it could actually grant access to cryptographic keys. As, however, the keys would still be stored on the device (although in the keychain), this is merely a compromise, albeit one which could actually provide added value (ACL protected items are not backed up). That's all Touch ID can do. The data stored in the keychain (with a kSecAccessControlUserPresence ACL) is encrypted with a key the secure enclave needs to provide (or it is asked to decrypt an item-specific key). So without the secure enclave agreeing, which it only does when it finds a matching fingerprint, you can't get the data. What more can you expect? |
|
|