|
|
|
|
|
|
by pudquick
4239 days ago
|
|
|
Interesting article. I think Apple could remediate this by extending the Local Authentication API into a get/set keychain-backed method. You'd do something like [TouchID getLocalAuthFor:"uniqueIdentifier"] and success would return the secret. The app could store a one-way hashed copy of the secret to verify the correct value had been received. This would also rely on using encrypted local storage otherwise this all gets bypassed by USB access. This would require extending the keychain on iOS to include items decryptable/retrievable only with TouchID biometric information. ... And there comes the rub: your fingerprint information is local per device and not transferred. These keychain items would only be decryptable on the same device and only as long as you don't replace your recorded fingerprints. This may be part of why Apple is only doing a yay/nay API at the moment - because anything more starts verging into people/devs complaining they can't unlock their secrets when iCloud Keychain or device replacements are in use. Apple is not currently transferring your TouchID biometrics between devices and I'm pretty sure this is a business they're intentionally avoiding. |
|
|