Skip to content

MASTG-TEST-0271: Runtime Use Of APIs Detecting Biometric Enrollment Changes

Overview

This test is the dynamic counterpart to References to APIs Detecting Biometric Enrollment Changes.

Steps

  1. Use runtime method hooking (see Method Hooking) and look for uses of SecAccessControlCreateWithFlags and specific flags.

Observation

The output should contain a list of locations where the SecAccessControlCreateWithFlags function is called including all used flags.

Evaluation

The test fails if the app uses SecAccessControlCreateWithFlags with any flag except the kSecAccessControlBiometryCurrentSet flag for any sensitive data resource worth protecting.

Demos

MASTG-DEMO-0046: Runtime Use of kSecAccessControlBiometryCurrentSet with Frida