Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

TouchID - Detect new fingerprints added - When does evaluatedPolicyDomainState change?

I'm integrating TouchID into my app. I'm allowing the user to turn it on and off for security reasons. I want it to auto-turn off when the user adds a new fingerprint. According to Apple, evaluatedPolicyDomainState

This property returns a value only when the canEvaluatePolicy(:error:) method succeeds for a biometric policy or the evaluatePolicy(:localizedReason:reply:) method is called and a successful Touch ID authentication is performed. Otherwise, nil is returned.

The returned data is an opaque structure. It can be used to compare with other values returned by this property to determine whether the database of authorized fingerprints has been updated. However, the nature of the change cannot be determined from this data.

However, I'm adding a new fingerprints and evaluatedPolicyDomainState stays the same.

Any idea on how can I make sure evaluatedPolicyDomainState gets updated or if there's any other way of checking if a new fingerprint was added?

like image 812
Cristian Pena Avatar asked Jul 15 '16 13:07

Cristian Pena


2 Answers

So after struggling for a couple of hours, I finally found the solution.

    let context = LAContext()
    context.canEvaluatePolicy(.DeviceOwnerAuthenticationWithBiometrics, error: nil)

    if let domainState = context.evaluatedPolicyDomainState
        where domainState == oldDomainState  {
        // Enrollment state the same

    } else {
        // Enrollment state changed

    }

Every time you add or delete a fingerprint, the domain state changes. You need to call canEvaluatePolicy for evaluatedPolicyDomainStateto be updated.

like image 138
Cristian Pena Avatar answered Oct 09 '22 03:10

Cristian Pena


Below is the solution to convert the data value of evaluatedPolicyDomainState into string and store it in keychain. If there is any change of Touch Id, then you just need to compare the value of evaluatedPolicyDomainState.

if context.canEvaluatePolicy(.deviceOwnerAuthenticationWithBiometrics, error: nil) {
    if let domainState = context.evaluatedPolicyDomainState {
        let bData = domainState.base64EncodedData()
        if let decodedString = String(data: bData, encoding: .utf8) {
            print("Decoded Value: \(decodedString)")
        }
    }
}

Note: I didn't test this code for Face Id, I believe it will work for both.

like image 4
A K M Saleh Sultan Avatar answered Oct 09 '22 03:10

A K M Saleh Sultan