Skip to main content
The application was observed to store keychain items with the accessibility type kSecAttrAccessibleAlways meaning that the data is not sufficiently protected at rest. Ideally, the application should use kSecAttrAccessibleWhenUnlocked to configure the data to be accessible only when the user has unlocked the screen.
Likelihood: LOW
Confidence: HIGH
CWE:
- C
- W
- E
- -
- 2
- 7
- 2
- :
-

- L
- e
- a
- s
- t
-

- P
- r
- i
- v
- i
- l
- e
- g
- e
-

- V
- i
- o
- l
- a
- t
- i
- o
- n
I