CodeAnt AI home pagelight logodark logo
  • Support
  • Dashboard
  • Dashboard
Documentation
API Reference
Start Here
  • What is CodeAnt?
  • Join Community
Setup
  • Github
  • GitHub Enterprise
  • Bitbucket
  • Gitlab
  • Azure Devops
Pull Request Review
  • Features
  • Customize Review
  • Quality Gates
  • Integrations
Scan center
  • Code Security
  • Code Quality
  • Cloud Security
  • Engineering Productivity
Integrations
  • Jira
  • Test Coverage
  • Quality gates
  • Automated scans
IDE
  • Setup
  • Review
  • Enhancements
Rule Reference
  • Compliance
  • Anti-Patterns
  • Code Governance
  • Infrastructure Security Database
  • Application Security Database
    • Apex
    • Bash
    • C
    • Clojure
    • Cpp
    • Csharp
    • Dockerfile
    • Elixir
    • Fingerprints
    • Generic
    • Go
    • Html
    • Java
    • Javascript
    • Json
    • Kotlin
    • Ocaml
    • Php
    • Problem-based-packs
    • Python
    • Ruby
    • Rust
    • Scala
    • Solidity
    • Swift
      • Biometrics-and-auth
        • Acl-changes
        • Keychain-always-accessible
        • Keychain-sync
        • Local-biometrics
          • Insecure biometrics
        • Missing-user-auth
        • No-verify
        • Pass-fallback
      • Commoncrypto
      • Cryptoswift
      • Insecure-communication
      • Lang
      • Pathtraversal
      • Sql
      • Sqllite
      • Webview
      • Webview
    • Terraform
    • Typescript
    • Yaml
Resources
  • Open Source
  • Blogs
Local-biometrics

Insecure biometrics

insecure-biometrics

The application was observed to leverage biometrics via Local Authentication, which returns a simple boolean result for authentication. This design is subject to bypass with runtime tampering tools such as Frida, Substrate, and others. Although this is limited to rooted (jailbroken) devices, consider implementing biometric authentication the reliable way - via Keychain Services.
Likelihood: LOW
Confidence: HIGH
CWE:
- C
- W
- E
- -
- 3
- 0
- 5
- :
-

- A
- u
- t
- h
- e
- n
- t
- i
- c
- a
- t
- i
- o
- n
-

- B
- y
- p
- a
- s
- s
-

- b
- y
-

- P
- r
- i
- m
- a
- r
- y
-

- W
- e
- a
- k
- n
- e
- s
- s
Keychain device syncKeychain without user auth
twitterlinkedin
Powered by Mintlify
Assistant
Responses are generated using AI and may contain mistakes.