Local-biometrics
Insecure biometrics
insecure-biometrics
insecure-biometrics
The application was observed to leverage biometrics via Local Authentication, which returns a simple boolean result for authentication. This design is subject to bypass with runtime tampering tools such as Frida, Substrate, and others. Although this is limited to rooted (jailbroken) devices, consider implementing biometric authentication the reliable way - via Keychain Services.
Likelihood: LOW
Confidence: HIGH
CWE:
- C
- W
- E
- -
- 3
- 0
- 5
- :
-
- A
- u
- t
- h
- e
- n
- t
- i
- c
- a
- t
- i
- o
- n
-
- B
- y
- p
- a
- s
- s
-
- b
- y
-
- P
- r
- i
- m
- a
- r
- y
-
- W
- e
- a
- k
- n
- e
- s
- s
Likelihood: LOW
Confidence: HIGH
CWE:
- C
- W
- E
- -
- 3
- 0
- 5
- :
-
- A
- u
- t
- h
- e
- n
- t
- i
- c
- a
- t
- i
- o
- n
-
- B
- y
- p
- a
- s
- s
-
- b
- y
-
- P
- r
- i
- m
- a
- r
- y
-
- W
- e
- a
- k
- n
- e
- s
- s