Detect if a change has been made to biometrics using FaceID or TouchID

Hi team, is there a native way to detect if a change has been made to biometrics using FaceID or TouchID? Thanks in advance.

Answered by DTS Engineer in 846924022

You can do this using the LADomainState type, or the evaluatedPolicyDomainState property on older systems.

Why would a third party have to know and the right to know?

Because some folks want to implement a security policy that only works with the current biometric setup. Indeed, the keychain implements this exact policy, via the .biometryCurrentSet property.

Note that these APIs don’t return detailed information about the biometric setup. Rather, they return an opaque hash that you can check between calls.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Why would a third party have to know and the right to know ? IMHO that would be a privacy (and possibly security) breach, isn't it ?

You can do this using the LADomainState type, or the evaluatedPolicyDomainState property on older systems.

Why would a third party have to know and the right to know?

Because some folks want to implement a security policy that only works with the current biometric setup. Indeed, the keychain implements this exact policy, via the .biometryCurrentSet property.

Note that these APIs don’t return detailed information about the biometric setup. Rather, they return an opaque hash that you can check between calls.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Detect if a change has been made to biometrics using FaceID or TouchID
 
 
Q