Swift : Bad biometric authentication

The LocalAuthentication framework is used for a user authentication, which may not be sufficient for applications requiring heightened level of security control.

Touch ID and Face ID based authentication can be implemented in two different ways:

• Using the LocalAuthentication framework,
• Using Touch ID based on access controls in the Keychain.

Despite the fact that both these methods are pretty secure for most applications, the LocalAuthentication approach has some specifications that make it less suitable for high severity applications (i.e. medical, banking and insurance apps):

• LocalAuthentication is defined out of the device’s Secure Enclave (it is a memory encryption coprocessor that performing all cryptographic operations for a control of data security protection keys), this could entail changes in APIs on jailbroken devices.
• LocalAuthentication authenticates the user by evaluating the context which may has only true or false values. It means that the application will not be able to know who is really being authenticated. The application is simple defined was the fingerprint which was used for authentication registered on the device or not. In addition, all fingerprints that will be future registered on the device also will be evaluated as true value for an authentication.