You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Once we allowed use LAContext object instead of prompt string for the biometric authentications, we opened a gate that allows application to use such context for multiple times. Basically, application can pre-authorize its own context and re-use it for multiple times for the biometric signature.
We should mention in documentation that this usage is strongly not recommended, due to the following reasons:
LAContext can be reused for a very long time and the biometric dialog is not displayed. The exact time depends on iOS implementation, but can be longer than 5 minutes and shorted than 10 minutes (validated by our experiments)
It would cause a legislative problems in case that application signs a critical data (like payment). It would be problematic to prove that user authenticated such request, or it's just a bug in the application.
The text was updated successfully, but these errors were encountered:
Once we allowed use
LAContext
object instead of prompt string for the biometric authentications, we opened a gate that allows application to use such context for multiple times. Basically, application can pre-authorize its own context and re-use it for multiple times for the biometric signature.We should mention in documentation that this usage is strongly not recommended, due to the following reasons:
LAContext
can be reused for a very long time and the biometric dialog is not displayed. The exact time depends on iOS implementation, but can be longer than 5 minutes and shorted than 10 minutes (validated by our experiments)The text was updated successfully, but these errors were encountered: