What’s new in TouchID iOS 9

TouchID is the biometric authentication technology that Apple introduced in iOS 7 to unlock user devices and make purchases in the App Store. It is built on framework named LocalAuthentication.

In iOS 9, There are several new features introduced in LocalAuthentication framework which is listed below:-

• Support for reusable TouchID matches
• Support for cancelling a user prompt from code
• Get representation of current set of enrolled fingers. All apps will change behaviour when a finger is enrolled or removed
• Evaluation of keychain access control lists and use of authentication context in keychain calls

Support for reusable TouchID matches

Apple has introduced a new feature in iOS 9 through which we can reuse iPhone unlock authentication for applications. Just add LAContect property called “touchIDAuthenticationAllowableReuseDuration”.

Previous TouchID authentication cannot be reused and maximum supported intervals is 5 minutes. By setting value beyond 5 minutes, the accepted interval cannot be increased. “touchIDAuthenticationAllowableReuseDuration” property sets a time interval for accepting a successful TouchID unlock from the past.

Here, time interval is in seconds. If the device is successfully unlocked by TouchID with in time interval, then TouchID authentication on this context will succeed automatically and the reply block will be called user for TouchID.

Note: – These features are supported only when phone is unlocked using TouchID.

Support for cancelling a user prompt from Code

• To implement a functionality that automatically cancels authentication context after some time, in iOS 8, it is not possible until you press on authentication alert cancel button.
• With iOS 9 this has been resolved. Now, we can manually cancel authentication context by calling property “invalidate()”. Invalidation terminates any existing policy evaluation and the respective call will fail with LAErrorAppCancel.
• After the context has been invalidated, it cannot be used for policy evaluation and an attempt to do so will fail with LAErrorInvalidContext.

The ability to get a representation of the current set of enrolled fingers

A representation of current set of enrolled fingers can be obtained and when any operation occurs relating to enrolment and deletion, different data can be obtained from previous data from fingerprint database.

Current fingerprint data can be accessed in TouchID Authentication by “evaluatedPolicyDomainState” property. In output, we get NSData as current enrolled finger data value.

By checking/comparing current finger data with previous data, you can do some action if any operation performs with finger database.

LAPolicy

There are two types of LAPolicy available in LocalAuthentication Framework:-

• DeviceOwnerAuthenticationWithBiometrics
• DeviceOwnerAuthentication

DeviceOwnerAuthenticationWithBiometrics

This Policy is introduced in iOS 8 and it gives user-authentication by using “Biometrics”. If biometrics fails, then custom authentication mechanism for authentication use as a fallback mechanism can be used for the application.

If TouchID is not available or not enrolled, then policy evaluation will fail and if TouchID is locked out, Passcode is required to unlock the TouchID. Biometrics authentication will get locked after 5 unsuccessful attempts.

If you use DeviceOwnerAuthenticationWithBiometrics as LAPolicy and do not set fall-back mechanism, then in the app review process Apple will reject application for same reason.

DeviceOwnerAuthentication

These policies are newly introduced in iOS 9 and it authenticates use by using “Biometrics” and “Device Passcode”. Custom fall-back mechanism for authentication is not required in this policy “Device Passcode” is used as custom fall-back mechanism.

If TouchID is available, enrolled and not locked out, user is first asked for it, otherwise user has to authenticate it using device passcode.

Biometrics authentication will get locked after 5 unsuccessful attempts and Passcode authentication will get locked after 6 unsuccessful attempts and with progressively increased back off delay.

LAError

LocalAuthentication framework also supports variety of error types, where each one represents a fail reason and gives the developers options to take proper action in each case. The error types are implemented as an enum:

enum LAError : Int {
/* Availability in iOS 8 */
case AuthenticationFailed
case UserCancel
case UserFallback
case SystemCancel
case PasscodeNotSet
case TouchIDNotAvailable
case TouchIDNotEnrolled
/* Availability in iOS 9 */
case TouchIDLockout
case AppCancel
case InvalidContext
}

Here only those LAError details are available which are introduced in iOS 9:-

• TouchIDLocout: – Authentication was unsuccessful because there were too many failed TouchID attempts and now TouchID is locked and it must require passcode to unlock TouchID.
• AppCancel:- Authentication was cancelled by application, which means it will manually dismiss authentication by calling invalidate() method
• InvalidContext: – LAContext passed to this call has been previously invalidated.

With these new features, iOS app developers can integrate TouchID feature in applications and seamlessly integrate it with the user device. It also gives the user more control and security with simple measures.