search

christianselig / apollo-bugs

A public bug tracker for Apollo, an iOS Reddit app
227 stars 15 forks source link

Face ID unlock bypass #1611

Open mariostoica opened 2 years ago

mariostoica commented 2 years ago

When opening the app with a mask on it prompts me to type in the passcode. If I close the app (swipe up) and open it again I can bypass the biometric unlock (no face id or passcode).

Device: 12 mini iOS 15.2.1

drfloyd5 commented 2 years ago

Ditto.

=======

App Version: 1.12.2 ULTRA+PRO Enabled
iOS version: 15.4 Beta
Device Type: iPhone 13 Mini 256

How often can you reproduce the issue: Consistently. 20 times a minute.

Reproducible Steps:

  1. Set Apollo to require a passcode.
  2. Set Apollo to not require face id.
  3. Reset Apollo? Not sure if this step is necessary or if iOS's natural app management closing it is just fine.
  4. Touch Apollo Icon on Home Screen.
  5. When passcode request is displayed, go back to Home Screen.
  6. Touch Apollo Icon on Home Screen.
  7. *No Passcode is requested.*
jdgregson commented 2 years ago

Can confirm, this is still a valid security feature bypass four months later.

jdgregson commented 2 years ago

Correction: this bug has been left unfixed for at least seven months.

Duplicates:

Void48 commented 1 year ago

Has this been fixed?

jdgregson commented 1 year ago

Yes, this was fixed in version 1.13.1.