The Local Authentication library was found included in your application binary. At worst, it is being used for biometric authentication that is easily bypassed by someone with access to the device. At best, it is extraneous functionality that should not be included in the app as a best practice.
Recommendation
Consider using Keychain ACLs (Access Control Lists) to achieve similar
functionality.
An example implementation would store the application's
secret in a Keychain and assign an ACL to this Keychain item that would
instruct iOS to perform a user presence check before reading and returning
the Keychain item to the application. Sample code can be found
on Apple's website.
Summary
The Local Authentication library was found included in your application binary. At worst, it is being used for biometric authentication that is easily bypassed by someone with access to the device. At best, it is extraneous functionality that should not be included in the app as a best practice.
Recommendation
Consider using Keychain ACLs (Access Control Lists) to achieve similar functionality.
An example implementation would store the application's secret in a Keychain and assign an ACL to this Keychain item that would instruct iOS to perform a user presence check before reading and returning the Keychain item to the application. Sample code can be found on Apple's website.
Risk and Regulatory Information
Severity: low CVSS: 3.8
Application
See more detail in the NowSecure Report