Closed IldarAbdullin-okta closed 5 years ago
tbelote-okta
commented
5 years ago Do you also want to provide an API for the unlock and this device only permissions to prevent backup? And while thinking about it RSA versus EC because only EC is run in the Secure Enclave.
Challenge about when to allow access is with the Apple Watch. You might often use the apple watch before the phone has ever been unlocked.
tbelote-okta
commented
5 years ago looks pretty good otherwise
IldarAbdullin-okta
commented
5 years ago Do you also want to provide an API for the unlock and this device only permissions to prevent backup? And while thinking about it RSA versus EC because only EC is run in the Secure Enclave.
Challenge about when to allow access is with the Apple Watch. You might often use the apple watch before the phone has ever been unlocked.
Accessibility to stored keychain item is being controlled by accessibility parameter. You as a developer can override default value during calling set: API. Default value is - kSecAttrAccessibleWhenUnlockedThisDeviceOnly, which I think is the most secure setting(no backups, no background access)
Scope for the beta:
@marcpowell-okta , @tbelote-okta , please review