Programmatically detect whether iOS passcode is enabled or not Programmatically detect whether iOS passcode is enabled or not ios ios

Programmatically detect whether iOS passcode is enabled or not


For iOS 9+ you can detect it using the new LocalAuthentication class, and it works on Simulator as well as devices:

import LocalAuthenticationprivate func devicePasscodeSet() -> Bool {    //checks to see if devices (not apps) passcode has been set    return LAContext().canEvaluatePolicy(.deviceOwnerAuthentication, error: nil)  }


Update

As of iOS 9, you can achieve this using the LocalAuthentication.framework. If targeting iOS 9+ read the comments here or look at this answer.

If you still need to target iOS 8 then continue reading :)


Starting in iOS8, you can!
I've put together a simple category to easily check the status: https://github.com/liamnichols/UIDevice-PasscodeStatus

How it Works

This category works by using the new accessControl features added to the Security.Framework in iOS 8.It attempts to add an item to the keychain using the kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly protection level.

The documentation states the following:

Item data can only be accessed while the device is unlocked. This class is only available if a passcode is set on the device. This is recommended for items that only need to be accessible while the application is in the foreground. Items with this attribute will never migrate to a new device, so after a backup is restored to a new device, these items will be missing. No items can be stored in this class on devices without a passcode. Disabling the device passcode will cause all items in this class to be deleted.

Because of this, an error is returned when you attempt to add or read an item in the keychain with this level of accessControl. If we see this error, the passcodeStatus returns as LNPasscodeStatusDisabled.If we can successfully read or write to the keychain with this level of accessControl then we return LNPasscodeStatusEnabled.

If the device is unsupported or an unrelated error with the keychain is returned, we return LNPasscodeStatusUnknown.


I'm not aware of any way of getting this information directly, however I think you can probably achieve the result you are after by using side-effects of Apple's support for disk encryption. See Protecting Data Using On-Disk Encryption for details.

However this is a hack rather than designed behaviour, and there are some corner-cases it won't be aware of. I'd recommend making this feature something that's explicitly under the control of the user rather than something you enable with heuristics.


matomo