Snyk and Fortify (3rd party security scanning software) scans have flagged our auth code when using evaluatePolicy for LaContext. Our app is an iOS only app.
"Avoid using evaluatePolicy for local user authentication. The API can be hooked and thus the return value can be changed leading to a potential authentication bypass on jailbroken devices. Consider using iOS keychain APIs."
Has anyone encountered this issue in their security scans and we're you able to mediate with the suggested fix using the keychain APIs.
