Rather than build a passcode directly into my app and potentially require the user to enter a passcode twice (once for the device and again for my app); I thought I might out-clever myself and do something along the lines of:
if (device has passcode)
continue into my app
else
make user enter my app passcode
I don't want to set the device passcode, I don't want to force a screen lock, not encrypting anything - all I really want is an API just to detect if a device passcode is in effect. Something like:
BOOL notReally = [UIDevice isUserSlightlyMoreSecureBecauseTheySetDeviceLockOn];
or maybe if I'm feeling lucky:
BOOL isPasscodeEnabled = [UIDevice isPasscodeEnabled];
BOOL isSimplePasscode = [UIDevice isSimplePasscode];
NSInteger minutes = [UIDevice requirePasscodeAfter];
I'm guessing not based on this question (but is a few years old) "programmatically check for iPhone's Passcode in settings bundle" or this might be the answer; "Lock Unlock events iphone" which isn't exactly what I want but might work "after the fact".
As of iOS 9, you can achieve this using the LocalAuthentication.framework. If targeting iOS 9+ read the comments here or look at this answer.
If you still need to target iOS 8 then continue reading :)
Starting in iOS8, you can!
I've put together a simple category to easily check the status: https://github.com/liamnichols/UIDevice-PasscodeStatus
This category works by using the new accessControl features added to the Security.Framework in iOS 8.
It attempts to add an item to the keychain using the kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly protection level.
The documentation states the following:
Item data can only be accessed while the device is unlocked. This class is only available if a passcode is set on the device. This is recommended for items that only need to be accessible while the application is in the foreground. Items with this attribute will never migrate to a new device, so after a backup is restored to a new device, these items will be missing. No items can be stored in this class on devices without a passcode. Disabling the device passcode will cause all items in this class to be deleted.
Because of this, an error is returned when you attempt to add or read an item in the keychain with this level of accessControl. If we see this error, the passcodeStatus returns as LNPasscodeStatusDisabled.
If we can successfully read or write to the keychain with this level of accessControl then we return LNPasscodeStatusEnabled.
If the device is unsupported or an unrelated error with the keychain is returned, we return LNPasscodeStatusUnknown.