Can iOS app bypass/skip the device passcode window if it knows the passcode

Question

To perform some important actions on iOS it's required to enter the device passcode, for example adding a VPN profile or installing custom settings config (new feature in iOS 14).

I wonder, is it possible for an app to do such actions bypassing/skipping the device passcode prompt window if it already knows the device passcode somehow. In other words, can an app enter the device passcode in the background without the user noticing it. Generally speaking, is it possible for a potentially malicious app to do bigger harm if it knows the device's passcode? Thanks!

BTW I asked a similar question for macOS here and it seems that for macOS it's true.

Answer 1

The answer is actually quite similar as for macOS:

The intention of the system is (ofcourse) that apps are not allowed to bypass/skip these passcode prompt windows, and they're not able to "just" put in a code if they happen to know.

Similarly on recent macOS versions, apps cannot "just" interact with controls in windows they have not shown themselves. You can however give apps permissions to do so (for example an app that enables you to create macros of actions within other programs would be a good example of when you actually want to allow this behavior).

However - as your question on macOS centered around malware, the same is true for malware on iOS - if the app does not "follow the rules" and intentionally exploit weaknesses in the operating system's implementation, it is theoretically possible for apps to bypass/skip these prompts if it knows the passcode itself. It isn't really "theoretical" as in "can't really be done in practice", but more like "it will be a bother to do".