How to Prevent IOS Apps From Stealing Your Apple ID Password
iOS: Security researcher Felix Krause kills him this month if “it” means iPhone users feel safe. We recently looked at two of his security warnings: if you give the app permission to use your camera, it can also track your location and even secretly take photos and videos . He now points out that if you’re not careful, any app can easily steal your Apple ID .
The problem, Krause says, is that any app can easily mimic Apple’s password dialog. (He even created a proof of concept.) And if you use an iPhone or iPad, you know that Apple asks for your password almost all the time. In this way, you become immune to it, so whenever you are asked, you simply inject it. The app can simply lash out asking for a fake password, for example:
There is an easy way to avoid this, but you must remember it whenever your phone asks for a password: press the Home button to close the application. If the application closes and the password prompt disappears, then it is a fake. If the password pop-up is valid from Apple, it will remain on the screen until you click Sign In or Cancel .
If you’ve turned on two-factor authentication for your Apple ID, you’re still safer. But it is still very dangerous to give out your password, especially if you have used it again or if there is a danger that someone with your password will gain physical access to your device.
This phishing attack is one of the things Apple’s app store should ignore. But Krause notes that many apps have previously bypassed bad behavior, and even lists ways in which apps could hide this attack from Apple. He believes that Apple owes its customers a better design that clearly distinguishes real password requests from fake ones. Until then, users must remain vigilant.