User profile for user: HercMu11
HercMu11 Author
User level: Level 1
8 points

An iPhone App is asking for my screen lock password - is it is a system interface or is it an impersonation?

I've used iPhones for years and no App has ever asked for my screen lock password. Now a Hong Kong government App (soon to be in mandatory use by nearly everyone) is asking, and while it visually looks like the screen lock interface, it seems more like it is a within-app, non-iOS interface.


SO: Is the Hong Kong government using this App to collect iPhone login credentials?


Related thread: https://discussions.apple.com/thread/252315344


Related authentication abuse: the Zoom installer that mimicked MacOS' administrative password request:

  1. https://www.theverge.com/2020/4/2/21204648/zoom-macos-installer-update-privacy-security-concerns
  2. https://www.digitaltrends.com/computing/zoom-mac-one-click-installer-gone/
  3. https://9to5mac.com/2020/04/02/zoom-fixes-malware-like-macos-installer/


Posted on Jun 22, 2021 7:46 PM

Reply

Similar questions

7 replies
User profile for user: TheLittles
TheLittles
User level: Level 10
203,085 points

Jun 22, 2021 11:50 PM in response to HercMu11

HercMu11 Said:

"An iPhone App is asking for my screen lock password - is it is a system interface or is it an impersonation?: [...]I asked Apple support and the rep said: 'This looks like the normal passcode screen, but it's not exactly like it. Weird if the developer made it look the same.' Reporting it as a security vulnerability."

-------


👍


Consider Contacting the Developer too:

Thanks for doing your part in reporting this. It will help many for certain. I'm sure it will be looked into by Apple. Contacting the developer would be a great idea aswell. Perhaps it is a bug, on their end? Here is an example of finding a developer's contact info in the App Store. It would look like this on the right-right of the screen, scrolling down a little bit. I have highlighted what to click: Support

Screenshot:

Reply
User profile for user: TheLittles
TheLittles
User level: Level 10
203,085 points

Jun 22, 2021 8:42 PM in response to HercMu11

HercMu11 Said:

"An iPhone App is asking for my screen lock password - is it is a system interface or is it an impersonation?: [...]I've used iPhones for years and no App has ever asked for my screen lock password. Now a Hong Kong government App (soon to be in mandatory use by nearly everyone) is asking, and while it visually looks like the screen lock interface, it seems more like it is a within-app, non-iOS interface.[...]"

-------


Contacting Local Government:

Report this to you local government, and ask them to verify if this is official. If you know someone in the movement (i.e. a counsellor), have them look into this app. I would keep off of it, until local government verifies of this app. Though, all assumptions on my part.

Reply
User profile for user: TheLittles
TheLittles
User level: Level 10
203,085 points

Jun 22, 2021 9:32 PM in response to HercMu11

HercMu11 Said:

"The App is from the Hong Kong government. The question is not whether the Hong Kong government (the developer) is trustworthy* but whether entering the screen lock passcode gives it to the government. *debatable"

-------


Ask the Developer:

If this is found in the App Store, then view the developer, and see who it is. Contact them from the site of the App.

Reply
User profile for user: TheLittles
TheLittles
User level: Level 10
203,085 points

Jun 22, 2021 9:30 PM in response to HercMu11

HercMu11 Said:

"The App is from the Hong Kong government. The question is not whether the Hong Kong government (the developer) is trustworthy* but whether entering the screen lock passcode gives it to the government. *debatable"

-------


Ask Apple Support:

It is an app that Apple licenses with its Developer. So, ask Apple, when it comes to licensing concerns. They'd have the answer upfront.

Reply
User profile for user: HercMu11
HercMu11 Author
User level: Level 1
8 points

Jun 22, 2021 11:41 PM in response to TheLittles

Hello from Dystopia.


If the developer is trying to steal user credentials, they're not going to admit it.


One of the developer's contractors also just leaked emails from 400 users who were asking them similar questions - this followed up by the developer threatening to criminally prosecute app users, based in part on the contents of those emails: https://news.rthk.hk/rthk/en/component/k2/1595706-20210613.htm

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

An iPhone App is asking for my screen lock password - is it is a system interface or is it an impersonation?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up