Strange passcode dialog: feature or malware?

AllycatCA wrote:

I posted on 4/1/16 that I had called AppleCare and was told that this passcode change requirement message was prompted by Apple's software (s/w) and that it wasn't malware. I have seen some posts since in which people express concern or that they were told the message was fraudulent, so I re-called AppleCare to confirm. The rep (Mike) knew about the issue immediately and gave a great explanation. He said that the message is in the phones's s/w for corporate phone management purposes. This message can be activated by a company's system administrator when the company has issued phones to its employees and wants the employees to change their passcodes on a periodic basis to aid in the security of corporate devices. For some reason this message is occasionally activated by personally owned phones. He said to ignore it and not to be concerned - it isn't malware. Hope this helps!

Lawrence Finch wrote:

Okay, you need the long explanation. What I posted is correct with respect to your post. Here's the details:

• Apple is a very big company, with hundreds of thousands of employees
• A small group among those hundreds of thousands have the task of managing and moderating ... They are called "hosts" ... Hosts are not engineers.

Anyone else NOT OK with what Lawrence Finch wrote? (Note: edited down for conciseness)

It is not OK that Apple, who is still making Billions of dollars each quarter, even after paying their hundreds of thousands of employees, cannot afford to hire some technical support engineers to respond and look into issues brought up on the forums. I'm sure i'm not the only one who's almost completely stopped clicking into these pages when looking up the answer to a tech problem, as it's incredibly rare to find any solid answer on these pages. These community posts are always just a bunch of frustrated users reporting that they, too, are running into the issue mentioned, and ending with no resolution post.

I included AllycatCA's response because it was informative, thank you for the follow-up AllycatCA! I would also like to remind everyone to take what AppleCare, or ANY support person from ANY company tells you with a grain of salt. For uncommon or new issues they are all too OK giving guesses as answers, but doing some with confidence. Most companies have an internal knowledgebase as well so even if they give the same answer it could just be read off the screen, that's why it was so useful that AllycatCA was able to get some additional info from the rep.

I am the IT Director for my company, with some good experience in IT security. I, too, received the message mentioned in this thread and instantly knew something was wrong. There's no way Apple would (or rather should) require a passcode change with just a 60 minute turnaround time, it's none of their business how we secure our phones from physical access attempts. My company doesn't use MDM for enterprise device management, but I do have an Exchange email set up on the phone. I knew it wasn't a non-Apple app initiating the dialog because I was outside all apps on my homescreen, so at that point if it's being generated from a background non-Apple app I knew it would be a MUCH bigger issue. My worry was that whatever app generated the dialog would also be able to generate realistic looking passcode change screen allowing it to save the passcode as well as potentially using the info entered to change the passcode on the system. Thankfully AllycatCA's response puts much of that fear to bed, it seems clear that there is in fact a bug that accidentally called that dialog box.

What I did when the window popped up was to first hit "Later" as there was no way I was going to click through on a message like that. I did not have Safari or Mail open, just Chrome, Downcast, a popular game and maybe one additional app. I was getting into the car to go get some food at the time. By the time I got to my destination (about 10-15 minutes) I opened up my phone and the message was there again and the time had decremented. It was at this point that I closed the dialog by hitting "Later" again, closed all of my apps and hard reset the phone (holding home button and power button for 6 seconds). When the phone finished restarting the dialog was back, again! As I was in the car I just hit "Later" once more and figured I could look it up when I got home with my food. The dialog never returned.

Here's my non-Apple engineer guess: the phone may have been interrupted in the middle of doing a network call to complete a system function (IE: check for updates, WiFi sync, etc.). I know when I was getting in the car Downcast was trying to refresh my podcast feed from my distant WiFi connection so I disabled WiFi. I don't know why the dialog didn't return later even though it was able to return after a hard reset with no apps running. It may have just been re-generated after the restart, but before it connected to Cellular data, and once I connected to cellular data correctly it might have fixed the issue, or it might have had something to do with getting back home and reconnecting to WiFi, but that's just a guess. I didn't take any of the steps mentioned in this thread. I do not have a Profiles or Device Management screen available in my General Settings, nor did I do anything with my Exchange account. It has been over 5 hours since the issue occurred.

TL;DR: Apple needs tech support on these forums. I had the same issue and just closed all apps and restarted to fix, nothing else.

OK. I had this pop up and it really perplexed me. Luckily I followed the path to the profiles... about two months ago I signed up to drive with uber. But i never drove. They have you download an application which is an enterprise account. This was the profile forcing me to change my passcode.

Hi from Germany,

I just had this happen to me and was extremely worried, because I couldn't imagine that this came from Apple. First thank you to everyone who postet here, hearing that it's more likely a bug than something harmful was good news for me.

The first thing I did after hitting "later" and putting my phone on airplane mode was to close all apps and delete all Safari data and doing a hard reset. Didn't help, message still showed up with the time getting lower. I hit "later" again and turned my phone off to find information about this issue. There was no "Profil" setting but I know that my university wants me to install new certificate from time to time in order to use their wifi. But having almost no experience with this kind of technology nor with IT security I thought about resetting my phone completely and hoping that it will fix the problem. But reading in this thread that it could have something to do with mail accounts and as it seems especially with google mail accounts I tried one thing first and that was to delete my mail account. The message didn't come back even after putting my phone on standby and then opening it again several times. I'm not sure if this really solved the problem or if it's still saver to do a complete reset of my phone? Any suggestions?

Thanks for the help again!

Same thing is happening to me! ...almost three years after the original post. What is Apple doing to address this??

Apple isn't doing anything to address this. The phone is working as designed. You can read the rest of the messages in the thread for an explanation of why this occurs and when it occurs.

Hey there! So this Mike seemed pretty sure? Because I spoke to some senior Apple Care guy and he had never heard about it. Just wish I could relax about this issue and not have the feeling all the time I have got some messed up malware on my phone.

Thanks in advance!

this happened to me also on my iPad. I pressed continue and changed my passcode. Once I locked my iPad I couldn't get back in. I thought it was Malware or something but I had to restore my iPad using a computer.

any thoughts?

I am on 9.3.3. The "Passcode change requirement" message just started happening this morning, and following someone's advice, I went in to Settings>General>Device Management and removed a VPN and an Enterprise App (SmartPanel) that I was no longer using. The notifications went away! I think it was the enterprise app that was trying to get me to change my passcode, and it was not malware.

Hi, Idunno182 - Yes, the rep seemed sure - he seemed confident and knowledgable. He allayed my concerns fully.

Even stranger: I had passcode with 6 digits, but it asked: "Enter your four digit passcode!!". I temporarily changed my passcode (to access the phone at least), then I cleared safari data, then changed passcode back from Settings app. I had turned off the Internet from the iPhone. Now I have first item in Settings app: "Follow ups", whose description says: "Enter your passcode in settings while connected to the Internet.!!!!" What on earth needs the Internet to change the passcode??

You shouldn't have to have an Internet connection to change your passcode. There is something very strange going on here.