User profile for user: vin12
vin12 Author
User level: Level 1
22 points

serious security issue with background app refresh (i5 - ios9.2)

Just found out that my iphone 5 (ios 9.2) does not listen to background app refresh settings at phone level or individual app level.


In my case, "Whatsapp" application is able to bypass this setting (which is set to restrict at phone level or app level) but it is still able to download messages as long as the phone is attached to wifi


Please note: this is not a bug of whats app - it is a bug in with ios 9.2 - which I can confirm with my phone and tested.


I really hope apple engineers are aware of this and putting a fix through as early as possible.


Another downside of this is, it drains batter at least 30-40% more in a day!

iPhone 5, iOS 9.2

Posted on Jan 6, 2016 3:01 AM

Reply
52 replies
User profile for user: IdrisSeabright
IdrisSeabright
Community+ 2026
User level: Level 10
190,227 points

Jan 6, 2016 11:31 AM in response to vin12

vin12 wrote:




Why is the above not a 'reality' anymore when it was possible in iOS 7.x?... This is where the security issue starts..hope you guys are getting what I mean now..

Because we're two major versions of iOS later and who knows how many of Whatsapp. Things change. And no, it doesn't explain why this is a security issue.


If you feel that Whatsapp is not working in a way the you approve of, I agree with Tim, delete it. I'm more than willing to believe that Whatsapp doesn't take your security seriously.

Reply
User profile for user: Lawrence Finch
Lawrence Finch
Community+ 2026
User level: Level 10
231,344 points

Jan 6, 2016 11:40 AM in response to vin12

vin12 wrote:


If any 'content' is arriving on a device without the permission/consent of its user or owner - it is a security issue. No more arguments and I know what I am talking about. Period.

WRONG. You are the owner of your phone. Only you have access to it. So whatever data arrives on your phone is totally under your control. If your phone was SENDING data without your knowledge that would be a security issue. When you receive a letter in the mail that you did not expect, is that a security issue?

Reply
User profile for user: IdrisSeabright
IdrisSeabright
Community+ 2026
User level: Level 10
190,227 points

Jan 6, 2016 11:46 AM in response to Lawrence Finch

Lawrence Finch wrote:

When you receive a letter in the mail that you did not expect, is that a security issue?

Given a much larger group of people seem uncomfortable with the notion of their name, address and landline number being publicly listed (remember when that was just normal?), I'd guess that there are people who don't deal well with getting mail they don't expect.

Reply
User profile for user: vin12
vin12 Author
User level: Level 1
22 points

Jan 6, 2016 3:09 PM in response to vin12

Unless someone sends me a document or link that states push notification and background app refresh works differently in iOS 9.x -

I'm happy to assume that I have wasted my time reading/responding to 2 pages of useless and clueless 'replies' ( I am sorry to say this).


Please understand - a bug in any system is normal, especially with different hardware builds.

Apple is no different. Learn to accept it. if not, time will prove it.


Now peace.

Reply
User profile for user: vin12
vin12 Author
User level: Level 1
22 points

Jan 7, 2016 5:46 AM in response to Kilgore-Trout

I want my device the way I want it to work and it should work.

Which also means, I do not want my device (running iOS) allowing an application to communicate to internet and download content without my permission.

It means "any app" can do that - it doesn't matter whether the app in question is Whatsapp.


The communication may be outside of APN(push notification) or direct internet access - who cares? this is where the security issue lies.

It is a pity to see responses asking me to delete whatsapp!!!

This is what you call arrogance personified on a public forum! hahahaa 🙂

Reply
User profile for user: IdrisSeabright
IdrisSeabright
Community+ 2026
User level: Level 10
190,227 points

Jan 7, 2016 6:33 AM in response to vin12

vin12 wrote:


this is where the security issue lies.

It is a pity to see responses asking me to delete whatsapp!!!

You still haven't explained why this is a security issue.


Regardless of how much you stamp your feet and holler, the phone does not work the way it does in your fantasy. You can either take steps to deal with it (delete Whatsapp) or live with it. Or buy one of those ultra-secure Android phones. This is not us being arrogant. This is us pointing out the options available at this time. Arrogance is thinking that, just because you want something, the rest of the world is obligated to make sure you get it. Sorry.

Reply
User profile for user: vin12
vin12 Author
User level: Level 1
22 points

Jan 7, 2016 7:27 AM in response to vin12

Ah I get it now.


If a device communicates to the internet without a users permission to download any content - it is NOT a security breach.

It doesn't have to be a android device either...lol !!


Imparting knowledge and education...via these forums

By the way - I really feel amazed by the 'points systems' 🙂

Reply
User profile for user: ChrisJ4203
ChrisJ4203
User level: Level 10
236,363 points

Jan 7, 2016 8:47 AM in response to vin12

Your voluntary downloading and installation of WhatsApp, including not making any changes to the settings of the app, or denying access to the internet by turning off cellular data access to the application is you de facto granting the app permission to, as you put it, download content. So you are creating your own security issue. I suggest you modify the settings in the app and/or phone to prevent its access. And as much as you want to say it, Background App Refresh is not what you need to change.

Reply
User profile for user: vin12
vin12 Author
User level: Level 1
22 points

Jan 7, 2016 9:58 AM in response to ChrisJ4203

Please understand - I have been trying to tell this forum for the past 24+ hrs... and this is possibly the simplest way to put it to satisfy the curious and clueless minds here.


Whatever settings I play ON or OFF with my phone - whatsapp is still able to download messages as long as there is a wifi signal and phone is attached to.


This 'application' does not have to be in the memory.


If whatsapp can do it - any app can do it - that is why it is a security issue.

i.e Any app can download any content and make your phone vulnerable and even make it shine with its tits up.


Guys - how many still think it is NOT a security issue??


At least do you understand how serious this issue is?


Heaven forbid the attitude and response from this thread.. Who cares?

Reply
User profile for user: rockmyplimsoul
rockmyplimsoul
User level: Level 6
11,161 points

Jan 7, 2016 10:25 AM in response to vin12

vin12 wrote:


Guys - how many still think it is NOT a security issue??

I don't. Any incoming data is data that you have authorized by installing the app which supports push notifications. That data is YOUR data since you accepted the terms of the app and what it does. If those terms aren't suitable to you, delete the app or put your device into Airplane mode for times that you don't want this data sent to you, simple as that.


A security issue would be unsolicited data being pushed onto your device. But by installing an app that supports push, the data is no longer unsolicited.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

serious security issue with background app refresh (i5 - ios9.2)

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up