Q: App asks for Apple-ID password; Is that legitimate?
The app "App for WhatsApp One" for iPad asks for the apple-id password on startup. This seems rather problematic to me; By disclosing that password to an app I am basically trusting them not to abuse it to hijack my account, which seems to be asking a bit much. Is this even possibly legitimate?
I assume that it is meant to simplify access to WhatsApp Web for the app and user, allowing some kind of authentication communication between WhatsApp on an iPhone and the third-party client on the iPad, but given that I was planning to use it with an Android phone, it simply makes no sense to provide my Apple-ID password.
So I was wondering if there is any way to verify if a password popup is displayed by an app (disclosing sensitive user credentials to a developer) or by the system (only giving the app some restricted access token).
Most services explicitly state that you are obligated to keep your password secret from anyone but yourself, so being asked for my apple ID – not with the normal prompt as used by in-app purchases, because then it would default to Touch ID – seems pretty unsafe.
Related: http://www.cultofmac.com/263390/app-stores-dirty-secret-apps-can-ask-apple-id-lo gin/
iPad Air, iOS 10.0.2
Posted on Oct 21, 2016 11:12 AM