User profile for user: Billysugger
Billysugger Author
User level: Level 1
8 points

Should I enter my Apple ID and password?

My iPhone has begun repeatedly asking me to enter my Apple ID and password. There is no indication which app is making this request and for what purpose. As an engineer who writes software, I am aware of the risk that this may not be a legitimate request, and that entering my credentials to an app, site or service I don’t trust could compromise the security of my identity and my data.


How should I check that a request to give sensitive security details, such as my Apple ID and password is genuine, legitimate and safe?

Posted on Feb 10, 2018 10:43 AM

Reply
Question marked as Top-ranking reply
User profile for user: Phil0124
Phil0124
User level: Level 10
217,376 points

Posted on Feb 11, 2018 1:29 PM

Only the core iOS system can request a login as such. Apps cannot on their own do that. They'd request the system to generate a login request if they need to such as when verifying in-app purchases or similar. And the login is processed directly by iOS and only a login account token is ever made available to an app. Never the actual credentials.


As long as the login request is a system popup and not a random form on a website or inside an app, you should be fine.

View in context

Similar questions

4 replies
Question marked as Top-ranking reply
User profile for user: Phil0124
Phil0124
User level: Level 10
217,376 points

Feb 11, 2018 1:29 PM in response to Billysugger

Only the core iOS system can request a login as such. Apps cannot on their own do that. They'd request the system to generate a login request if they need to such as when verifying in-app purchases or similar. And the login is processed directly by iOS and only a login account token is ever made available to an app. Never the actual credentials.


As long as the login request is a system popup and not a random form on a website or inside an app, you should be fine.

Reply
User profile for user: Phil0124
Phil0124
User level: Level 10
217,376 points

Feb 11, 2018 1:28 PM in response to Billysugger

Nope. Apps can only generate screens when they are in the foreground. They cannot unilaterally activate a system popup like that if they are not the active App. Only the iOS core can request a login like that without an App running.


Also the likelihood that an App could get through Apple's verification process and onto the App Store with a login request function outside of the system functions is exceedingly slim. It's really difficult to imagine an App unilaterally requesting a login like that, and even more so when its not active.


It was very likely just an attempt to refresh a login token to something similar from the iOS core. Logging out and back in normally refreshes all login tokens so the request would have been satisfied.

Reply
User profile for user: Billysugger
Billysugger Author
User level: Level 1
8 points

Feb 10, 2018 3:00 PM in response to Phil0124

Thanks for that Phil0124. Is there any way an app that does not have focus can present a pop up that looks like a system login request?


As it happens, I signed out of Apple and back in, same for iCloud, and it stopped. But I think random requests for login credentials, without reliable info as to the requesting app or service, is a security weakness when unchallenged.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Should I enter my Apple ID and password?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up