International Investigative Group · Licensed Private Investigators

User Beware: You Might Be Sharing Your Apple ID Password

Be very cautious when the “Sign In to iTunes Store” prompt pops up on your iPhone or iPad. Learn why.

Developer Feliz Krause explains that iOS apps can easily mimic authentic Apple prompts, which in turn, could trick you into giving away your password.

iOS devices commonly ask for user’s for their iTunes passwords. This includes recently installed system updates and new app installations.

These prompts can be recreated inside other apps by third party developers and abused to steal your password.

Showing a dialog that looks just like a system popup is super easy, there is no magic or secret code involved, it's literally the examples provided in the Apple docs, with a custom text.

Krause shares a few tips to try and help you determine if the prompt is real or not:

  • Hit the home button, and see if the app quits:
    • If it closes the app, and with it the dialog, then this was a phishing attack
    • If the dialog and the app are still visible, then it's a system dialog. The reason for that is that the system dialogs run on a different process, and not as part of any iOS app.
  • Don't enter your credentials into a popup, instead, dismiss it, and open the Settings app manually. This is the same concept, like you should never click on links on emails, but instead open the website manually
  • If you hit the Cancel button on a dialog, the app still gets access to the content of the password field. Even after entering the first characters, the app probably already has your password.
    computer forensics
    iphone forensics
    ios forensics
    ios flaws
    iphone hack
    stolen password
    protect your iphone

Ready to open a case?

Contact us for a professional consultation. We are confident we can assist you with a variety of our investigative support services.

Contact Us 800-766-2779

How may we be of service?

P: +1 800 766-2779

Give us a call or drop us a line anytime. We endeavor to answer all inquiries within 24 hours on business days.

We are available 24/7, 365 days a year.