Be very cautious when the “Sign In to iTunes Store” prompt pops up on your iPhone or iPad. Learn why.
Developer Feliz Krause explains that iOS apps can easily mimic authentic Apple prompts, which in turn, could trick you into giving away your password.
iOS devices commonly ask for user’s for their iTunes passwords. This includes recently installed system updates and new app installations.These prompts can be recreated inside other apps by third party developers and abused to steal your password.
Showing a dialog that looks just like a system popup is super easy, there is no magic or secret code involved, it's literally the examples provided in the Apple docs, with a custom text.
Krause shares a few tips to try and help you determine if the prompt is real or not:
- Hit the home button, and see if the app quits:
- If it closes the app, and with it the dialog, then this was a phishing attack
- If the dialog and the app are still visible, then it's a system dialog. The reason for that is that the system dialogs run on a different process, and not as part of any iOS app.
- Don't enter your credentials into a popup, instead, dismiss it, and open the Settings app manually. This is the same concept, like you should never click on links on emails, but instead open the website manually
- If you hit the Cancel button on a dialog, the app still gets access to the content of the password field. Even after entering the first characters, the app probably already has your password.