Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Wenzai

macrumors newbie
Original poster
Oct 31, 2016
3
0
Good day everyone!


I'm going to assume Apple has it all encrypted, but I'd still like to ask. I take my security seriously: apps from trusted sources, never touch one of those money grabbing AV apps, software updates installed.

But being new, there are thing I can't find being spelled out so I need to ask.

Apps that use Apple password when logging in, either when downloading (App Store) or always runnings (iMessages, FaceTime, iCloud): is there protocol how to behave. When logging into App Store - do I need to have browsers closed and emptied from cookies so nothing could steal data from my Mac?

Or if I'm logged into different sites, surfing in web and other programs using Apple Id (like iMessages, FaceTime, iCloud) connect to net - could this connection be hacked from those sites I'm browsing and my apple password or any data from inside Mac be stolen?

Logic dictates that it should not be possible as people do surf around while using iCloud and iMessages at the same time... I assume?


Sincerely,
Wenzai
 
I do not think anyone can give you an assuring, comprehensive answer. I happen to know that services like iMessage, iCloud and FaceTime use encrypted keychain items with restricted access to store your Apple ID credentials. These services use random tokens instead of your Apple ID password to connect to Apple’s servers. You can use these services securely, no other program should be able to access this information. I don’t know if Apple uses this across the board, however, such as the App Store or iTunes.

It is true that any unsandboxed program could read your Safari cookies and extract information. If this concerns you, then you should think about storing passwords either in Safari’s keychain or a password manager like 1Password and then stop using cookies for storing account-related data or disable cookies altogether.
 
Last edited:
  • Like
Reactions: Wenzai
Thank you for answering!

I do not think anyone can give you an assuring, comprehensive answer. I happen to know that services like iMessage, iCloud and FaceTime use encrypted keychain items with restricted access to store your Apple ID credentials. These services use random tokens instead of your Apple ID password to connect to Apple’s servers. You can use these services securely, no other program should be able to access this information. I don’t know if Apple uses this across the board, however, such as the App Store or iTunes.


This puts me at ease. I'm grateful. The part about random tokens was very interesting tidbit. Thank you for adding that.


It is true that any unsandboxed program could read your Safari cookies and extract information. If this concerns you, then you should think about storing passwords either in Safari’s keychain or a password manager like 1Password and then stop using cookies for storing account-related data or disable cookies altogether.


I don't really worry about information in Browser as I always clean up my cookies after each session an never save passwords in browsers.
My main concern was regarding loosing data from the Apps that use Apple Password. As long as iMessage, iCloud and FaecTime are safe (not leaving holes while connecting to Apple servers - I was afraid this could potentially cost me Apple Password and perhaps allow unsavory individuals chance to peek inside of my Mac too, get Mac password itself - I know, I think too much), I don't feel worried.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.