Frustration with Apple's Privacy

[CalMin]

Just ranting about why Apple hasn't seen fit to put a separate lock on things like notes, journal, hidden apps (iOS 18) etc..

I sometimes let family members use my phone (e.g. if the kids want to watch YouTube or something like that) and I give their parents the PIN code in case it locks. These are trusted family members, but sometimes I want to keep things private. Even from my wife (e.g. a list of ideas for her birthday or something like that.) Its frustrates me that things like locked notes and journal entries aren't behind a different PIN code because, well, I'd like to keep somethings private. It's such an obvious thing to offer and I don't why it's missing.

An extra layer of safety could be to hide those apps, but having tried the iPadOS 18 beta, I see that those apps are hidden with the SAME DAMN PIN code that unlocks the phone.

Sure I trust family members not to snoop, but sometimes it's just easier to give them the PIN and not have to watch over their shoulder. Especially when kids are involved.

 

[russell_314]

Phones are single user devices. Only the user should have the PIN so everything is protected. It’s more than just journals. If you give someone your PIN they have full access to your Apple account to the point where they can change the password and lock you out.


I would like to see an option for a guest account just like we have on macOS or Windows though. This way you could hand your phone to someone and all your data is secure.

 

[ManuCH]

I agree with that and had the very same thought. No clue why they wouldn't implement that. While I don't hand my phone to anyone, plenty of people do, and it would make a lot of sense to have that feature.

 

[hg.wells]

You do have the ability with notes to either lock a note with your iPhone passcode or a separate password.

 

[one more]

In iOS 18 you can require FaceID/Touch ID for opening individual apps, say Photos, Gmail, Insta, you name them.

You can also protect your Apple notes with a separate password, as mentioned in the post above.

 

[eoblaed]

It’s more than just journals. If you give someone your PIN they have full access to your Apple account to the point where they can change the password and lock you out.

They would also need your iCloud credentials to accomplish these things.

 

[CalMin]

You do have the ability with notes to either lock a note with your iPhone passcode or a separate password.

I didn't know that. At least notes can be protected - I'll have to learn how to do that - it wasn't obvious to me.

I was thinking that the iOS hidden apps folder might also be a way to keep banking and other things private when someone has my phone. I think it's silly to put it behind the same PIN as the phone. I'll send feedback to Apple.

 

[russell_314]

They would also need your iCloud credentials to accomplish these things.

Not unless you turn on stolen device protection. If someone has your iPhone and PIN they have full control of your Apple account to include the ability to reset the password to a new one they choose.

 

[addamas]

What about Guided Access?

How to Limit What a Toddler Can Do When You Hand Over Your iPhone or iPad

If you've ever handed your iPhone or iPad to a baby or toddler to entertain them while you do something else, you'll probably know just how...

www.macrumors.com

 

[hg.wells]

I didn't know that. At least notes can be protected - I'll have to learn how to do that - it wasn't obvious to me.

I was thinking that the iOS hidden apps folder might also be a way to keep banking and other things private when someone has my phone. I think it's silly to put it behind the same PIN as the phone. I'll send feedback

When you’re looking at your list of notes hold your finger on one and select “lock note”

 

[eoblaed]

Not unless you turn on stolen device protection. If someone has your iPhone and PIN they have full control of your Apple account to include the ability to reset the password to a new one they choose.

Someone with your phone pin can't do anything to your iCloud account, regardless of the setting for Stolen Device Protection. They need your iCloud credentials to do that. They can't even turn off Find My without your iCloud credentials. Yes, someone with your pin can access most things on your phone, but they can't change your iCloud password, turn off Find My, wipe your phone, etc.

 

[TgeekB]

Handing over your smartphone for others to use as they want is akin to handing them your wallet and credit cards. The iPhone is not a toy and, as you stated, contains information you may not want others to have access to. I don’t think it is Apples priority to protect individual aspects of its contents. They have done a very good job of protecting its entirety.

 

[WarmWinterHat]

Someone with your phone pin can't do anything to your iCloud account, regardless of the setting for Stolen Device Protection. They need your iCloud credentials to do that. They can't even turn off Find My without your iCloud credentials. Yes, someone with your pin can access most things on your phone, but they can't change your iCloud password, turn off Find My, wipe your phone, etc.

That's the reason I refuse to use Apple's password-storing options. I don't want my entire digital life accessible with my face or iPhone pin, and if you have your Apple account password stored in the Passwords app, you're toast.

Apple really, really, needs to allow the user to set individual pins or passwords, separate from their iPhone and Apple passcodes, under certain situations and settings.

 

[eoblaed]

if you have your Apple account password stored in the Passwords app, you're toast.

I use the keychain/password generation/storage as a way to defend against data breaches. It greatly reduces the blast radius if one of my hundreds (thousands?) of passwords gets exposed somewhere.

That said, my iCloud credentials are one thing I do not store there. Strictly in my head.

 

[Paddle1]

Someone with your phone pin can't do anything to your iCloud account, regardless of the setting for Stolen Device Protection. They need your iCloud credentials to do that. They can't even turn off Find My without your iCloud credentials. Yes, someone with your pin can access most things on your phone, but they can't change your iCloud password, turn off Find My, wipe your phone, etc.

Are you sure about that? https://www.macrumors.com/2023/02/24/iphone-stolen-passcodes-report/

 

[addamas]

Are you sure about that? https://www.macrumors.com/2023/02/24/iphone-stolen-passcodes-report/

It’s old story. Finally they patched it… with mentioned Stolen Device Protection
Edit: actually I hope it’s fully patched, was playing around and not found anything exploitable, can be wrong

Blocking some settings via Screen Time is also rock solid now - no longer can use stolen device passcode to reset iCloud password… which was hilarious security breach Apple never told it was -.- “that’s normal feature part” got as response to security.apple.com report and few months later they fixed it silently

 

[eoblaed]

Are you sure about that? https://www.macrumors.com/2023/02/24/iphone-stolen-passcodes-report/

I'm unable to enter the Sign In & Security section of iCloud settings (where you need to go to change that pw) on my own phone without be challenged for my iCloud password.

 

[Paddle1]

I'm unable to enter the Sign In & Security section of iCloud settings (where you need to go to change that pw) on my own phone without be challenged for my iCloud password.

Interesting. And you're on iOS 18? On iOS 17 all I need is the passcode.

 

[eoblaed]

Interesting. And you're on iOS 18? On iOS 17 all I need is the passcode.

I am on 18.1, yes.

 

[CharlesShaw]

I am on 18.1, yes.

Without the ability to reset your Apple ID password using your passcode on a trusted device, how would you reset it if you forgot it? I'm guessing that was the reasoning behind the controversial option in the first place.

 

[eoblaed]

Without the ability to reset your Apple ID password using your passcode on a trusted device, how would you reset it if you forgot it? I'm guessing that was the reasoning behind the controversial option in the first place.

Perhaps. I repeatedly tell my family members that their Apple ID password is one of the single most important passwords they need to commit to memory. I say this every time they have to log into their Apple ID account for some reason and declare "I don't know my password".

 

[twintin]

Perhaps. I repeatedly tell my family members that their Apple ID password is one of the single most important passwords they need to commit to memory. I say this every time they have to log into their Apple ID account for some reason and declare "I don't know my password".

That may work as long as you are young and healthy. But that does not last forever, so what do you do when you get older (with age we loose our memory too) or if you get an illness that affect your memory ?

 

[dallastigers]

That may work as long as you are young and healthy. But that does not last forever, so what do you do when you get older (with age we loose our memory too) or if you get an illness that affect your memory ?

What is Apple’s recommendation for storing main ID password? Though there are some logins within System using the ID with no prompt for picking a stored password or to store it afterwards there are others where the main password can be used from the stored location and also prompted to save it (like using browser to access account online and maybe the feedback app).

The logins that don’t allow direct access to a stored password will still allow the password to be copied and pasted into the password box instead of forcing it to be typed in manually which can lead one to assume Apple is ok with storing it somewhere on device that either uses their built in security or a 3rd party’s. If stolen password not turned on I think anyone with the phone’s passcode can access the stored passwords (just going by the “learn more” that mentions turning feature on then requires only touch/Face ID to access passwords).

It does seem like having some additional security over main password would be helpful. That could be broken or guessed, but if restricted to only be used to view or copy the main password it’s limited use would allow for some additional security steps while not being inconvenient for regular usage.

 

[eoblaed]

That may work as long as you are young and healthy. But that does not last forever, so what do you do when you get older (with age we loose our memory too) or if you get an illness that affect your memory ?

I use the term 'remember' loosely. The reality is that recent years/decades have seen us depend more and more on online/digital services that have to be secured. Among those are at least a few whose blast radius if you don't remember your credentials is huge. Your iCloud/Apple ID is one of those.

Whatever solution works for a person is great, they just need to know they really have to have access to that one, even if only occasionally.

 

[MaxBurn]

The absolute biggest complaint I have with ipad is it is not a multi user device.