Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Possible security/privacy hole with new 3D Touch on messages notifications?

lagwagon

lagwagon

Suspended
Original poster
Oct 12, 2014
3,899
2,759
Calgary, Alberta, Canada
The new feature to 3D Touch on a text from someone in the lock screen and jump right into the conversation and reply may have a security & privacy hole.

Are there any Touch ID or any verification checks?

If not anyone could pick up your phone, 3D Touch into a text and read your conversation and reply.
 
  • Like
Reactions: deran tuyner
C

C DM

macrumors Sandy Bridge
Oct 17, 2011
51,392
19,461
Well, how much of a conversation is included from a text notification?

As it is now, in iOS 9, with quick reply, more or less a similar thing is possible by seeing a notification for a message and going to reply to it. There are controls for it all though, like disabling quick reply from lock screen, as well as disabling message previews or lock screen notifications completely of messages (or any particular app).
 
lagwagon

lagwagon

Suspended
Original poster
Oct 12, 2014
3,899
2,759
Calgary, Alberta, Canada
C DM said:
Well, how much of a conversation is included from a text notification?

As it is now, in iOS 9, with quick reply, more or less a similar thing is possible by seeing a notification for a message and going to reply to it. There are controls for it all though, like disabling quick reply from lock screen, as well as disabling message previews or lock screen notifications completely of messages (or any particular app).
Click to expand...

Quick reply in iOS 9 does not show you any conversation. It just lets you reply.

iOS 10 3D Touch pops up your conversation at the top and the keyboard at the bottom to reply and stay in to conversation as long as you want.
 
C

C DM

macrumors Sandy Bridge
Oct 17, 2011
51,392
19,461
lagwagon said:
Quick reply in iOS 9 does not show you any conversation. It just lets you reply.

iOS 10 3D Touch pops up your conversation at the top and the keyboard at the bottom to reply and stay in to conversation as long as you want.
Click to expand...
Well, is it a conversation that was there before the phone was locked and before the latest notification? Or is it just from the latest notification and on?
 
B

boobie12

macrumors 6502
Sep 20, 2012
435
8
lagwagon said:
The new feature to 3D Touch on a text from someone in the lock screen and jump right into the conversation and reply may have a security & privacy hole.

Are there any Touch ID or any verification checks?

If not anyone could pick up your phone, 3D Touch into a text and read your conversation and reply.
Click to expand...
Actually you do have to put your finger over touch I'd so it recognizes you before able to reply to a message. If you don't do this after raise to wake and just 3d touch the message it will ask for your password. I love this feature.
 
  • Like
Reactions: keysofanxiety
M

myname70

macrumors 6502a
May 5, 2014
630
81
Fully agree this is a privacy issue. You can read all messages or WhatsApp conversation from the lock screen. Even you can reply without any verification.
 
lagwagon

lagwagon

Suspended
Original poster
Oct 12, 2014
3,899
2,759
Calgary, Alberta, Canada
boobie12 said:
Actually you do have to put your finger over touch I'd so it recognizes you before able to reply to a message. If you don't do this after raise to wake and just 3d touch the message it will ask for your password. I love this feature.
Click to expand...

Ok thanks, that's what I was wondering about. If it did infact do a verification before popping into the Rich Notification for texts.

I don't have a 3D Touch device in iOS 10 so I couldn't fully test and videos of it in action that I've seen didn't show any prompts for verification before just moving into the new 3D Touch conversation/quick reply.
[doublepost=1466201089][/doublepost]
myname70 said:
Fully agree this is a privacy issue. You can read all messages or WhatsApp conversation from the lock screen. Even you can reply without any verification.
Click to expand...

You can hide the actual message from the lock screen in Notification Settings. The "Show Preview" option and it will only say who the message is from without showing the actual message.

What my OP is about was the new 3D Touch into the conversation to reply without having to unlock the device. (3D Touch pops open two windows. Top is the conversation that includes more than just the most recent message and bottom is the keyboard.)
 
M

myname70

macrumors 6502a
May 5, 2014
630
81
lagwagon said:
Ok thanks, that's what I was wondering about. If it did infact do a verification before popping into the Rich Notification for texts.

I don't have a 3D Touch device in iOS 10 so I couldn't fully test and videos of it in action that I've seen didn't show any prompts for verification before just moving into the new 3D Touch conversation/quick reply.
[doublepost=1466201089][/doublepost]

You can hide the actual message from the lock screen in Notification Settings. The "Show Preview" option and it will only say who the message is from without showing the actual message.

What my OP is about was the new 3D Touch into the conversation to reply without having to unlock the device. (3D Touch pops open two windows. Top is the conversation that includes more than just the most recent message and bottom is the keyboard.)
Click to expand...
I disabled the preview. And anyway the text is visible.
Re 3D Touch - yes, you can reply by 3D Touch without unlocking the phone
 
B

boobie12

macrumors 6502
Sep 20, 2012
435
8
myname70 said:
I disabled the preview. And anyway the text is visible.
Re 3D Touch - yes, you can reply by 3D Touch without unlocking the phone
Click to expand...
Yea you can only reply if you put your finger over the touch if and the lock icon at the top of the screen goes away. You can not reply if you do not put a authorized finger over the Touch ID as it will stay lock and nothing will happen when you try to 3D Touch the notification.
 
B

batting1000

macrumors 604
Sep 4, 2011
7,464
1,874
Florida
The whole thing is that you can put your finger on Touch ID and have it unlock the phone, but you don't leave the lock screen until you press down on the home button. It's kind of neat. At first, I was opening apps from the siri suggestions widget and I thought it was just letting me in, but I realized it was recognizing my finger on Touch ID. You'll also notice that the message at the bottom of the screen changes from "Press home to unlock" to "Press home to open".
 
lagwagon

lagwagon

Suspended
Original poster
Oct 12, 2014
3,899
2,759
Calgary, Alberta, Canada
batting1000 said:
The whole thing is that you can put your finger on Touch ID and have it unlock the phone, but you don't leave the lock screen until you press down on the home button. It's kind of neat. At first, I was opening apps from the siri suggestions widget and I thought it was just letting me in, but I realized it was recognizing my finger on Touch ID. You'll also notice that the message at the bottom of the screen changes from "Press home to unlock" to "Press home to open".
Click to expand...

Yep I'm aware of the two states of the bottom message of "press home to unlock" and "press home to open"

I wanted to know if for example you used Raise to Wake or the Power button to view a text notification and then used 3D Touch to enter the conversation to reply. If it just opened the Rich Notification without asking for Touch ID or if it asked for Touch ID. No video I've seen has shown if it asked or not. Which is why it got me wondering about a possible hole or not. (Since this new iOS 10 way shows the conversation now instead of just the text you're replying to in the quick reply.)

boobie12 confirmed that it does ask for verification. Killing all notion that there could have been a privacy hole.
 
S

shenfrey

macrumors 68030
May 23, 2010
2,507
778
I think a good way to limit the system is to maybe only have the last 3 messages sent to you before the the last response visible, that way you are keeping most of your privacy. Sounds like a decent compromise. Obviously you are not going to having a dirty chat with your girlfriend and then put your phone down next to your friends/random people and leave the room.
 
P

Polaroid

macrumors 65816
Oct 1, 2013
1,439
1,576
It requires you enter TouchID if you 3d Touch a notification from Messages. No security issues.
 
O

oftheheavens

macrumors 68000
Jul 9, 2008
1,988
498
cherry point
I know not all feel the same way that I do, but I don't have anything to hide in my messages so if someone, somehow, got a hold of my device they would have a boring time reading my messages lol.
 
HankHowdy

HankHowdy

macrumors 68040
Dec 2, 2012
3,501
392
Victorville CA
ed622c6e55a342f82ab292b84d0ad45c.jpg


I even have it turned off.
 
chestvrg

chestvrg

macrumors 65816
Dec 13, 2010
1,176
75
What I do is that I just disable "show in lock screen" for all apps that can possible send a message notification currently on iOS 9.3.2, and when u upgrade to iOS 10 I will do the same. I have notice that this is a problem to begin with, to keep prying eyes from seen anything it is best to disable this action.

In my job people sometimes leave their iPhones charging and I have been able to see unintended messages popping up in their screens and even pictures (not a good thing), if you want to keep as much privacy as possible.
134b3f4aa3ec0afe4c336d4c06af2a50.jpg
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom