Arment comments:
Sunrise claims that they’re not storing the credentials and are instead just getting a login token of some sort from iCloud. (It’s unclear whether they’re transmitting your email and password to their servers and getting the login token from there, or doing the exchange from the device.) But that doesn’t matter at all.
No app or website should ever be asking for a high-security username and password directly, especially given how much is tied to your Apple ID. What year is this?
It’s downright dangerous that Apple not only let this through app review, but is promoting it.
He’s right. While Sunrise insists that they aren’t storing your credentials, how could an end user possibly know? Yet according to Arment, there’s no existing rule against an app asking for an Apple ID and password, leaving a wide back door open for potential fraud. Sunrise might be innocent of any wrongdoing, but the next app developer to use this trick might not be. Apple needs to change this, stat.
Via: cult of Mac
Related articles
The App Store’s Dirty Secret: Protect your Apple ID
No comments:
Post a Comment