Accounts and Passwords visible without needing to authenticate
| Originator: | joe | ||
| Number: | rdar://32988304 | Date Originated: | 06/26/17 |
| Status: | Works as expected | Resolved: | Yes |
| Product: | iOS | Product Version: | iOS 11 (15A5304i) |
| Classification: | Suggestion | Reproducible: | Always |
iOS 11 allows all passwords to become visible without needing to authenticate. This is very insecure, and would prevent me from storing my passwords in iCloud Keychain, knowing that I can be compelled to open them either by force, law enforcement, or otherwise. Steps to Reproduce: Go to Settings > Accounts & Passwords > App & Website Passwords. You will be prompted for TouchID, without any way to use an alternate mechanism for authentication. Expected Results: I expected to be prompted for another master password, which would prevent anyone from seeing passwords with just access to me and my phone. Observed Results: All passwords were displayed in plain text for anyone to see.
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!