Apps using Apple Password - is there any specific security behaviour needed when allowing them to ru

Discussion in 'Mac Basics and Help' started by Wenzai, Oct 31, 2016.

  1. Wenzai macrumors newbie

    Joined:
    Oct 31, 2016
    #1
    Good day everyone!


    I'm going to assume Apple has it all encrypted, but I'd still like to ask. I take my security seriously: apps from trusted sources, never touch one of those money grabbing AV apps, software updates installed.

    But being new, there are thing I can't find being spelled out so I need to ask.

    Apps that use Apple password when logging in, either when downloading (App Store) or always runnings (iMessages, FaceTime, iCloud): is there protocol how to behave. When logging into App Store - do I need to have browsers closed and emptied from cookies so nothing could steal data from my Mac?

    Or if I'm logged into different sites, surfing in web and other programs using Apple Id (like iMessages, FaceTime, iCloud) connect to net - could this connection be hacked from those sites I'm browsing and my apple password or any data from inside Mac be stolen?

    Logic dictates that it should not be possible as people do surf around while using iCloud and iMessages at the same time... I assume?


    Sincerely,
    Wenzai
     
  2. KALLT, Oct 31, 2016
    Last edited: Oct 31, 2016

    KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #2
    I do not think anyone can give you an assuring, comprehensive answer. I happen to know that services like iMessage, iCloud and FaceTime use encrypted keychain items with restricted access to store your Apple ID credentials. These services use random tokens instead of your Apple ID password to connect to Apple’s servers. You can use these services securely, no other program should be able to access this information. I don’t know if Apple uses this across the board, however, such as the App Store or iTunes.

    It is true that any unsandboxed program could read your Safari cookies and extract information. If this concerns you, then you should think about storing passwords either in Safari’s keychain or a password manager like 1Password and then stop using cookies for storing account-related data or disable cookies altogether.
     
  3. Wenzai thread starter macrumors newbie

    Joined:
    Oct 31, 2016
    #3
    Thank you for answering!


    This puts me at ease. I'm grateful. The part about random tokens was very interesting tidbit. Thank you for adding that.



    I don't really worry about information in Browser as I always clean up my cookies after each session an never save passwords in browsers.
    My main concern was regarding loosing data from the Apps that use Apple Password. As long as iMessage, iCloud and FaecTime are safe (not leaving holes while connecting to Apple servers - I was afraid this could potentially cost me Apple Password and perhaps allow unsavory individuals chance to peek inside of my Mac too, get Mac password itself - I know, I think too much), I don't feel worried.
     
  4. KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #4
    Here is a source for this: https://support.apple.com/HT202303.
     
  5. Wenzai thread starter macrumors newbie

    Joined:
    Oct 31, 2016

Share This Page