Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

EJ8

Suspended
Original poster
Oct 13, 2010
645
324
Anyone can respond to an incoming message when the phone is locked. Worse, you can use Siri to create and send a message to anyone you want. AND you can ask Siri to read all of the unread messages on a locked phone. Nice stuff Apple.
 
Anyone can respond to an incoming message when the phone is locked. Worse, you can use Siri to create and send a message to anyone you want. AND you can ask Siri to read all of the unread messages on a locked phone. Nice stuff Apple.

Are you using the home button to wake the phone up? If so, TouchID verified who you are already.
 
Most or all of this stuff was true since ios7 I believe. I definitely think it should be locked behind touchid or a passcode but, with that said, physical access is pretty much game over for most systems or objects (someone who has your wallet can access the money without a passcode). Still strongly agree all of this should be secured by default though
 
Most or all of this stuff was true since ios7 I believe. I definitely think it should be locked behind touchid or a passcode but, with that said, physical access is pretty much game over for most systems or objects (someone who has your wallet can access the money without a passcode). Still strongly agree all of this should be secured by default though

So you've always been able to "read" peoples messages without unlocking their phone? WTF? The general public isn't aware of this or something?
 
So you've always been able to "read" peoples messages without unlocking their phone? WTF? The general public isn't aware of this or something?

I don't have an older device to double check but I'm 100% sure you could read and reply to messages on iOS 9 on the lock screen. It's all configurable btw, but the trade off is convenience of course. I guess the assumption is that it's a personal device you have on you.

Again, not defending this and I disagree with the policy as a default, just saying what I believe is the case.
 
I don't have an older device to double check but I'm 100% sure you could read and reply to messages on iOS 9 on the lock screen. It's all configurable btw, but the trade off is convenience of course. I guess the assumption is that it's a personal device you have on you.

Again, not defending this and I disagree with the policy as a default, just saying what I believe is the case.

Right now I do not believe you can turn off the ability to reply to messages. For the Siri stuff, yes you can turn Siri off in the lock screen.
 
Pretty sure you couldn't awnser messages while locked in iOS 9, someone check that

I am almost certain you could. If Message Preview is on and "Reply with Message" is on under "Allow access when locked" in the Touch ID and Passcode settings. The setting kinda says you can, doesn't it? Siri is in that section too

BTW there's no "Reply with Message" on iPad, even though they can message. My assumption (and it's definitely just a guess) is that it's considered to be less personal and more likely to be shared or left around.
[doublepost=1468355343][/doublepost]
Right now I do not believe you can turn off the ability to reply to messages. For the Siri stuff, yes you can turn Siri off in the lock screen.

Try turning off "Reply with message" in the section I noted in my post above. I haven't tried it on 10 so I can't confirm it works though, sorry.
 
  • Like
Reactions: PowerBook-G5
Turn off "Show Preview".

Settings > Notifications > Messages

Yes, that will deal with the casual reading part for sure. Not sure if it prevents opening and replying without authentication though and unfortunately don't have time to test it right now.
 
Anyone can respond to an incoming message when the phone is locked. Worse, you can use Siri to create and send a message to anyone you want. AND you can ask Siri to read all of the unread messages on a locked phone. Nice stuff Apple.

I don't know if this is a legitimate bug or not, but regardless, it's a beta. You should only be using it on a disposable test device. If you used the iOS 10 Beta with the expectation that your stuff would be safe and secure (or that anything would work properly), well, congratulations, you played yourself.
 
Yes, that will deal with the casual reading part for sure. Not sure if it prevents opening and replying with authentication though and unfortunately don't have time to test it right now.

It's even worse now that Rich Notifications show past conversation history when replying. Previously it only showed just the message you're replying to.

Definitely think authentication should be required by default but it isn't.
 
  • Like
Reactions: Feenician
I don't know if this is a legitimate bug or not, but regardless, it's a beta. You should only be using it on a disposable test device. If you used the iOS 10 Beta with the expectation that your stuff would be safe and secure (or that anything would work properly), well, congratulations, you played yourself.

Oh geezus get over yourself. Everyone knows it's a beta. Thanks for chiming in though.
 
I am almost certain you could. If Message Preview is on and "Reply with Message" is on under "Allow access when locked" in the Touch ID and Passcode settings. The setting kinda says you can, doesn't it? Siri is in that section too

BTW there's no "Reply with Message" on iPad, even though they can message. My assumption (and it's definitely just a guess) is that it's considered to be less personal and more likely to be shared or left around.
[doublepost=1468355343][/doublepost]

Try turning off "Reply with message" in the section I noted in my post above. I haven't tried it on 10 so I can't confirm it works though, sorry.

Turning off "Reply with Message" doesn't stop it. Any anyway isn't that related to the ability to reply to an incoming phone call with a message? Regardless it doesn't help the problem.
 
So you've always been able to "read" peoples messages without unlocking their phone? WTF? The general public isn't aware of this or something?
On ios9 you can "dismiss" a message from the home screen and that will show "read" reciept. Also you can swipe left to reply without unlocking as well.

Don't know about siri, I rarely use her to send messages.
 
  • Like
Reactions: matty.p
It's even worse now that Rich Notifications show past conversation history when replying. Previously it only showed just the message you're replying to.

Definitely think authentication should be required by default but it isn't.

I've always had message notifications off completely on my iPad (for the reason I mentioned before. I leave it at home in the office unguarded frequently) and previews off on the phone lock screen but I'd left them on on phone for iOS 10 testing purposes. Certain the implications of being able to read seemed obvious and the implications of being able to reply seemed to matter less because of that.
 
Turn off "Show Preview".

Settings > Notifications > Messages

Good call. Interesting that iOS 10 is turning this setting on by default. I've always had mine off. After the upgrade it was on.
 
Turning off "Reply with Message" doesn't stop it. Any anyway isn't that related to the ability to reply to an incoming phone call with a message? Regardless it doesn't help the problem.

Yeah the setting is pretty ambiguous. I actually looked at the iOS 9 manual a few days ago to check this and it's not well explained at all. I was under the same impression as you on that setting but there's a lot of random websites that day otherwise
 
On ios9 you can "dismiss" a message from the home screen and that will show "read" reciept. Also you can swipe left to reply without unlocking as well.

Don't know about siri, I rarely use her to send messages.

Yea so what I'm learning and I've checked it on an iPhone 6S running iOS 10 and an iPad running iOS 9 - on a locked device you can instruct Siri to read aloud all unread messages. And you can ask her to send a message to ANYONE. Someone in your contact list (by name) or you can just read out a phone number and message and she will send it. This seems effed up.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.