Possible security/privacy hole with new 3D Touch on messages notifications?

Discussion in 'iOS 10' started by lagwagon, Jun 17, 2016.

  1. lagwagon Suspended

    lagwagon

    Joined:
    Oct 12, 2014
    Location:
    Calgary, Alberta, Canada
    #1
    The new feature to 3D Touch on a text from someone in the lock screen and jump right into the conversation and reply may have a security & privacy hole.

    Are there any Touch ID or any verification checks?

    If not anyone could pick up your phone, 3D Touch into a text and read your conversation and reply.
     
  2. C DM macrumors Westmere

    Joined:
    Oct 17, 2011
    #2
    Well, how much of a conversation is included from a text notification?

    As it is now, in iOS 9, with quick reply, more or less a similar thing is possible by seeing a notification for a message and going to reply to it. There are controls for it all though, like disabling quick reply from lock screen, as well as disabling message previews or lock screen notifications completely of messages (or any particular app).
     
  3. lagwagon thread starter Suspended

    lagwagon

    Joined:
    Oct 12, 2014
    Location:
    Calgary, Alberta, Canada
    #3
    Quick reply in iOS 9 does not show you any conversation. It just lets you reply.

    iOS 10 3D Touch pops up your conversation at the top and the keyboard at the bottom to reply and stay in to conversation as long as you want.
     
  4. C DM macrumors Westmere

    Joined:
    Oct 17, 2011
    #4
    Well, is it a conversation that was there before the phone was locked and before the latest notification? Or is it just from the latest notification and on?
     
  5. boobie12 macrumors 6502

    Joined:
    Sep 20, 2012
    #5
    Actually you do have to put your finger over touch I'd so it recognizes you before able to reply to a message. If you don't do this after raise to wake and just 3d touch the message it will ask for your password. I love this feature.
     
  6. myname70 macrumors 6502a

    Joined:
    May 5, 2014
    #6
    Fully agree this is a privacy issue. You can read all messages or WhatsApp conversation from the lock screen. Even you can reply without any verification.
     
  7. lagwagon thread starter Suspended

    lagwagon

    Joined:
    Oct 12, 2014
    Location:
    Calgary, Alberta, Canada
    #7
    Ok thanks, that's what I was wondering about. If it did infact do a verification before popping into the Rich Notification for texts.

    I don't have a 3D Touch device in iOS 10 so I couldn't fully test and videos of it in action that I've seen didn't show any prompts for verification before just moving into the new 3D Touch conversation/quick reply.
    --- Post Merged, Jun 17, 2016 ---
    You can hide the actual message from the lock screen in Notification Settings. The "Show Preview" option and it will only say who the message is from without showing the actual message.

    What my OP is about was the new 3D Touch into the conversation to reply without having to unlock the device. (3D Touch pops open two windows. Top is the conversation that includes more than just the most recent message and bottom is the keyboard.)
     
  8. myname70 macrumors 6502a

    Joined:
    May 5, 2014
    #8
    I disabled the preview. And anyway the text is visible.
    Re 3D Touch - yes, you can reply by 3D Touch without unlocking the phone
     
  9. boobie12 macrumors 6502

    Joined:
    Sep 20, 2012
    #9
    Yea you can only reply if you put your finger over the touch if and the lock icon at the top of the screen goes away. You can not reply if you do not put a authorized finger over the Touch ID as it will stay lock and nothing will happen when you try to 3D Touch the notification.
     
  10. batting1000 macrumors 604

    Joined:
    Sep 4, 2011
    Location:
    Florida
    #10
    The whole thing is that you can put your finger on Touch ID and have it unlock the phone, but you don't leave the lock screen until you press down on the home button. It's kind of neat. At first, I was opening apps from the siri suggestions widget and I thought it was just letting me in, but I realized it was recognizing my finger on Touch ID. You'll also notice that the message at the bottom of the screen changes from "Press home to unlock" to "Press home to open".
     
  11. lagwagon thread starter Suspended

    lagwagon

    Joined:
    Oct 12, 2014
    Location:
    Calgary, Alberta, Canada
    #11
    Yep I'm aware of the two states of the bottom message of "press home to unlock" and "press home to open"

    I wanted to know if for example you used Raise to Wake or the Power button to view a text notification and then used 3D Touch to enter the conversation to reply. If it just opened the Rich Notification without asking for Touch ID or if it asked for Touch ID. No video I've seen has shown if it asked or not. Which is why it got me wondering about a possible hole or not. (Since this new iOS 10 way shows the conversation now instead of just the text you're replying to in the quick reply.)

    boobie12 confirmed that it does ask for verification. Killing all notion that there could have been a privacy hole.
     
  12. HankHowdy macrumors 68040

    HankHowdy

    Joined:
    Dec 2, 2012
    Location:
    Victorville CA
    #12
    I can reply without having to use a passcode or Touch ID. This is a problem. I have reply to messages off.
     
  13. shenfrey macrumors 68000

    Joined:
    May 23, 2010
    #13
    I think a good way to limit the system is to maybe only have the last 3 messages sent to you before the the last response visible, that way you are keeping most of your privacy. Sounds like a decent compromise. Obviously you are not going to having a dirty chat with your girlfriend and then put your phone down next to your friends/random people and leave the room.
     
  14. bushido Suspended

    bushido

    Joined:
    Mar 26, 2008
    Location:
    Germany
    #14
    do you have an iPhone 6S? you probably don't even realise cuz the touch ID is so fast
     
  15. Polaroid macrumors 6502a

    Joined:
    Oct 1, 2013
    #15
    It requires you enter TouchID if you 3d Touch a notification from Messages. No security issues.
     
  16. oftheheavens macrumors 68000

    Joined:
    Jul 9, 2008
    Location:
    cherry point
    #16
    I know not all feel the same way that I do, but I don't have anything to hide in my messages so if someone, somehow, got a hold of my device they would have a boring time reading my messages lol.
     
  17. HankHowdy macrumors 68040

    HankHowdy

    Joined:
    Dec 2, 2012
    Location:
    Victorville CA
    #17
    6S Plus. If I wake the screen by lifting it and just force touch the notification it let's me reply with out touching the home button.
     
  18. HankHowdy macrumors 68040

    HankHowdy

    Joined:
    Dec 2, 2012
    Location:
    Victorville CA
    #18
    I was just able to do it again. I never have to use Touch ID or a passcode. All I have to do is raise to wake and force touch for reply.

    This is all bad.
     
  19. HankHowdy macrumors 68040

    HankHowdy

    Joined:
    Dec 2, 2012
    Location:
    Victorville CA
  20. Polaroid macrumors 6502a

    Joined:
    Oct 1, 2013
  21. chestvrg macrumors 65816

    chestvrg

    Joined:
    Dec 13, 2010
    #21
    What I do is that I just disable "show in lock screen" for all apps that can possible send a message notification currently on iOS 9.3.2, and when u upgrade to iOS 10 I will do the same. I have notice that this is a problem to begin with, to keep prying eyes from seen anything it is best to disable this action.

    In my job people sometimes leave their iPhones charging and I have been able to see unintended messages popping up in their screens and even pictures (not a good thing), if you want to keep as much privacy as possible.[​IMG]
     

Share This Page