Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

SteveJobs2.0

macrumors 6502a
Original poster
Mar 9, 2012
969
1,764
I was presenting some pictures of my recent vacation at my parents' house and I connected my iPhone 6+ to the family tv. However, I was extremely surprised to find that while mirroring the iphone screen on TV, I could see exactly what my password is since the phone displayed the numbers pressed on the lock screen. This is a serious issue for anyone presenting content of their iOS device and needs to be removed right away. Especially for people without a Touch ID device.
 

I7guy

macrumors Nehalem
Nov 30, 2013
34,836
24,847
Gotta be in it to win it
I was presenting some pictures of my recent vacation at my parents' house and I connected my iPhone 6+ to the family tv. However, I was extremely surprised to find that while mirroring the iphone screen on TV, I could see exactly what my password is since the phone displayed the numbers pressed on the lock screen. This is a serious issue for anyone presenting content of their iOS device and needs to be removed right away. Especially for people without a Touch ID device.

What's the issue? Someone looking over your shoulder gets to see every key pressed as a password is entered. The key flashes for a brief period of time before turning into an asterisk. All AirPlay does is mirror the screen.

Turn touchid on.
 

SteveJobs2.0

macrumors 6502a
Original poster
Mar 9, 2012
969
1,764
What's the issue? Someone looking over your shoulder gets to see every key pressed as a password is entered. The key flashes for a brief period of time before turning into an asterisk. All AirPlay does is mirror the screen.

Turn touchid on.

The issue is that while in hand the numbers are largely covered by your hand. When connected to a projector, your access code could be displayed to hundreds.
 

I7guy

macrumors Nehalem
Nov 30, 2013
34,836
24,847
Gotta be in it to win it
The issue is that while in hand the numbers are largely covered by your hand. When connected to a projector, your access code could be displayed to hundreds.

I hear what you are saying, you could submit feedback to Apple. But this wasn't a surprise to me. You could always change your password If you have concerns. Or don't turn on AirPlay until your past the password screen and temporarily turn off lock the phone.
 
Last edited:

GGJstudios

macrumors Westmere
May 16, 2008
44,553
949
I was extremely surprised to find that while mirroring the iphone screen on TV, I could see exactly what my password is since the phone displayed the numbers pressed on the lock screen. This is a serious issue for anyone presenting content of their iOS device
This is no different than you verbally speaking your passcode to others or showing them your phone while you enter it. A common sense approach would be to enter your passcode before connecting to AirPlay, and disabling auto-lock until you've completed your AirPlay session. No amount of software security measures can protect against unwise user actions.
The issue is that while in hand the numbers are largely covered by your hand. When connected to a projector, your access code could be displayed to hundreds.
So don't be projecting when you enter your passcode. Simple.
 

SteveJobs2.0

macrumors 6502a
Original poster
Mar 9, 2012
969
1,764
This is no different than you verbally speaking your passcode to others or showing them your phone while you enter it. A common sense approach would be to enter your passcode before connecting to AirPlay, and disabling auto-lock until you've completed your AirPlay session. No amount of software security measures can protect against unwise user actions.

So don't be projecting when you enter your passcode. Simple.

I realize that now, but there are many people using the feature for the first who don't know this or who will not notice it. There is no reason why Apple couldn't have programmed the lock screen not to show the key presses when connected to an external display.
 

mercuryjones

macrumors 6502a
May 31, 2005
786
0
College Station, TX
I realize that now, but there are many people using the feature for the first who don't know this or who will not notice it. There is no reason why Apple couldn't have programmed the lock screen not to show the key presses when connected to an external display.

There's also no reason that you need to be connected to an external display BEFORE displaying what you want to. Isn't that the whole purpose - you want to show a picture or video to someone, then have said picture/video already displayed on the phone.
Plus, why are you mirroring? Why not simply AirPlay? Then, you are only showing what you want the person to see.
 

SteveJobs2.0

macrumors 6502a
Original poster
Mar 9, 2012
969
1,764
There's also no reason that you need to be connected to an external display BEFORE displaying what you want to. Isn't that the whole purpose - you want to show a picture or video to someone, then have said picture/video already displayed on the phone.
Plus, why are you mirroring? Why not simply AirPlay? Then, you are only showing what you want the person to see.

Thereis no AirPlay when I am connecting my iPad to a projector at a lecture there is no AirPlay. I have to use the lightning to HDMI adapter.

Once again, the issue is not that there are no work-arounds... the issue is that Apple has built itself on taking care of the smaller issues. This is a major oversight.
 

The Doctor11

macrumors 603
Dec 15, 2013
5,995
1,473
New York
I don't see the problem here. All AirPlay does and SHOULD do is takes whats on my screen and push it out to another screen. That's what its meant for. You can do any number of things to stop people from seeing your password. Unlock it then AirPlay, turn off password, put password on a delay then unlock it and be good for a few hours or whatever you set it too. Really I find this a non issue.
 

Small White Car

macrumors G4
Aug 29, 2006
10,968
1,464
Washington DC
Jesus, people. It's a solid idea. It would be cool if Apple disabled those button flashes on the screen outputs.

It's not like he held a gun to your head and demanded you hand over money to make it happen. Is it so hard to say "yeah, that'd be neat" and leave it at that?
 

CosmoPilot

macrumors 68000
Nov 8, 2010
1,537
373
South Carolina
Jesus, people. It's a solid idea. It would be cool if Apple disabled those button flashes on the screen outputs.

It's not like he held a gun to your head and demanded you hand over money to make it happen. Is it so hard to say "yeah, that'd be neat" and leave it at that?

Understand, but it's called "MIRRORING" for a reason. I imagine there is a scenario out there where someone would want the password to show up just as typed/mirrored for demonstration purposes. If you're not that guy, then there are several ways to prevent this behavior. To call it a serious security issue is a huge stretch.
 

richwoodrocket

macrumors 68020
Apr 7, 2014
2,133
112
Buffalo, NY
Understand, but it's called "MIRRORING" for a reason. I imagine there is a scenario out there where someone would want the password to show up just as typed/mirrored for demonstration purposes. If you're not that guy, then there are several ways to prevent this behavior. To call it a serious security issue is a huge stretch.


You sir have taken the words out of my mouth.
If it is such a security concern, then don't put your passcode in when you're mirroring your device. A wise move is also to turn do not disturb on when mirroring so people don't see all the notifications you get. One text could be a career ender...
 

Abazigal

Contributor
Jul 18, 2011
20,194
23,471
Singapore
I was presenting some pictures of my recent vacation at my parents' house and I connected my iPhone 6+ to the family tv. However, I was extremely surprised to find that while mirroring the iphone screen on TV, I could see exactly what my password is since the phone displayed the numbers pressed on the lock screen. This is a serious issue for anyone presenting content of their iOS device and needs to be removed right away. Especially for people without a Touch ID device.


This happens in my class all the time. All my pupils now know my ipad's unlock code.

That said, I agree that it makes more sense for you to unlock your phone first before connecting it to the projector. What if, as suggested below, someone wants the demo the screen unlocking process for whatever reason?
 

eelw

macrumors 6502a
Sep 19, 2012
631
27
It's been like this since mirroring was first available. Apple hasn't done anything about it yet.
 

C DM

macrumors Sandy Bridge
Oct 17, 2011
51,392
19,461
Jesus, people. It's a solid idea. It would be cool if Apple disabled those button flashes on the screen outputs.

It's not like he held a gun to your head and demanded you hand over money to make it happen. Is it so hard to say "yeah, that'd be neat" and leave it at that?

Seems like the fix is simpler than that, basically not have the flashes on PIN/password entry screens. Fairly basic concept as there simply isn't any useful reason to mirror that--sure it's simpler to just blindly mirror everything but that doesn't make it the best or the right way to do it simply because it's simpler to do it that way. Too much digging to needlessly justify something that pretty much anyone can clearly say can and should be improved if even just a bit of rational thought is applied.
 

sbailey4

macrumors 601
Dec 5, 2011
4,538
3,193
USA
I agree with the work arounds but it would make since to enable a "unlock first" option before any mirror or external display became active. Imagine you are getting ready for a presentation and are connected to a TV or projecter in preparation for the presentation. All the lock screen notifications, text, emails whatever you have set would pop up constantly while you are waiting for the participants to assemble. How would it NOT make since to be connected and ready but have to enter password before the screen share became active? Sounds like a logical idea to me.

Or you could wait til the class is assembled then begin trying to get it to "just work" and deal with the potential connectivity issues, display issues etc while your participants are assembled and waiting for you to get it working.
 

I7guy

macrumors Nehalem
Nov 30, 2013
34,836
24,847
Gotta be in it to win it
Seems like the fix is simpler than that, basically not have the flashes on PIN/password entry screens. Fairly basic concept as there simply isn't any useful reason to mirror that--sure it's simpler to just blindly mirror everything but that doesn't make it the best or the right way to do it simply because it's simpler to do it that way. Too much digging to needlessly justify something that pretty much anyone can clearly say can and should be improved if even just a bit of rational thought is applied.

What happens if I want that intended behavior to be shown on a big screen for whatever reason?

It's a slippery slope when software starts to make the determination of how things should be mirrored. It's much more reasonable to know you mirror or AirPlay a replica of your screen is shown on the big screen.

Got the same thing with windows desktops used for presentations.
 

NoBoMac

Moderator
Staff member
Jul 1, 2014
6,120
4,765
Seems like the fix is simpler than that, basically not have the flashes on PIN/password entry screens.

Ugh! No. On a real computer keyboard, there is enough gap between keys, combined with muscle memory, and worst case, ease of actually seeing what keys you are hitting, to be able to get a password entered successfully. With an iOS keyboard, especially on a phone where it's really easy to hit the neighboring key, and burning through one's limit on entering an invalid password. Heck, even with an iPad in landscape, I'll get a password entered incorrectly far more than on my Mac.

OP has a 6+, so, another option is to use the finger print sensor: noone sees anything there.

It's a slippery slope when software starts to make the determination of how things should be mirrored. It's much more reasonable to know you mirror or AirPlay a replica of your screen is shown on the big screen.

Got the same thing with windows desktops used for presentations.

This and this. As other's have said, there are tons of other things that can be equally bad re: text/e-mail/IM notifications that can pop-up when mirroring, that can be embarrassing, at worst, career ender.
 

C DM

macrumors Sandy Bridge
Oct 17, 2011
51,392
19,461
Ugh! No. On a real computer keyboard, there is enough gap between keys, combined with muscle memory, and worst case, ease of actually seeing what keys you are hitting, to be able to get a password entered successfully. With an iOS keyboard, especially on a phone where it's really easy to hit the neighboring key, and burning through one's limit on entering an invalid password. Heck, even with an iPad in landscape, I'll get a password entered incorrectly far more than on my Mac.

OP has a 6+, so, another option is to use the finger print sensor: noone sees anything there.



This and this. As other's have said, there are tons of other things that can be equally bad re: text/e-mail/IM notifications that can pop-up when mirroring, that can be embarrassing, at worst, career ender.
Clearly all of what I said was in relation to the mirroring part of it all (as that is the topic and focus of the discussion).
 

sunking101

macrumors 604
Sep 19, 2013
7,416
2,657
Jesus, people. It's a solid idea. It would be cool if Apple disabled those button flashes on the screen outputs.

It's not like he held a gun to your head and demanded you hand over money to make it happen. Is it so hard to say "yeah, that'd be neat" and leave it at that?

There must always be an effort made to see Apple's way of doing something as being the best way. All other ways are stooopid.
 

Abazigal

Contributor
Jul 18, 2011
20,194
23,471
Singapore
Ugh! No. On a real computer keyboard, there is enough gap between keys, combined with muscle memory, and worst case, ease of actually seeing what keys you are hitting, to be able to get a password entered successfully. With an iOS keyboard, especially on a phone where it's really easy to hit the neighboring key, and burning through one's limit on entering an invalid password. Heck, even with an iPad in landscape, I'll get a password entered incorrectly far more than on my Mac.

OP has a 6+, so, another option is to use the finger print sensor: noone sees anything there.



This and this. As other's have said, there are tons of other things that can be equally bad re: text/e-mail/IM notifications that can pop-up when mirroring, that can be embarrassing, at worst, career ender.

Isn't that what do-not-disturb mode is for?
 

C DM

macrumors Sandy Bridge
Oct 17, 2011
51,392
19,461
Solution: Turn mirroring on after you are on the screen you wish to display.

That's a workaround not an actual solution to the issue. There's a difference.

----------

Isn't that what do-not-disturb mode is for?
Quite so. Apple decided after years that it was finally a worthy enough feature for them to implement. Perhaps after some more years they'll decide to do something about this when people will praise Apple for introducing such a useful and important feature (despite not even willing to give it a second thought now).
 

Abazigal

Contributor
Jul 18, 2011
20,194
23,471
Singapore
That's a workaround not an actual solution to the issue. There's a difference.

----------


Quite so. Apple decided after years that it was finally a worthy enough feature for them to implement. Perhaps after some more years they'll decide to do something about this when people will praise Apple for introducing such a useful and important feature (despite not even willing to give it a second thought now).

You are assuming this is indeed a problem with airplay-mirroring itself, rather than it simply working as intended, and the user himself trying to find fault where none existed.

What's next? Should, as suggested earlier, all notifications automatically be suspended for as long as my iPad is being mirrored? What if I want them to come in (say as a demonstration of how push notifications work)?
 

sunking101

macrumors 604
Sep 19, 2013
7,416
2,657
You are assuming this is indeed a problem with airplay-mirroring itself, rather than it simply working as intended, and the user himself trying to find fault where none existed.

What's next? Should, as suggested earlier, all notifications automatically be suspended for as long as my iPad is being mirrored? What if I want them to come in (say as a demonstration of how push notifications work)?

It's unlikely that anyone would wish to demonstrate that.
A simple toggle preventing notifications and passcodes/PINs from being mirrored would suffice.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.