Click to Skip Ad
Closing in...

Potential iOS security risk brought to light by developer

Apple ID Log In iOS App

A potential security issue with iOS apps has been discovered, as a calendar app has been found to ask users to provide Apple ID login details in order to sync calendars, Marco Arment revealed. The Sunrise Calendar app has an “Add Account” feature that lets users connect the app with an iCloud calendar, Facebook and Google Calendar if they so desire. To do so, Sunrise requires user names and passwords, which may be a security risk especially for iCloud, which uses Apple ID login details that can be used to access Apple’s digital stores including iTunes, the iOS App Store, the Mac App Store and Apple’s iBookstore.

“No app or website should ever be asking for a high-security username and password directly, especially given how much is tied to your Apple ID,” Arment writes. “What year is this?”

Sunrise Calendar iOS app requesting the user’s Apple ID credentials | Image source:

Sunrise has responded that it doesn’t store the log in details on its servers – the app screen also says that passwords will not be collected – and instead only requires the credentials to obtain a token from Apple. “When you type in your iCloud credentials, they are sent to our server only once in a secured way over SSL. We use them to generate a secure token from Apple. This secure token is the only thing we store on our servers, we never store your actual iCloud credentials,” Sunrise said.

Apple is allowing developers to include such features in their apps, as there is “no rule against doing this.”

Two months ago, Sunrise advised users that its database provider suffered a security breach, offering them details about how their data may have been affected. Interestingly, for connected iCloud accounts, the company said that “even though we don’t store any credentials, the security breach may have put some of your calendar data at risk.” At the time, Sunrise told customers to change iCloud passwords to make sure their data is safe.

Chris Smith has been covering consumer electronics ever since the iPhone revolutionized the industry in 2008. When he’s not writing about the most recent tech news for BGR, he closely follows the events in Marvel’s Cinematic Universe and other blockbuster franchises. Outside of work, you’ll catch him streaming almost every new movie and TV show release as soon as it's available.