iOS 8.3 Lets You Skip Password Entry to Download Free Apps. Good Idea?
Posted on
by
Graham Cluley
The new version of iOS, version 8.3, is getting ever closer and pre-release beta testers are stumbling across new hidden features and tweaks that Apple has made with the iPhone and iPad operating system.
An iOS 8.3 update (beta 4, build reference ‘12F5061’) issued this week contains what appears to be new functionality allowing users to disable password authentication when downloading free apps and games from the App Store.
The new functionality is quietly tucked behind a new area called “Password Settings,” underneath “iTunes & App Store” in the main Settings application, and gives users the ability to “Always Require” a password when making a purchase or “Require after 15 minutes.”
Those two options aren’t themselves new. They’re already in iOS, in the Restrictions section of the Settings app.
But what is new is an On-Off switch letting users choose whether they can get free apps from the App Store without requiring a password.
Why would you not want to enter a password before downloading a free, new app to your phone? Well, the only reason I can think of is the sheer convenience of saving yourself five seconds of typing. It’s clearly not an enhancement of security to disable the password check.
In fact, if you consider how often you might hand your phone to someone else to speak to a friend, or leave it unattended away from your person, there is a real danger that someone might exploit the feature to install an app that you don’t want onto your phone, or meddle with your settings.
It’s easy, for instance, to imagine a clued-up child changing settings to give them access to apps and games of which their parents might not approve, or leaky apps that are careless with users’ privacy being installed onto devices without the true owner’s express permission.
Of course, if you haven’t jailbroken your iPhone or iPad, then the apps that can be installed onto your iDevice are limited to those that have managed to pass the vigorous vetting that Apple has in place.
But I would still think it’s sensible for the device’s owner to be the ultimate custodian of what gets installed on their smartphone or tablet, and anything that introduces the option of disabling a password check feels like a step in the wrong direction.
And is it really such a big deal these days anyway? Recent iPhones and iPads come with Touch ID, meaning you no longer have to remember your Apple ID password to download a game, or your PIN or (hopefully) password to unlock your device.
Touch ID works well for most people, and arguably is less of a hassle than typing in a password—so why does there need to be an option to disable authentication for downloading free apps? Wouldn’t insisting on Touch ID at least have been enough, and not compromised security?
Reportedly, the option to waltz past a password check is not available if Apple’s Touch ID fingerprint-checker is enabled—but we’ll probably have to wait until iOS 8.3 has properly shipped before we know for certain.
In all likelihood, the kind of people who configure iOS to stop asking for a password are likely to be the same as those who are least security-conscious, and might well be the same folks who don’t even bother having a weak four digit PIN code protecting their iDevice.
Apple should be protecting such people from the risks they expose themselves to, making it harder for criminals to exploit unlocked iPhones and iPads—whether their motive be money or mischief.
So, what do you think? Is the ability to skip the password to download free apps a good idea or a bad idea? Leave a comment below with your point of view.
