You have to be careful when you’re using your iPhone and suddenly a pop-up prompts you to enter your Apple ID password, which someone is phishing you.
“iOS asks the user for their iTunes password for many reasons, the most common ones are recently installed iOS operating system updates, or iOS apps that are stuck during installation. As a result, users are trained to just enter their Apple ID password whenever iOS prompts you to do so, but this could easily be abused by any app” developer Felix Krause says.
he says that it’s “shockingly easy” for a shady developer to prompt people to enter their passwords using iOS’s UIAlertController, which lets developers create pop-ups that also happen to mimic the system dialog.
And while he admits that Apple has been doing a good job of keeping malicious apps from the official App Store, he says it would be easy for wanna-be phishers to bypass the store’s defenses by making it so that the feature is enabled only after the app is approved by the company.
How to protect yourself?
Don’t download untrusted apps first of all. In the meantime, you can check whether the password prompt comes from iOS or an open app by pressing the Home button. If the app quits, someone was phishing you. If not, it’s a real-deal iOS request.