If you’ve used an iOS device at all, you’ve almost certainly been presented with the above popup asking you to enter your Apple ID password. It often appears within the App Store and iTunes Store, but it also has a tendency to randomly popup from time to time due to something running in the background.
A new blog post from developer Felix Krause, however, explains how that popup could be used to easily trick someone into handing over their Apple ID and password…
The developer explains it is incredibly easy for an iOS app maker to recreate the Apple ID password prompt. From there, the app could send that popup and subsequently log the Apple ID and password. It takes less than 30 lines of code and could seemingly be dropped in any legitimate iOS app and sneak past App Store review teams.