tech

Watch Out For Fake iOS Login Popups That Trick You Into Giving Away Your Apple ID

An Apple expert has shown just how easy it is to create a fake popup.

Cover image via Krausefx

Can you tell which one of these two popups is fake?

Image via Krausefx

The popup appears whenever iOS requires a user's Apple ID

When the popup appears on an iOS device, prompting a user to enter their iTunes password, users simply enter the details because that's what they are supposed to do.

However, this feature can be abused by scammers looking to phish your credentials.

Because it is quite easy to create a fake login popup that looks exactly like the ones used by Apple, according to Apple iOS code researcher, Felix Krause.

Felix published a proof-of-concept on his blog recently that demonstrated just how simple it is to create a fake Apple ID login popup and steal peoples’ personal details.

And to answer the question we asked above, the one on the right-hand side is fake.

Image via Krausefx

While the login popup usually appears on the home screen and lock screen, it also has a tendency to randomly pop up inside random apps from time to time due to something running in the background

If you input your password into one of the fake boxes, the attacker could steal it and use it to access your credit card information.

If you think it's hard to do so, think again.

Malicious developers can turn on alerts inside their apps that look like Apple's popups using a simple code, warned Felix, adding that even users who are technologically advanced have a hard time detecting that those alerts are phishing attacks.

"Showing a fake login box that looks just like a system popup is super easy, there is no magic or secret code involved, it's literally the examples provided in the Apple docs, with a custom text," the Austria-based Apple iOS code researcher wrote on his blog.

Image via Krausefx

How do you protect yourself from such a phishing scam?

Felix has outlined the following steps:


  • Hit the home button, and see if the app quits:
    • If it closes the app, and with it the login box, then this was a phishing attack.
    • If the login box and the app are still visible, then it's a system popup. The reason for that is that the system popups run on a different process, and not as part of any iOS app.
  • Don't enter your credentials into a popup, instead, dismiss it, and open the Settings app manually. This is the same concept like you should never click on links on emails, but instead open the website manually.
  • If you hit the Cancel button on a popup, the app still gets access to the content of the password field. Even after entering the first characters, the app probably already has your password.


You can head over to Felix's blog to read the full explanation of this phishing method.

You may be interested in: