XPost: misc.phone.mobile.iphone   
   From: mariasophia@comprehension.com   
      
   Tyrone wrote:   
   >>> All day, every day, iOS nags me to sign in even though I never logged out.   
   >>   
   >> All you've ever shown is that it asked once on Tuesday, February 8, 2022.   
   >   
   > It is STILL astonishing that, considering his 100% record here of lying   
   and/or   
   > just plain being wrong, he STILL expects us to just take his word for every   
   > absurd-claim-of-the-day he makes.   
   >   
   > I now have - collected over many years - 4 iPhones (5, 8+, 12 Pro Max, 16 Pro   
   > Max), 4 iPod Touch 7s and 13 various model iPads. NONE have EVER asked me to   
   > login for no reason. Only when I am downloading something from the App Store.   
   > etc.   
   >   
   > As always, he is full of shit.   
   >   
   > BTW, all still work. Even the 11 year old iPad Air 2 (I have 2 of those).   
   > Yes, they are MUCH slower than my MUCH newer iPad Pro models, but they still   
   > work.   
   >   
   > As always, another Arlen lie put to rest.   
      
   Hi Tyrone,   
      
   Happy New Year!   
      
   First off, Alan Baker is wrong as that screenshot was from when I was   
   helping Ant on December 28th 2025, about a week ago, where Alan Baker's   
   claim that iOS changed fundamentally in how it does tokens is absurd.   
        
      
   Ignoring Alan Baker's utterly ridiculous claim that iOS has changed in how   
   it does authentication, I have screenshots for many dates, but it doesn't   
   matter unless Alan Baker wants to explain why he makes the inane claim that   
   iOS has fundamentally changed in how it does token expiration & renewal.   
      
   Ignoring Alan Baker coming up with the first ludicrous excuse he can think   
   of to defend Apple to the death no matter what, we come back to your memory   
   of your personal experiences, Tyrone.   
      
   I strongly suspect you gave the password when asked, and since that's   
   perfectly natural for you to do, you don't remember doing it when you did.   
      
   But even if you didn't do it, there is a well-documented technical   
   explanation of why iOS asks for the Apple ID password even when the user   
   never logged out. This behavior is considered normal for iOS, and, in fact,   
   it's documented by Apple. But when any given user receives it depends on   
   which Apple services they use and whether silent token refresh succeeds.   
      
   Keep in mind the key fact that iOS does not rely on a single login session.   
      
   Instead iOS uses many separate authentication tokens. As I explained in   
   gory detail elsewhere in this thread, each Apple service issues its own   
   token and each token has its own expiration rules.   
      
   I already provided examples of Apple services that issue tokens such as   
   1. Apple ID identity service   
   2. iCloud Drive   
   3. iCloud Photos   
   4. iMessage   
   5. FaceTime   
   6. App Store   
   7. Find My   
   8. Game Center   
   9. Keychain escrow   
   10. Background sync services   
      
   Apple documents this architecture in multiple places, for example:   
      
   Apple Identity Services:   
       
      
   iCloud authentication and tokens:   
       
      
   App Store authentication:   
       
      
   iMessage and FaceTime activation:   
       
      
   Activation Lock and device activation tokens:   
       
      
   These services do not share a single token. Each service controls its own   
   token lifecycle. Many tokens can be silently refreshed in the background.   
      
   However, some tokens cannot be silently refreshed. When one of those tokens   
   expires, iOS must ask for the Apple ID password. This happens even if the   
   user never logged out.   
      
   This explains why two users can have different experiences:   
      
   a. If a user has many Apple services enabled, more tokens exist, so there   
      are more opportunities for a token to expire.   
   b. If a user has fewer services enabled, fewer tokens exist, so prompts are   
      less frequent.   
   c. If silent refresh succeeds, the user never sees a prompt.   
   d. If silent refresh fails, the user sees a password prompt.   
      
   Silent refresh can fail for many reasons, including:   
      
   1. Network interruptions   
   2. Device offline for long periods   
   3. Disabled services   
   4. Expired or revoked tokens   
   5. Server side changes by Apple   
   6. Apple ID security policy changes   
      
   Apple documents that some services require periodic reauthentication. For   
   example, iMessage and FaceTime activation tokens expire and must be   
   renewed. The App Store also requires periodic reauthentication. iCloud   
   services may require reauthentication when tokens expire or when security   
   policies change.   
      
   Because of this Apple-only architecture, it is technically normal for iOS   
   to request the Apple ID password even when the user never logged out.   
      
   The request is triggered by token expiration, not by user logout.   
      
   This also explains why some users can claim they never see prompts.   
      
   Maybe they don't remember since entering a password is a normal activity   
   for them, but even if they truly didn't enter the password, if their   
   tokens refresh silently, they will not notice the process. If they enter   
   the password immediately when prompted, they will forget the prompt   
   occurred. If they use fewer Apple services, fewer tokens exist to expire.   
      
   If a user intentionally refuses to enter the password for long periods,   
   multiple tokens will expire without renewal. Eventually the device will   
   lose access to Apple services that require valid tokens. In some cases,   
   such as in two of my three iPads to date, the iOS device may require   
   reactivation which requires your government ID (which blows Apple's claim   
   to privacy out of the water like the military does drug runners).   
      
   Apple documents how the process works in the Activation Lock and device   
   activation support pages.   
       
       
      
   In summary:   
   1. iOS uses many independent authentication tokens.   
   2. Each token has its own expiration schedule.   
   3. Some tokens can be silently refreshed, some cannot.   
   4. When a token that cannot be silently refreshed expires, iOS asks for the   
      Apple ID password.   
   5. This happens even if the user never logged out.   
   6. Different users remember password entry differently, as for some   
      people it's a normal occurrence they don't bother to remember.   
   7. Yet different users see different behavior depending on which   
      services they use and whether silent refresh succeeds.   
   8. This behavior is documented by Apple and is normal for iOS.   
      
   This explanation does not depend on personal experience.   
   It is based on the documented design of Apple's authentication system.   
   --   
      
   [continued in next message]   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)