XPost: misc.phone.mobile.iphone
From: mariasophia@comprehension.com
Chris wrote:
> Maria Sophia wrote:
>> Tyrone wrote:
>>> Being an Androidiot, he knows NOTHING about security.
>>
>> Hi Tyrone,
>>
>> Happy New Year!
>>
>> Thank you for understanding that many of us have both Android & iOS
>> knowledge, but this technical thread isn't about Android; it's about
>> understanding WHY iOS asks for the passwd even when we're logged in.
>>
>> Here is my iPad from December 28th, 2025 where I opened it up around that
>> time to help someone on the newsgroup (maybe it was Ant on battery issues).
>>
>
> And you gave Ant wrong information.
Hi Chris,
Happy New Year!
I'll let Ant respond because you claimed the same thing about the help I
kindly and voluntarily gave to badgolferman as the help I gave to Ant.
I think my advice in both cases was 100% correct, but that should be
covered in the respective threads, as I am not responding to whataboutism.
>> All day, every day, iOS nags me to sign in even though I never logged out.
>
> It's clear this is unique to you.
Hi Chris,
Before you ever repeat that claim you need to understand the behavior I see
all day every day on iOS is easily reproducible by those who care to do so.
Why is this well-documented iOS action so easily provable to anyone?
October 27, 2023
December 11, 2023
May 20, 2024
August 3, 2024
December 8, 2024
December 10, 2024
December 16, 2024
December 19, 2024
April 8, 2025
April 17, 2025
September 2, 2025
October 31, 2025
January 7, 2026
(I have millions of these over time simply because it's how iOS works.)
1. The system design is deterministic
iOS uses a fixed set of authentication tokens with fixed expiration
schedules. These schedules do not depend on user opinion. They depend on
server side rules. When the user refuses to re authenticate, the same
sequence of failures will occur on any device tied to the same Apple ID
architecture.
2. Each service fails independently
Apple ID, iCloud, App Store, iMessage, FaceTime, Find My, and iCloud
Keychain all maintain separate authentication states.
These states expire on predictable schedules. When the user refuses
to refresh them, they fail in the same order on every device.
3. Token expiration is enforced by Apple servers
Token expiration is not random. It is enforced by Apple servers.
When a token reaches its lifetime limit, the server rejects it.
This behavior is consistent across all devices and all regions.
4. Activation Lock escalation is rule based
Activation Lock escalation is triggered when long lived ownership tokens
expire and cannot be refreshed. This is a server side rule. Any device
that reaches this state will be classified as unverified.
Activation Lock documentation:
5. The user behavior is the trigger
The failure mode requires a specific behavior pattern. The user must be
logged into everything, must refuse to re authenticate, must ignore
prompts for months or years, and must allow all token layers to expire.
If this behavior is repeated, the outcome will be the same.
6. The system cannot bypass its own trust model
iOS cannot refresh tokens without user authentication. It cannot skip
token layers. It cannot override server side expiration.
Because of this, the failure cascade is reproducible on any device.
>> Since it's pretty much assured you've seen this prompt also, I ask you:
>> Q: What do you make of the fact iOS constantly nags me for a passwd?
>> A: ?
>
> I can guarantee you this does not happen anywhere near daily. I probably
> see this about once a year on my ipad or my iphone. Both are used
> constantly.
>
> I know this because I don't know my AopleID password and have to look it up
> in my pw manager every time. If I had to do this daily I'd get passed off
> very, very quickly.
>
As to your point that most users never see this failure mode that I see,
all day, every day, I would heartily agree with you on that Chris.
I never disagree with anyone who poses a logically sensible viewpoint.
1. Most users enter the password when asked
The majority of users re enter the Apple ID password the first or second
time the system asks. This immediately refreshes all expired tokens. The
system returns to a stable state. Because of this, users never see the
long term failure cascade.
2. Short lived token failures are silent
Short lived tokens expire in hours or days, but iOS retries them
silently. These failures do not always trigger visible prompts.
Users never notice that these tokens expired.
3. Medium lived token failures are infrequent
Medium lived tokens expire in weeks. Most users re authenticate long
before these tokens fail. The system never reaches the point where
multiple services are failing at once.
4. Long lived token failures require months of refusal
Long lived tokens expire in months. Only a user who refuses to re
authenticate for months will see these failures. This is extremely rare.
5. Very long lived tokens require one to two years of refusal
Activation Lock ownership tokens and device to Apple ID binding tokens
expire on a one to two year schedule. Only a user who refuses to enter
the password for years will reach this state. This is why almost nobody
ever sees it.
6. Most users never stress test the system
The failure mode requires a specific behavior pattern. The user must be
logged into everything, must refuse to re authenticate, must ignore
prompts for years, and must allow all token layers to expire. Normal
users never do this.
>> This thread was opened so that we can all learn more about how iOS works by
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)
|
