XPost: misc.phone.mobile.iphone   
   From: nuh-uh@nope.com   
      
   On 2026-01-10 11:39, Maria Sophia wrote:   
   > hh wrote:   
   >> I do recall a period around five years ago where there was some sort of   
   >> issue with iCloud, such that users were being prompted 'frequently' for   
   >> passwords on their devices.   
   >>   
   >> T'was weird & irritating, but also quite obviously an isolated incident.   
   >>   
   >> Fast-forward to today, I don't recall having to enter my iCloud password   
   >> on any device for at least all of last year (2025)...its just not one of   
   >> the things that I bother to that explicitly track...but I did find a   
   >> notation that I used it while setting up a new device in January 2024.   
   >   
   >   
   > Hi -hh,   
   >   
   > Thanks for sharing your experience so we all benefit from each other.   
   >   
   > The goal of this thread is to better understand how iOS actually behaves   
   > with respect to reauthentication, since Apple is the only common consumer   
   > operating system vendor whose devices will eventually be 'bricked' by the   
   > mother ship (i.e., activation lock) even when the user never signed out.   
      
   The goal of any thread you start is to feed your narcissism.   
      
   >   
   > Ask me how I know this.    
   >   
   > My test iPad was set up normally, logged into my Apple ID once, and   
   > used for a while to exercise services. After that point I refused all   
   > password prompts. The device stayed online, contacted Apple servers   
   > whenever it wanted, and I never entered the password again. The prompts   
   > became more nagging over time, to the point that it would refuse to go away   
   > even after a half dozen cancels. After about two years Apple unilaterally   
   > 'bricked' my iPad (i.e., activation lock). It happened for two iPads and   
   > I'm on the third iPad test as we speak as I use them to test iOS.   
      
   Riiiiiiiight. This "test iPad" has been used like that exclusively since   
   2022, has it?   
      
   >   
   > My goal is to understand how the iOS device really works.   
   >   
   > The reason your experience may differ from others is that iOS does not use   
   > a single token. It uses multiple independent tokens with different   
   > expiration rules. Apple does not publish the timers, but the behavior is   
   > known from developer documentation and observation.   
   >   
   > 1. When you sign into an Apple ID, the device receives several token   
   >     types. Examples include iCloud service tokens, App Store tokens,   
   >     iMessage and FaceTime registration tokens, Find My association   
   >     tokens, and device based authentication tokens for iCloud Keychain   
   >     and other services.   
   >   
   > 2. These tokens do not expire at the same time. Some expire in hours,   
   >     some in days, some in months. Some refresh silently when the device   
   >     can reach Apple servers. Others require the user to enter the Apple   
   >     ID password.   
   >   
   > 3. If you refuse to enter the password long enough, eventually one of   
   >     the critical tokens expires and cannot be silently refreshed. At   
   >     that point the device demands the password. If you continue to   
   >     refuse, the device eventually loses the ability to prove to Apple   
   >     that it is still authorized to be associated with the Apple ID.   
      
   You've never presented any evidence that this is true.   
      
   When you lose access to the Apple ACCOUNT (can you not get correct basic   
   details like the fact that it hasn't been called an "AppleID" since   
   September of 2024?) then in order for Apple to unlock a device tied to   
   that account, you'll be required to prove that you are, in FACT, the   
   person who owns that Apple Account.   
      
   >   
   > 4. When the device can no longer prove that association, it will enter   
   >     activation lock on the next reboot or major system event. This is   
   >     what happened to my test iPad. I never signed out, but the device   
   >     no longer had a valid token to prove its status.   
   >   
   > 5. This also explains why you may not see prompts. If your devices   
   >     refresh tokens during App Store use, iCloud sync, or other normal   
   >     activity, the timers never expire. That prevents the cascade that   
   >     leads to activation lock.   
   >   
   > What's weird is even if you do nothing at all, iOS still contacts Apple   
   > servers. This happens because several internal system events force   
   > background check ins that are not visible to the user.   
   >   
   > a. Time and certificate validation events. iOS periodically validates   
   >     system time, certificate trust anchors, and security policies.   
   >   
   >     When a certificate nears expiration or a trust list changes,   
   >     the device contacts Apple mothership tracking mainframes.   
   >   
   > b. Push notification channel maintenance.   
   >     Apple Push Notification services (APNs) requires periodic   
   >     keepalive traffic. APNs uses a persistent TLS connection from   
   >     the device to Apple servers. This connection is created by iOS   
   >     itself, not by the carrier.   
   >   
   >     When the connection drops or rotates, the device   
   >     reconnects automatically. The device maintains this connection by   
   >     sending periodic keepalive packets.   
   >   
   >     These packets go over the Internet, not through any carrier   
   >     specific signaling channel   
   >   
   > c. Find My device state checks. The Find My association token is   
   >     validated in the background even if you never open any app.   
   >   
   > d. iCloud account validity checks. The system performs periodic   
   >     account checks regardless of user activity.   
   >   
   > e. Keybag and escrow service checks. Devices that have ever used   
   >     iCloud Keychain perform periodic escrow and keybag validation.   
   >   
   > f. Backend policy changes. When Apple rotates signing keys or updates   
   >     backend policy, the device contacts Apple the next time it wakes or   
   >     enters a background refresh window.   
   >   
   > g. Network transitions. Reconnecting to WiFi, waking from sleep, or   
   >     recovering from network loss often triggers background contact.   
   >   
   > These events occur even when the user does nothing but leave the   
   > device powered on and connected to the Internet. Because of this, the   
   > device notices token expiration quickly. If a critical token expires   
   > and cannot be refreshed without the password, the device starts   
   > prompting. If the user continues to refuse, activation lock follows.   
   >   
   > The key point is that activation lock is not triggered by signing out.   
   > It is triggered when the device can no longer prove to Apple that it   
   > is still authorized to be associated with the Apple ID.   
   >   
   > No other common consumer operating system does what iOS does.   
   > That's why it's important for all of us to understand how it works.   
      
   The key point is that no one believes your bullshit.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)