There’s a reason we have beta versions of software: all the kinks need to be worked out. This is also why using beta versions always come with warnings and disclaimers that you’re using the software at your own risk.
Users of the iOS 13 beta have discovered that there’s a bug that makes it easy to access the data in “Website & App Passwords” in the Settings app. Certainly, this is something Apple needs to get fixed before the official release, expected for September.
iOS 13 Security Bug
iOS 13 has many great new features, such as the long-anticipated dark mode in apps and sliding keyboard. I’m always an early adopter of iOS public betas, and both iOS 13 and the new iPadiOS 13 are definitely fun to use.
However, the bugs are never a fun thing to deal with, but it’s something that comes with the territory. But this iOS 13 bug, that it can expose your stored passwords, is a particularly frightening bug. And if you haven’t tried iOS 13 yet, I wouldn’t do it until that’s worked out.
This flaw in iOS 13 makes it easy for anyone to bypass the biometric authentication in Settings to access the passwords that you have saved in the iCloud Keychain.
If a user keeps tapping the “Website & App Passwords” menu on your iPhone, it will eventually allow them to see your stored passwords and logins, even if they have not authenticated their identity.
This beta bug was found in the developer beta 3 of iOS 13 that was released at the beginning of the month. I am using the second public beta that was released a few days later, and I can’t get my iPhone to replicate the bug. I cannot get into the passwords on my iPhone 7 unless I use the Touch ID, no matter how many times I repeatedly tap it and no matter how many times I hit cancel and try tapping it again.
Likewise, I can’t get it to replicate on my iPad Pro 2018 using the second public beta of iPadiOS 13, either.
This means either this security flaw is only in developer beta 3 or that it was fixed before they released public beta 2.
It should be noted that regardless of which beta version you are using, anyone who picks up your phone would not be able to even access the stored passwords in Settings as they would not be able to get past the biometric login to your device. You would have to leave it lying around accessed. My devices by default lock after a few minutes of inactivity. So you would have to have it lying around and would have to have the that autolock disabled.
Again, this is why we have betas, whether developer or public, so that these bugs, especially important ones that deal with privacy and security, can be discovered and fixed before software is officially released.
But while this software could potentially reveal all your passwords, the likelihood that your device is lying around accessed to begin with isn’t very likely, and I could not replicate the bug in iOS 13 public beta 2.
Nonetheless, it’s an important bug to be aware of if you are considering downloading a beta version of iOS 13. You want to be sure you’re using a version that eliminates all possibility this could happen.
Have you downloaded the beta version of iOS 13? Will this security flaw prevent your from doing so? Add your thoughts to our comments section below.