Janky Apple ID Security

rjzzleep · 2024-04-27T11:58:36

One thing I noticed actually that I didn't notice in the other thread is that a few days ago, I saw "a new device has been added to Facetime". I didn't know what it was and whether it was my device or not, so I just removed it from the list immediately. A few days later I noticed the same behaviour everyone else had, i.e. that my apple id was logged out.

So when I logged back in there was no particular issue, I wonder if there is a correlation between the two. It makes me wonder if something on Apples side has been compromised.

reply

drexlspivey · 2024-04-27T12:50:20

This happens when some device is being offline for a while (30+ days?) and goes online again

EasyMark · 2024-04-27T17:22:22

Yep happened to me, I have two iphones, one is on a cheap phone provider and I justhave it for when I need a second phone for whatever. I fired it up the other day and got one of these messages.

can16358p · 2024-04-27T13:07:27

It actually happens if a device has been offline for about 3 days for me.

Someone1234 · 2024-04-27T13:20:26

I've had it happen recently after installing software updates.

ChrisMarshallNY · 2024-04-27T11:55:38

> but the sheet was broken

Apple's Web services have been a shitshow, for many years. I suspect that several iOS screens are little more than WebViews into their Web services.

It's worst, on the backend, in things like App Store Connect, or Developer Center.

Ironically, they tend to work better on Chrome, than on Safari, and my workflow for encountering issues, is to reopen the page in Chrome.

reply

rcarmo · 2024-04-27T12:24:38

Nope, they don't really rely on WebViews unless you're in Safari. They do have an extensive API surface, and a lot of Swift stuff consumes it directly.

ChrisMarshallNY · 2024-04-27T12:36:54

I know that most of the infrastructure apps in all Apple operating systems, nowadays, are SwiftUI, so it makes sense that they aren’t WebViews. SwiftUI has a definite UX “flavor.”

I’m not thrilled with some of the choices they made, irt information architecture, and basic UX, but they are consistent.

reply

heyoni · 2024-04-27T12:50:24

Except isn’t the settings pane on Mac OS using react or something? I know it feels different and I kind of hate it.

concinds · 2024-04-27T12:51:49

Only the iCloud panel is

heyoni · 2024-04-27T12:56:49

Yea that’s what I figured. The one that pulls data from the web with every click. It just bugs me when a view will sometimes render absolutely nothing, sometimes while checking subscriptions, other times in the middle of a flow like adding hardware keys. UI’s that fail to produce feedback need to disappear.

axlee · 2024-04-27T12:26:57

Really? The "Apple ID" (and subscriptions) section in the settings in so janky and doesnt feel native at all.

rcarmo · 2024-04-27T12:31:47

Are you talking about the Mac or iOS?

chrisjj · 2024-04-27T11:20:59

> I went to Settings ‣ Privacy & Security ‣ Location Services ‣ System Services ‣ Significant Locations to check, and for some reason the only location in the list was the grocery store that I go to once every two weeks.

This is the most worrying aspect of the messup. Locking out the owner is scary. Admitting a thief is terrifying.

reply

cjk2 · 2024-04-27T11:06:08

Reading various forum and social media posts, this seems to be limited to @me.com and @mac.com addresses. Anyone seen anything else outside of that?

Smells like credential stuffing attack to me at the moment which has triggered some rather vicious account protection measures.

reply

eksu · 2024-04-27T16:06:38

I had this issue with my third party email provider as username for account, others are reporting iCloud.

cjk2 · 2024-04-27T16:30:15

Thanks for confirming.

someonehere · 2024-04-27T13:22:09

I have me and Mac and haven’t seen this issue.

user_7832 · 2024-04-27T12:51:33

Slightly tangential but I'd sometimes wish for a 3rd party option for such accounts. You can have a gmail, an icloud mail or your own email domain as email is a (well?) defined standard. Why can't I do the same with my iPhone? Back up my device to my own NAS instead of iCloud. Having such a standard would force accountability - not that I consider Apple's security poor, but rather that it could be better.

nikolajan · 2024-04-27T11:51:47

Super strange, I'm seeing the exact same thing, the only significant location is a grocery store that I semi-frequent.

lapcat · 2024-04-27T10:35:53

See also: Apple users are being locked out of their Apple IDs with no explanation https://news.ycombinator.com/item?id=40177617

time0ut · 2024-04-27T11:43:36

I just checked my significant locations and all it has is my home. I guess that’s lucky. It usually also has my office where I spend quite a bit of time. Hopefully they recover from whatever outage is going on.

jedisct1 · 2024-04-27T14:22:21

This is apparently only affecting people with `me.com` and `mac.com` accounts.

So, that sounds just like a bug after a migration of these services to some new APIs.

reply

mmcnl · 2024-04-27T16:18:53

No, I'm not using those accounts and I got locked out too.

eksu · 2024-04-27T16:06:57

This is not true.

janandonly · 2024-04-27T11:56:53

Could a (nation state?) hacker group be attacking Apple?

Maybe this is not their fault at all but the result of some others pressure on certain (undocumented?) API’s or some such thing?

reply

dewey · 2024-04-27T12:01:53

> Maybe this is not their fault at all but the result of some others pressure on certain (undocumented?) API’s or some such thing?

Both things can be true at the same time.

reply