Apple loves to taunt the security of their iPhone and iOS, but that security may end where beta testing starts. Not only does this vital security flaw appear in the latest developer beta of iOS, which may’ve been a bit more understandable, but the in latest public beta of the software as well. If you have an iPhone, it’s more than likely that you use Safari, and its built-in password manager. In iOS 13 Developer Beta 3, and Public Beta 2, it’s possible to access your saved passwords without verifying your Face ID, Touch ID, or device password. In Settings → Passwords & Accounts, when you touch “Website & App Passwords,” you’re greeted with a login prompt. In stable versions of iOS, you must input your password or biometric identification before you can access passwords.
On the latest beta versions of iOS 13 though, if you repeatedly press “Website & App Passwords,” ignoring the prompt, you’ll bypass the verification and be able to browse passwords to your heart’s content.
Not to worry though, even if you’re running the latest beta software, these menus can only be accessed if the device is already unlocked. So, chances are no real harm can come out of this bug, but it’s still important to know about. Now maybe you’ll think twice about leaving your phone unlocked in public.
