By John Gruber
Build web apps, iOS apps, and workflows with Retool.
Martin Peers, writing for The Information (paywalled, alas), “Apple’s New Savings Account Makes iPhones More Valuable — for Thieves”:
Whether this is smart for consumers depends on whether you’re comfortable having your life ruined if someone steals your iPhone. The Wall Street Journal recently published an excellent report about how iPhone thieves are draining people’s bank accounts. That’s a result of people storing credit cards on Apple Pay and very often keeping photos of sensitive personal documents — passports and drivers’ licenses, for example — on their phones. Some people even write down their passwords in the Notes app on the phone. When you stop to think about it, storing all this stuff on a phone does seem kind of crazy.
That Wall Street Journal report by Joanna Stern and Nicole Nguyen is indeed excellent (and I still intend to follow-up on it here, but still haven’t finished), but Peers makes it sound like all a thief needs to empty your bank account is your phone. What the Journal story made clear is that thieves need both your phone and your device passcode. That’s a big difference.
Is the threat serious if a thief obtains both your phone and your device passcode? Very. But so long as you’re protective of your passcode, you’re safe overall. Passwords protected in your keychain, or even in Notes, are safer than passwords written on paper. You’ve got to store them somewhere. Promulgating a message that it’s reckless to put any sensitive information in your phone, even using features that are designed to store that information securely, is terrible advice. There’s nothing crazy about it. It’s simply worth remembering, at all times, just how much your device passcode is protecting.
And the new interest-paying savings accounts are just an alternative to having your Apple Card cash-back go to your Apple Cash account — which pays no interest. So if Peers has successfully spooked any Information readers from signing up for these savings accounts, all he’s succeeded in doing is keeping them from earning interest. There’s zero difference in security. It’s news for Luddites.
This isn’t solely Apple’s doing, of course. Most banks and the like now have phone apps, all of which make people vulnerable. But Apple has encouraged it, going so far as to allow people to store their drivers’ licenses on their iPhones and to unlock their front doors with their iPhones. And now there’s this savings account — iPhone thieves must be rubbing their hands in anticipation.
It’s a little hard to square Apple’s moves in this direction with Apple CEO Tim Cook’s evangelism regarding privacy and tech, not to mention his warnings about the dangers of people using technology too much. [...] Could it be Cook is only concerned about data security and privacy when it comes to social media, a business run by other companies?
This is just looking to piss on Apple no matter what the story. A digital state ID stored in Apple Wallet is more secure than a printed card stored in your physical wallet. If one thief takes my iPhone, and another takes my wallet and keys, the first thief needs my device passcode to get anything. The second thief instantly knows everything that’s printed on my driver’s license and credit cards — including the address of my home, where the keys will unlock the doors. The digitization of banking does carry risks, but the pre-digital world of banking revolved around paper checks and signatures.
There’s nothing hard to square about Apple’s initiative in this regard at all. I’ll bet Tim Cook
has his driver’s license in Apple Wallet — and I practically guarantee that he has his credit cards in Apple Wallet. Apple Wallet really is more secure that a physical wallet and cards. And the new savings accounts simply offer Apple Card customers a way to earn interest on cash accounts that heretofore did not pay any interest at all. There’s nothing to be cynical about with this.
[Update: California isn’t on the very short list of states that currently support IDs in Apple Wallet — it’s still just Arizona, Colorado, and Maryland. But my point stands: I’d wager good money that as soon as California does support it, Tim Cook will put his ID in Wallet.
Also, because these savings accounts pay industry-leading interest rates, it’s certain that many people will transfer more money into them than they would with regular Apple Cash accounts, which means more money is at risk if a thief obtains their phone and device passcode.]
★ Tuesday, 18 April 2023