1. 6
  1.  

  2. 3

    I’m not sure I get the threat posed by an app that presents a fake apple pay button on screen. You push the button. So what? What happens next?

    There are several other things a malicious app can do with fake UI (asking for a password is one), but I don’t see the threat posed by an ok button. The app could fake not just the button, but the tap as well if it wanted.

    1. 1

      I think it’s not a fake apple pay button, a bad app could create a fake “Do you want to?” button that maliciously maps your OK press onto a hidden Apple pay button. You are charged and don’t know it.

      1. 2

        But apps can’t hide the Apple Pay dialog. It’s always on top.

    2. 1

      I just realized this the Apple-elegant version of control-alt-delete! (And given the ridiculous placement of volume-up and power buttons, nearly as awkward.)