[ctviggen]

do I have to enter in my Apple ID and password when I'm downloading an update to an application I've already installed on my iPad?????  Does this make sense to anyone?  It's a FREE update. 

This is one of the many reasons the iPad and Apple drive me batty.

[Pez]

yes it does make sense. Pretty much every computer OS in the world requires you to approve any upgrade to your system with a similar setup.

[Brandon B]

Yeah, but it's asking him for his itunes password to download an upgrade to an ipad app, not his mac user account password.

It is likley just to maintain consistency across anything downloaded across from the itunes store.  The security framework won't have holes to be exploited if there is no means to do so without authorized access.

[John151]

Microsoft is the new IBM, Apple is the new Microsoft.  The more things change, the more they stay the same. 

[Pez]

I'm sorry, but that's pretty much the most off base analysis I have ever heard. 1st Apple is what it is today precisely because it is not like Microsoft. 2nd Microsoft bares no resemblance to IBM. IBM is a enterprise focused company with it's hands in very few pots, but does extraordinarily well in the niche they are in. Microsoft has it's hands in everything and for the most part is playing catch up to more nimble tech companies who aren't allowing themselves to be stifled by legacy software and products.

As far as the security thing, that's just common sense. If you allow for automatic updates without user approval you open the flood gates to viruses and exploitations of other varieties. Just look at the crap that is going on with Android handsets. Something like 75%+ of all exploits on handhelds are happening on Android phones. Apple is basically 0%. Think about that next time you complain about your password.

[JDUBS]

Agreed...its super annoying.  I'm fine agreeing to the update, but having to enter your ID and password is bothersome.  I also have a Windows 7 box and updates don't require any sort of password.

-Jim

[skunark]

Your security settings are set low then.  Set it to high and it will be as if not more annoying compared to a Mac.   Even with Linux you have to enter in a password or be root to do updates if security is at the defaults. 

Another reason why the require a password is for in-app purchases that has annoyed parents with lofty bills   Apple to date has treated paid and free apps the same.     

[wilsynet]

You have to enter your credentials to prove your identity to Apple so they can determine whether they should bill you or not.

If you didn't need to prove your identity, why couldn't anyone claim that an application is an update for an already paid application?

[JDUBS]

You have to enter your credentials to prove your identity to Apple so they can determine whether they should bill you or not.

If you didn't need to prove your identity, why couldn't anyone claim that an application is an update for an already paid application?

I don't get this.  They are sending the app update to MY iphone, for which they already have the phone number (and possibly other identifying info) for.  Why would they need other info to validate?

-Jim

[Mike Nomad]

I don't get this.  They are sending the app update to MY iphone, for which they already have the phone number (and possibly other identifying info) for.  Why would they need other info to validate?

-Jim

skunark has it correct, "Apple to date has treated paid and free apps the same."

Taking Apple's... inflexibility a step further, you are asked to authenticate via your iTunes account, because you are downloading something from iTunes. It doesn't matter if the download is free or not. It doesn't matter if the download is an update or not. All variations of a transaction are treated the same on the front end. Which is why, on the back end, you will get an e-invoice for $0.00 when downloading a free app. I can't remember if there is an invoice for an update.

[wilsynet]

I don't get this.  They are sending the app update to MY iphone, for which they already have the phone number (and possibly other identifying info) for.  Why would they need other info to validate?

It would be trivial to present a phone number to the App Store that is not your actual phone number.  So this ostensibly simple approach is not feasible.

Not to say that it couldn't be better, but having worked on computer security for a few years now, I have to say that Apple's approach here (while being somewhat unsophisticated and perhaps even a pain to use) is a reasonable one.  There are many quite sophisticated ways to do better, but they have their own drawbacks too.

Couldn't Apple just leave me authorized for a few days or a few weeks rather than making me enter my credentials as often as I seem to need to?  I'd go with an argument like that.