Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Microsoft’s implementation is the worse. I sometimes have a hard time deciphering the captcha. Why do they need that in an iOS app? Are robots emulating people from an iPhone?



The iPhone app probably communicates to some servers over an API of some kind - there's no reason someone malicious couldn't pretend to be an iphone and communicate over the same API


and no reason someone malicious couldn't click-farm iPhones either.

https://gizmodo.com/thai-click-fraud-farm-busted-using-wall-...


Mechanical Turk style processing never ceases to amaze me.


Actually, now that is think about it, Microsoft apps could only require a captcha if the username trying to log in doesn’t match the user’s previous iCloud user token.

I’m thinking about how Overcast uses a token linked to the user’s iCloud account and doesn’t require a username and password if you only use iOS devices. You can optionally add a username and password to access the web client.


> Are robots emulating people from an iPhone?

Many of the more sophisticated ones prefer emulating mobile application requests to web requests, so yes.


User agent is quickly changed.


Doesn't iPhone have some sort of device attestation?


Can any iOS developers chime in? I know there has to be some type of server side validation to validate previous in app purchases. Could something similar tie a logged in iCloud user to an account?


In the browser?


The parent post was about using captcha in the app.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: