How iOS 16 bypasses CAPTCHA on iPhone

iOS 16 lets you say goodbye to most CAPTCHA! The new option allows iPhone users to prove they are not robots without answering a questionnaire.

The new feature of updating iOS 16 was noticed by Internet users of the social network Reddit. This option allows iPhone users to bypass the famous CAPTCHAwhich slow down internet search.

We remind you, CAPTCHA (“ A fully automated public Turing test that distinguishes between computers and humans ”) Allow a website or application ensure that the visitor is human and not a computer bot. The process requires the identification of certain elements in a set of everyday images, such as traffic lights, stairs, cars, bicycles or boats.

Sometimes you need to recognize a set of letters instead. This task is basic for a human being, but not for most computer programs. This challenge-response is one of the famous ones Turing test that distinguish people from computers. These days most websites use it to protect against malware.

iOS 16 displays websites that you are not a robot

Apple uses it to allow iPhones to skip this verification process “private access token”. The Cupertino giant described in detail how this option works at WWDC 2022, the annual conference dedicated to developers. On its website, Apple states for application developers:

“Private access tokens are a powerful alternative that helps you identify HTTP requests from legitimate devices and people without compromising their identity or personal information. We’ll show you how your app and server can take advantage of this tool to add confidence to your online transactions and preserve your privacy. “.

In particular, iOS 16 relies on iCloud to verify that certificates are stored on your iPhone and the associated Apple ID is OK. If so, the operating system will appear private access token. With this token, the website server will be notified “the client could have passed the attestation verification”. Clearly, Apple acts as a third party of trust between Internet users and the website.

Not surprisingly, Apple’s system emphasizes privacy. As Apple points out, “Servers that receive tokens can only verify that they are valid, but cannot reveal the identity of clients or identify clients over time”. The whole process is encrypted. There is no information about your smartphone, your account or your browsing history filters.

Read also: iOS 16 will allow you to create a 3D plan of your interior by scanning it with your iPhone

How to bypass CAPTCHA on iOS 16

© 01Net

If you have iOS 16 beta installed on your iPhone, feature Automatic verification » is enabled by default. Note that this feature is also integrated into the macOS Ventura and iPadOS 16 updates. We explain how to access it on your iPhone:

  • Open the application Settings
  • Press your Apple ID (top of screen)
  • Come in Password and security
  • Check the box Automatic validation at the bottom of the interface

Popular services like Fastly and Cloudflare they have already pledged to support the workaround option developed by Apple. Both companies will automatically implement private tokens on all of their clients ’websites. Millions of applications and websites will support this new feature. In a blog post, Cloudflare also explains to all visitors “Using an iOS or macOS device will automatically start seeing fewer CAPTCHAs after upgrading their operating system.”

The companies are therefore ready for mass implementation of iOS 16, macOS Ventura and iPadOS 16. For the record, Apple will implement final version of the update during the following fall.

Fastly and Cloudflare reveal it Google has also worked on the Privacy Pass protocolon which Apple’s private tokens are based. “We’ve worked with our friends at Apple, Cloudflare and Google to develop and standardize technology behind private access tokens.” says Fastly.

De facto, we can hope that the iteration of functionality will end its input to Android or other Google solutions in the years to come. For now, the protocol is already available on Chrome as an extension. Unfortunately, user feedback suggests that the extension is still not there.



Leave a Comment