If your iPhone pops up a message demanding you configure some security settings, don’t panic. Apple confirmed Monday to Macworld that such prompts, requiring that you select and answer three security questions before grabbing apps (or even app updates) from the App Store, are indeed legitimate. The same security message appears in the desktop version of iTunes and seemingly applies to all purchases throughout the iTunes Store.
Twitter sparked with mentions of the security messages late last week, reaching an apex over the weekend. Numerous Macworld staffers encountered the messages in the past few days when going about their usual downloading.
Posting on Apple’s support forums, some Apple device owners have expressed concern over the questions themselves. Again, if prompted by the App Store, you need only select and answer three security questions—but some of them seem to skew a bit personal: the city where you experienced your first kiss, or your least favorite teacher.
Apple’s reasoning behind such questions is clear. The goal of such questions, which can be used to confirm your identity later should you need help with your account or to reset your password, is to be memorable enough that you won’t forget the answers, but esoteric enough that malfeasants on the Internet couldn’t guess at or discover your answers. (In cases where famous people like Sarah Palin or Paris Hilton have had their email accounts “hacked,” the intruders reportedly got access by providing the correct answers to easier-to-research security questions, like a mother’s maiden name or city of birth.)
So despite the seemingly personal nature of the questions, it's apparent that Apple's not genuinely interested in learning more about you; rather, the company simply wants to protect your Apple ID a bit better. Apple both transmits and stores your answers to such security questions securely—meaning no prying eyes in Cupertino could uncover the town in which you first smooched someone else.
In addition to providing answers to the three security questions, the App Store prompt also asks that you provide Apple with a separate email address, distinct from your Apple ID. Apple says that it will only use that address to help you resolve account issues.
While Apple isn’t saying so explicitly, the increased security measures are likely in response to ongoing attempts at breaking into others’ iTunes accounts, most notably the infamous Towson Hack.
There’s no way to force your iOS device to prompt you to add the additional security details. But it’s especially likely to appear if you’re downloading apps to a new iPad or iPhone, or purchasing multiple apps at once.