Help Wizard

Step 1


Urgent security issue with Spotify for iOS: Spotify prevents auto-locking of device

Urgent security issue with Spotify for iOS: Spotify prevents auto-locking of device






iPhone 8 / iPad Air 3

Operating System

iOS 12.2 / iOS 12.2


My Question or Issue

So, all of us iOS users have had an ongoing security problem with Spotify. This security issue has been going on for years, but Spotify hasn't fixed this issue yet. Apple Music does not have this same issue, but Spotify does.


All iOS devices have the ability to auto-lock the display (which auto-locks the device) after a certain amount of idle time. You can find this setting in iOS's Settings > Display & Brightness > Auto-Lock.


This feature was specifically added into iOS to prevent strangers from gaining access to our valuable data on our iOS device, if we forget to manually lock our iOS device.


So, for example, if your iPhone or iPad is idle for 30 seconds or 1 minute or whatever you set it to, the iPhone/iPad will automatically lock itself with this setting.


This setting is absolutely critical to the security of iOS devices.


However, Spotify ignores this auto-lock setting.


What this means is that if you start playing music in Spotify, your iPhone or your iPad will NEVER automatically sleep/lock on its own. You have to MANUALLY remember to MANUALLY sleep/lock your iOS device.


But, of course, most people forget to do this — so we will walk back to our iPhone or our iPad after an hour of playing music, and we will be shocked that our device is still wide awake with complete access to all of our apps.


This is a gigantic security hole. This is possibly the greatest security hole that anyone could have on their iOS device. There are no other apps that we know of that prevent sleep/lock from happening. Spotify is the only app where this problem exists.


It looks like some user on Reddit discovered that Spotify has enabled, coding side, the isIdleTimerDisabled command in order to avoid sleep/lock mode when songs are playing or syncing.


This was an absolutely terrible decision by the Spotify engineers to enable this command.


Can Spotify please fix this security hole ASAP? All the Spotify engineers need to do is remove that one line of code.


Thank you for our extremely prompt attention to this urgent security matter.

1 Reply

Hey @scotty321, welcome to the Community.

Hope you're doing great!


This issue seems to be under investigation.

Please add your +VOTE and details in that thread.

Thanks 🙂

Suggested posts