Extremely low density of vending machines in the US. Now, Japan...
Because otherwise it would leak passwords to insecure sites, in plain text.
If they are using iPads with the latest version of iOS 8, they can just save the passwords using the keychain in safari with autofill (only works if a site is HTTPS, however)
it has no utility for anything other than payments. The use scenarios other devices use NFC for (because they can't be used for payments due to carrier interference) are better handled by better technologies, like Bluetooth LE.
Apple doesn't even have permission systems.
Apple doesn't have a permission system? Have you used iOS? It has an excellent on-demand permission system. An app wants both location, camera, and microphone access? But you don't want it to have location access? Deny it! Only want it to have microphone access sometimes? OK!
Incorrect. iOS always encrypts all data with a master key based of secret data in the CPU. If you choose a pin/passcode, it is salted.
Not really up on this, are you? or know how to use an iOS device, do you?
You can only hide it if it is not on your device therefore, it is not taking up any storage space.
Sadly, it does not automatically download. Even with automatic downloads on. It automatically appears in the list of purchases and automatically appears in iTunes in the Cloud (if you have that option enabled), but it didn't automatically download.
so choose not to add it to your playlists. Really simple. If it's not in a playing playlist, it won't play.
Just a note: iTunes does not store the credentials. In fact, iTunes doesn't need to interact with iCloud at all.
They are the new number stations!
So if you can't id a user by any characteristics of the phone either (like device id or phone#), how can you create an external unique key to id the user in case he reinstalls? i.e. you effectively can't build an app that references your external server to provide data to that app?
(obviously not an Apple dev here...)
Correct. You're not supposed to. If a user uninstalls an app, ALL data relevant to the app must be deleted, including any UUID. UUIDs are keyed to a specific app install. There should be no way to uniquely identify a user across installs.
Yup, good news from Microsoft about Quality App Stores that never reject clearly bogus apps.
Have one absolute trusted password and one absolute trusted service. Encrypt all your site-specific passwords in there. Let the service fill out the passwords for you.
Make sure the service uses a Web of Trust style encryption so even defeating the password for the service won't leak any other data.
It's a little weird since a lot of the phones that took the photos aren't running iOS and some of the folders have Dropbox-specific files.
Don't use the same password on multiple sites!