> I'm not a lawyer and don't fancy being the test case for whether entering your PIN on a third-party website/app counts as "knowingly providing" it.

I guess I'm assuming that you would design the iOS app to collect and store the PIN number on the device, and never ever share it, since (if I read the post correctly) that's all you'd need to get to basic auth. I take your point that that might still be considered "sharing with a third party" but honestly I suspect that (a) they wouldn't notice for a long long time and (b) they would typically start by sending a c&d, not hiring a team top-notch lawyers and going straight to court unless you're really wealthy and there's some prize to be had for all of those legal fees.