About Stolen Device Protection for iPhone(support.apple.com) |
About Stolen Device Protection for iPhone(support.apple.com) |
I had to hand my phone over to a third party repairer. This would mean they needed to know my passcode so I wanted to lock down the phone to allow them to perform whatever diagnostic steps they might need but to restrict access to the wallet and iCloud keychain.
The first part was actually quite simple using a separate screen time passcode to restrict all apps bar the camera and any that they needed. The frustrating part was that the settings app itself cannot be blocked by screentime (I guess as thats where you configure the restrictions) and as iCloud keychain passwords are accessed from settings there was no way to block access to them.
With this update I could (somewhat) safely supply my passcode while being relatively confident that my keychain passwords were not viewed.
Also consider evil maid, or other kinds of backdoors (like jailbreaks).
I know Apple will never ask for your passcode but in the case of a repair shop that promises 15 minute service it’s kinda necessary unless you want it to take far longer and annoy them.
Ultimately with it locked down with screentime the only personal data I had an issue with was iCloud Keychain. Honestly I don’t know why Apple lets children access the full settings anyway. It would be trivial to add a screen time restriction for all features of settings except the screentime pane.
I didn't want to fully restore the phone for just a couple of days, so just set it up with a temporary passcode and signed in to an Apple ID I normally do not use [1], so that I could use it for that couple of days without things asking me to sign in.
After the battery replacement I then wiped it and restored from a backup under my normal Apple ID.
This mostly worked, except it messed up my Longest Move Streak with my Apple Watch. I'm not sure if this was just due to the wiping the phone part, or the having the phone on a different Apple ID than the watch for a couple days, or something else.
What the Fitness app tells me about the streak now is just weird.
The streak started on 2019-05-07 and I've not missed a day since then. The battery replacement was on 2022-12-21.
When I checked the streak in Fitness on 2023-02-04 it told me that:
My longest streak was 39 days ending 2023-02-03
My current streak was 1368 days
17 days later, 2023-02-21, it was reporting:
My longest streak was 41 days ending on 2023-02-20
My current streak was 1385 days
A few months later, 2023-09-23, it was:
My longest streak was 37 days ending on 2023-09-23
My current streak was 1600 days
My longest streak was 1710 days ending on 2024-01-11
My current streak is 1720 days
[1] I've got two Apple IDs because originally you couldn't use the same account for iTunes and their cloud service, and so everyone who wanted to use both had to have two accounts. Later they made it so one account could use both.
1Password at least uses a different password and isn’t unlockable with passcode alone
A _lot_ of apps did and still do fall back to iOS passcode authentication when biometry fails. It does seem like more developers are disabling this, however.
(I realise this means I can still get into my phone, just that I might not be able to access certain features - e.g. change passwords - if I'm not at one of my usual locations).
> When your iPhone is in a familiar location, these additional steps are not required, and you can use your device passcode like usual. Familiar locations typically include your home, work, and certain other locations where you regularly use your iPhone.
The hope would thus be that although someone could walk into your workplace and steal your phone off your desk, they would be much less likely to have been able to watch you enter your passcode first.
[1]: https://www.wsj.com/articles/apple-iphone-security-theft-pas...
But I wouldn't know how to determine if the instructions I was seeing were incomplete, or outdated. Is there a trusted, frequently-updated site that we can easily remember and plug into our friends' phone if and when this terrible thing happens to us?
I may be missing something. But if not it seems like Apple is now incentivizing a scenario where thieves will physically go to the location of their victims homes in order to circumvent some of these measures.
I doubt the thieves would physically travel to his home for the phone, but I suspect that this will lead to blackmailing scenarios where the thieves exfil risqué or compromising content and threaten to send it to sensitive contacts if you don't unlock the phone the next day.
In a quite resourceful way (social engineering, process and system exploits) these criminal organizations will jump all the hoops (2FA, Face Recognition) and manage to access most of those apps.
I went to settings and could not find the option to enable this, but it turns out I was still on 17.2
I wish it were possible to designate an app to require FaceID or both my device password and my Apple ID password (or some other second authentication). Does this new updates fix this issue entirely? I feel like not because until I mark the phone stolen it doesn’t know to lock the holder of the phone out of my apps using just my device password.
Awhile ago, I added the "Find My Device" site to my bookmarks and I'd tested it out a few times. So I started there. And I also used Google Voice to place a voice call, so when it didn't ring in my home, I knew it wasn't here.
The Waymo passenger answered and there was much giggling. She kept saying she didn't know what to do. I said just leave it in the car.
So, knowing it was out of my control, I sent the remote wipe command, and hoped for the best. It turned out, the passenger also used the "Emergency Call" to send a text to my emergency contact. She offered to leave the phone in a pharmacy across town! I don't know how that would've helped.
Anyway, I did recover the phone at the Waymo Depot. It had obeyed the remote-wipe command and it was factory reset, with a full battery. It actually came out better-than-new, as the subsequent updates applied a few nice features.
Well for one, the pharmacy isn't moving.
If I had been the one to find your phone, I probably would have told you to suggest some other drop off place I can take it to that isn't too far out of my way, and if you could not or would not I would have probably taken it to a police station.
I would not leave it in the Waymo, even if that is what you wanted, because I have no guarantee that some other Waymo passenger after me will find it and steal it before you can get it back from Waymo. That could leave me as the last person known to have been in possession of the phone. I have no interest in becoming a suspect in the theft of your phone.
I don't believe so, or at least where I am from. This 'only' provides additional protection against cases where thieves know your device passcode. I've had my phone stolen from me twice where they couldn't have known my passcode and couldn't remove it from Find My, and it was never seen again.
The other issue could probably be resolved with more aggressive part ID checking. iPhones should just refuse to function if they have a part from a stolen phone.
At the end of the day, you still don't have the phone whether the thief profits from it or not. All this will do is prevent criminals up to date with this info to not try to resell it. It does not prevent them from taking/destroying it.
It's an attempt to resolve the fairly widespread iPhone / iCloud social engineering takeover attacks that were documented in great detail by Joanna Stern last year:
https://www.wsj.com/articles/apple-iphone-security-theft-pas...
https://www.wsj.com/video/series/joanna-stern-personal-techn...
If you think in the systems of how criminals work, they tend to spend more time stealing things they think will pay off. Taking something that will cost them time and not gain them money will over time bias thieves to not taking iphones.
For example it may prevent this
a) iphone is left on a table in the open.
but would not prevent
b) iphone is in a bag, bag gets stolen.
What prevents "I stole your phone just to cause chaos" is the risk/reward profile. Even though your phone is useless to someone that stole it, it's still theft, and you'll still have to face consequences if caught. If the incentive is "I'll be able to buy $1200 worth of shit", then people are probably going to take their chances with getting caught. If it's "I'll get nothing except the satisfaction of smashing someone else's electronics", then most people won't take their chances.
With the whole "knowing your passcode doesn't help" situation, it makes the long tail crimes even more difficult. "Tell me your passcode or I'll shoot you" no longer works, for example. It makes the crime significantly more difficult to commit, and requires committing crimes that carry significantly longer sentences. (Armed robbery turns into kidnapping. You could be looking at the rest of your life in prison for $300 in someone's checking account. Not worth it to most people.)
At the end of the day, there is only so much you can do. The rest is your insurance company's problem. The fewer viable attacks there are against you, and the less often they happen, the less your premiums are. (I actually don't know if there is insurance for this. I should check.)
I care a lot about some low life scumbag not profiting from it. Anything that discourages theft is great.
Emphasis mine.
It seems like you have a lot of reasonable questions and concerns about the efficacy of this measure, but Apple have done a pretty good job of addressing them and explaining their rationale in the first few paragraphs of the documentation.
But generally I don’t think it’s plausible for a mass market device to counter every kind of threat, or every iteration of a more specific kind of threat.
In a workplace or home theft scenario, there are _presumably_ better ways of identifying a thief than at, say, a random bar.
My beef with this feature is that my Significant Locations haven’t been accurate for over a month, so my home location isn’t “trusted”.
They just got themselves an unlocked phone.
I assume this protects, somewhat, against this by the fact that were the thieves to try and change anything, there's another step of verification necessary than there was before.
And I think it was very clever of Apple to leverage the device location as an ad hoc "2FA". "Something you know, some place you are."
> You might want to change your password for other accounts, too.
Personally I would trust iOS security enough to not be too worried. Especially if I can issue a remote wipe in a timely manner. As long as the phone isn't swiped out of my hand while unlocked, I'm doubtful the average thief will be able to get past the lock screen. (Though I'm also assuming the thief doesn't have my passcode)
With that said, this will definitely make it more difficult and less profitable per unit of effort.
Edit: @google234123 +1 to that!
Once a thief has stolen his 10th iPhone that he can't do anything with, he'll probably be less likely to bother stealing iPhones. If anything it's a liability since it can be tracked as long as it still has some battery.
Theft isn't just for the whole device, it's also for parts. By making the part market so difficult they essentially create a black market for it in third world countries where just the phone's battery could be worth a day's wages.
For phones which are in a case/cover, inside bags etc., it seems almost impossible so am unsure that this is an effective deterrent.
Can you now envision a conversation between this passenger and the pharmacy clerk:
"I found this phone in some car"
"What do you want me to do about it?"
"Hold on to it until some guy I don't know comes to claim it?"
"We don't want this personal property! Go away!"
[Waymo car is gone now]
[Passenger absconds with phone or throws it away]
[Owner is no longer able to track or retrieve phone]
And it's not that crazy to leave lost property with a nearby business (presumably a trusted one)- sure they could say no but then you could just find another way to return the device.
Also why would you not be able to track it any more if they left it at the pharmacy, it's not like the Find My Device feature only works in Waymos. I guess you just mean due to the sequencing of wiping before noticing the text message?
Tell me more about how I somehow gave consent to that. Also, tell me more about how a stranger holding a random found device authenticates a caller as the owner of said device.
> I would say that moving the phone from the place I left it would promote it from "lost" to "stolen".
A really key element here is that they offered to help you out by leaving it there for you, so I don't see how "stolen" would come in to it...
"I found this phone."
"Ok." takes it
You go in later "I lost my phone, do you have it here?" and they hand it to you. For particularly fastidious store clerks they may ask you to describe it before handing it over. And you likely have to wait while whoever you ask asks all the other employees if they found a phone.
It's not clear to me that letting the phone just sort of drift through the ether toward the Waymo Depot while who knows how many other passengers use the car is any better than putting the phone at some other fixed location behind at least some cursory level of security.
A day's wage in Colombia is about $10-15 and people tend to preference and pay more for original parts since the cost of the device is too high to risk. An iPhone X costs close to a month's salary. They even tend to avoid third party cables or chargers as a consequence.
I inferred that you discussed this with the person, since you indicated you talked to them via voice. That would have been the perfect time to arrange for return of the device.
I guess after reading between the lines, this person didn't suggest this action during the voice call, only via the text you discovered afterwards?
Elsewhere you mention that leaving the phone in the car was the best course of action, but the next person in that waymo could easily have swiped it.
I suppose a middle ground could have been to tell them to put it in the back seat pocket or something so that it was a bit more hidden while you contacted waymo support to let them know to retrieve it.
> Also, tell me more about how a stranger holding a random found device authenticates a caller as the owner of said device.
This is a little much. That's quite a threat model you are operating under. It explains why you immediately wiped. I think most people are not concerned with that contingency.
Why? I am a Waymo customer. I left it in the car, and so the service has a policy to collect the item and return it to their customer. Some random store where I don't go, all bets are off.
I was able to contact Waymo and discuss the lost item and they were able to recover it because it was left in the car. That is a success. I was also able to retrieve the item from their Depot because their Lost & Found process works. That is a 100% success.
It was unclear in my original comment, but the passenger's offer to leave it at a pharmacy was in a text message to my emergency contact, who didn't reply. I heard about that bit after-the-fact. All I told the passenger, repeatedly, was, "please leave it where you found it in the car" because Waymo would be able to work that out with me, a customer.
A few months ago, I lost the front door key to my apartment. The leasing office was closing in 5 minutes. I needed a loaner key, and I had no ID. I offered to leave my phone (one in the same) as collateral. They were extremely reluctant to be holding on to that instead of an ID. They said they'd make a one-time exception.
Phones are not really things that strangers like to hold on to, in case you've not noticed. If you are admitted to a hospital or jail or something, they get really jumpy about putting your electronics in a locker. Partly having to do with the likelihood of fire or explosion, the volume and value of personal data on those things, and their trackability. The best course of action for a lost device is you leave it where you found it, because that's the owner's best hope of retracing their path and finding it again.