This also solves a somewhat unique problem I experienced recently with iCloud keychain where all your passwords are only as secure as your passcode (and anyone that knows it).
I had to hand my phone over to a third party repairer. This would mean they needed to know my passcode so I wanted to lock down the phone to allow them to perform whatever diagnostic steps they might need but to restrict access to the wallet and iCloud keychain.
The first part was actually quite simple using a separate screen time passcode to restrict all apps bar the camera and any that they needed. The frustrating part was that the settings app itself cannot be blocked by screentime (I guess as thats where you configure the restrictions) and as iCloud keychain passwords are accessed from settings there was no way to block access to them.
With this update I could (somewhat) safely supply my passcode while being relatively confident that my keychain passwords were not viewed.
I think some (all?) Android phones allow you to put the phone into 'repair mode', which allows the repairer to access critical features without unlocking the entire phone. I'd like to see a feature like that for iPhones too.
What hardware repair would require handing over your passcode? If it's to test that the phone is working fine after the repair, can't you test it yourself in front of them before you pay? If they were doing software repairs, what would be the nature of the repair? Hard for me to imagine anything to repair software-wise, given how iOS is.
Anything that requires turning off the phone will need a passcode once it powers on. This includes battery replacement, screen, microphone, camera, etc. Only for camera repairs is it feasible to test fully without entering a passcode.
Of course you could leave the testing until you pick it up and pay but then if something is faulty you’ll have to come back later and wait longer when they might have been able to repair beforehand if they’d known.
Having watched full screen replacements, button replacements, and battery replacements on my iPhone, I suppose I don't understand why one wouldn't just wait the extra 5 minutes to get the issue resolved. Repairs can get done really fast in my experience.
At least the passcode section of settings can indeed be restricted by ScreenTime. I've done this as my aging parents often want change the passcode then forget their new passwords (and sometimes get paranoid).
It’s a risk. But it also takes a few hours to restore from backup and there’s a bunch of things that (sensibly) don’t restore and require manual setup.
I know Apple will never ask for your passcode but in the case of a repair shop that promises 15 minute service it’s kinda necessary unless you want it to take far longer and annoy them.
Ultimately with it locked down with screentime the only personal data I had an issue with was iCloud Keychain. Honestly I don’t know why Apple lets children access the full settings anyway. It would be trivial to add a screen time restriction for all features of settings except the screentime pane.
I wiped mine, but then a couple of hours before my appointment for a battery replacement they called and said due to heavy snow the techs could not get, and gave me a new appointment a couple of days later.
I didn't want to fully restore the phone for just a couple of days, so just set it up with a temporary passcode and signed in to an Apple ID I normally do not use [1], so that I could use it for that couple of days without things asking me to sign in.
After the battery replacement I then wiped it and restored from a backup under my normal Apple ID.
This mostly worked, except it messed up my Longest Move Streak with my Apple Watch. I'm not sure if this was just due to the wiping the phone part, or the having the phone on a different Apple ID than the watch for a couple days, or something else.
What the Fitness app tells me about the streak now is just weird.
The streak started on 2019-05-07 and I've not missed a day since then. The battery replacement was on 2022-12-21.
When I checked the streak in Fitness on 2023-02-04 it told me that:
My longest streak was 39 days ending 2023-02-03
My current streak was 1368 days
Note that it is reporting a longest streak that is entirely within what it is reporting is my current streak.
17 days later, 2023-02-21, it was reporting:
My longest streak was 41 days ending on 2023-02-20
My current streak was 1385 days
Note that when it thinks that the longest streak started was sometime during the previous longest streak, so that makes no sense.
A few months later, 2023-09-23, it was:
My longest streak was 37 days ending on 2023-09-23
My current streak was 1600 days
I hadn't checked between that last and now. Checking now, on 2024-01-22, I get:
My longest streak was 1710 days ending on 2024-01-11
My current streak is 1720 days
That's better in that now it thinks the longest streak and current streak started at the same time, which is correct. But it still has the longest streak in the interior of the current streak which should not be possible.
[1] I've got two Apple IDs because originally you couldn't use the same account for iTunes and their cloud service, and so everyone who wanted to use both had to have two accounts. Later they made it so one account could use both.
Way overdue feature IMHO. A reason why I didn’t want to use passcodes or keychain for passwords was that once someone knew my passcode to unlock my phone, they could access all my accounts
1Password at least uses a different password and isn’t unlockable with passcode alone
Nitpicking here. Older 1Password versions do allow unlocking using the iOS passcode if biometry fails, but I’m not sure it was ever intended as a feature. It isn’t a UI that is built into 1Password though, it’s the iOS fallback UI for that scenario (which looks very similar to the SIM PIN unlock screen).
A _lot_ of apps did and still do fall back to iOS passcode authentication when biometry fails. It does seem like more developers are disabling this, however.
Neat feature I guess, but how long before thieves realize that they can just look up your home or work address from the Maps or Contacts app and go stand near it to get around these restrictions?
Regarding the actions that required FaceID/TouchID once the protections are enabled, what happens if the biometric authentication fails? Sometimes I can't unlock my phone with FaceID, and I have to resort to using my passcode after three attempts. Will it now allow unlimited attempts in the specific scenario covered by the new feature?
(I realise this means I can still get into my phone, just that I might not be able to access certain features - e.g. change passwords - if I'm not at one of my usual locations).
My experience with biometrics in general is that it gives you X tries, and then asks for a password. But IIRC if you close the app, and then re-open it, it will give you another X tries with biometric. It isn't like failed password attempts, where it will rate-limit you after a few misses.
I’ll be using this but what a stupid exception imo. I work in a big building where anyone could walk in without id and simply defeat the protection. Hell, a disgruntled coworker contractor or customer could be in on it.
> When your iPhone is in a familiar location, these additional steps are not required, and you can use your device passcode like usual. Familiar locations typically include your home, work, and certain other locations where you regularly use your iPhone.
I don’t think iPhone thieves are smart enough to connect a snatched phone’s owner’s identity to a location nor are they stupid enough to regularly go to a frequent location to unlock a stolen device. In practice, a change like this will help a lot. Most stolen phones get put into the Shenzhen parts supply chain, and it’s probably not economical for the middlemen to do bespoke work to unlock the device.
Oh how very wrong you are. This feature came in response to WSJ reporting about iPhone thieves, targeting affluent iPhone users so they could steal their iPhones and rapidly lock the owner out. All while accessing their bank accounts, credit cards etc.
What does that have to do with my comment which was about whether those thieves are willing to locate the owner’s frequently visited addresses, visit them, and then repeat this process at scale.
This is a pretty direct response to the WSJ's iPhone theft story from last year[1], which was focused on people managing to shoulder-surf your passcode while you're in a public place, steal your phone, then use your passcode to reset your Apple ID password (thus locking you out of being able to report the phone as stolen). It apparently relied on multiple people and a certain amount of social engineering -- one party managing to get the phone into a passcode-required state, another to see it entered, and a third to actually lift the phone.
The hope would thus be that although someone could walk into your workplace and steal your phone off your desk, they would be much less likely to have been able to watch you enter your passcode first.
Yeah I saw that article too. It closes that one hole the wsj reported on but pretending there aren’t other credible threats is silly. a bad actor at work could observe the password and then steal the phone at a later date, and take it to the bathroom for instance. That’s just what I’ve come up with from there to of my head.
I agree in spirit with your stance, and it is a good solution to the shoulder surfing problem.
But generally I don’t think it’s plausible for a mass market device to counter every kind of threat, or every iteration of a more specific kind of threat.
In a workplace or home theft scenario, there are _presumably_ better ways of identifying a thief than at, say, a random bar.
My beef with this feature is that my Significant Locations haven’t been accurate for over a month, so my home location isn’t “trusted”.
Is there a website that has a list of the steps you should take if your phone is stolen? My first instinct would be to use someone else's phone to google "what to do if your iPhone is stolen".
But I wouldn't know how to determine if the instructions I was seeing were incomplete, or outdated. Is there a trusted, frequently-updated site that we can easily remember and plug into our friends' phone if and when this terrible thing happens to us?
Very cool, thanks. I notice it doesn’t mention anything about changing bank passwords or the like. Might that be necessary, depending on how long it’s been out of your control? That is, if someone swipes your phone and was able to peak at your password (as a recent WSJ series focused on), you would probably need to take more dramatic steps if you didn’t realize it was gone immediately. Should I be making a list of the apps on my phone that have sensitive information and can be accessed without FaceID?
I wish it were possible to designate an app to require FaceID or both my device password and my Apple ID password (or some other second authentication). Does this new updates fix this issue entirely? I feel like not because until I mark the phone stolen it doesn’t know to lock the holder of the phone out of my apps using just my device password.
> You might want to change your password for other accounts, too.
Personally I would trust iOS security enough to not be too worried. Especially if I can issue a remote wipe in a timely manner. As long as the phone isn't swiped out of my hand while unlocked, I'm doubtful the average thief will be able to get past the lock screen. (Though I'm also assuming the thief doesn't have my passcode)
If something like a phone is stolen it's probably safe just to change everything. The inconvenience of having to go through and change your important passwords manually (including your manager's master password of course) is relatively minor compared to your financial accounts getting breached.
I have an Android phone, and a few months ago I left it behind in a Waymo autonomous vehicle.
Awhile ago, I added the "Find My Device" site to my bookmarks and I'd tested it out a few times. So I started there. And I also used Google Voice to place a voice call, so when it didn't ring in my home, I knew it wasn't here.
The Waymo passenger answered and there was much giggling. She kept saying she didn't know what to do. I said just leave it in the car.
So, knowing it was out of my control, I sent the remote wipe command, and hoped for the best. It turned out, the passenger also used the "Emergency Call" to send a text to my emergency contact. She offered to leave the phone in a pharmacy across town! I don't know how that would've helped.
Anyway, I did recover the phone at the Waymo Depot. It had obeyed the remote-wipe command and it was factory reset, with a full battery. It actually came out better-than-new, as the subsequent updates applied a few nice features.
Moving the phone from the place it was left with consent of the owner is not theft.
And it's not that crazy to leave lost property with a nearby business (presumably a trusted one)- sure they could say no but then you could just find another way to return the device.
Also why would you not be able to track it any more if they left it at the pharmacy, it's not like the Find My Device feature only works in Waymos. I guess you just mean due to the sequencing of wiping before noticing the text message?
> Moving the phone from the place it was left with consent of the owner is not theft.
Tell me more about how I somehow gave consent to that. Also, tell me more about how a stranger holding a random found device authenticates a caller as the owner of said device.
You're overthinking it; it'd just be "I found this phone". They don't need to give the backstory. Most businesses will hold onto valuable lost property for a while, on the assumption that a customer dropped something.
> I would say that moving the phone from the place I left it would promote it from "lost" to "stolen".
A really key element here is that they offered to help you out by leaving it there for you, so I don't see how "stolen" would come in to it...
Honestly I can't envision that conversation happening between two real people. What is much, much more likely to actually happen in my experience:
"I found this phone."
"Ok." takes it
You go in later "I lost my phone, do you have it here?" and they hand it to you. For particularly fastidious store clerks they may ask you to describe it before handing it over. And you likely have to wait while whoever you ask asks all the other employees if they found a phone.
It's not clear to me that letting the phone just sort of drift through the ether toward the Waymo Depot while who knows how many other passengers use the car is any better than putting the phone at some other fixed location behind at least some cursory level of security.
You mean the Waymo cars that are bristling with dozens of cameras and sensors? The Waymo service where I immediately contacted Support and informed them, so they could recall the vehicle or have it meet a worker who could search it? Dunno, dude.
> She offered to leave the phone in a pharmacy across town! I don't know how that would've helped.
If I had been the one to find your phone, I probably would have told you to suggest some other drop off place I can take it to that isn't too far out of my way, and if you could not or would not I would have probably taken it to a police station.
I would not leave it in the Waymo, even if that is what you wanted, because I have no guarantee that some other Waymo passenger after me will find it and steal it before you can get it back from Waymo. That could leave me as the last person known to have been in possession of the phone. I have no interest in becoming a suspect in the theft of your phone.
So the next step for the criminals (the ones who steal both the passcode and phone) is to find your address (often stored in Contacts, or available in your Amazon account) then physically
go there and lurk nearby while finishing their pwning steps.
I may be missing something. But if not it seems like Apple is now incentivizing a scenario where thieves will physically go to the location of their victims homes in order to circumvent some of these measures.
I know somebody who was recently drugged and had their iPhone stolen (amongst other things) while on a trip in New Orleans. While he has no recollection of the night, this may have mitigated the damage they were able to cause and the trouble he had to go through to recover his Apple ID.
I doubt the thieves would physically travel to his home for the phone, but I suspect that this will lead to blackmailing scenarios where the thieves exfil risqué or compromising content and threaten to send it to sensitive contacts if you don't unlock the phone the next day.
This is time sensitive. The criminals would lose too much time doing that. At least for the “criminal use case “ in Brazil, where they want to quickly access your bank app, this wouldn’t work.
Yes, as long as you know your phone was taken, and you immediately use someone else's phone to mark your as lost (or wipe it), you can probably beat them to it. But if your phone was stolen while you were at a movie theater, for example, you might not notice until it was too late. At least there's a 1 hour delay + biometric requirement for certain changes.
I don’t know if Brazil was one of the places that convince Apple to do that, but we have a huge problem of mobile phones robbery with that aim to access the bank apps to drain accounts dry.
In a quite resourceful way (social engineering, process and system exploits) these criminal organizations will jump all the hoops (2FA, Face Recognition) and manage to access most of those apps.
> I do believe it prevents 99.9% of the theft cases mentioned
I don't believe so, or at least where I am from. This 'only' provides additional protection against cases where thieves know your device passcode. I've had my phone stolen from me twice where they couldn't have known my passcode and couldn't remove it from Find My, and it was never seen again.
They probably stripped the phone down for parts. But there is another theft case where they hold a knife/gun to you and tell you to hand over the password/wipe the phone. Which this update solves.
The other issue could probably be resolved with more aggressive part ID checking. iPhones should just refuse to function if they have a part from a stolen phone.
Even if it prevents reselling the phone, it doesn't prevent the phone from being stolen. It would be a dumb criminal to leave you your phone to allow you to immediately call the police if you've been mugged. Just take the phone, trash it literally placing it in a bin or destroying it or both.
At the end of the day, you still don't have the phone whether the thief profits from it or not. All this will do is prevent criminals up to date with this info to not try to resell it. It does not prevent them from taking/destroying it.
This feature is not really about protecting your device from being stolen. It's about protecting your iCloud account and everything on your device from being compromised when somebody has stolen your device and also has your phone's passcode.
It's an attempt to resolve the fairly widespread iPhone / iCloud social engineering takeover attacks that were documented in great detail by Joanna Stern last year:
> This feature is not really about protecting your device from being stolen.
Once a thief has stolen his 10th iPhone that he can't do anything with, he'll probably be less likely to bother stealing iPhones. If anything it's a liability since it can be tracked as long as it still has some battery.
> Once a thief has stolen his 10th iPhone that he can't do anything with, he'll probably be less likely to bother stealing iPhones. If anything it's a liability since it can be tracked as long as it still has some battery.
Theft isn't just for the whole device, it's also for parts. By making the part market so difficult they essentially create a black market for it in third world countries where just the phone's battery could be worth a day's wages.
That’s why they require that you activate parts as well. Motherboard, screen and face id sensors are useless. The battery isn’t worth much, compared to newer Chinese knockoffs
You have a lot of faith in the learning curve of a thief. In my area, the ATT fiber lines have been cut multiple times in the same area multiple times directly impacting my my friend's service. These have been due to the lines getting cut searching for copper. They still haven't learned and it keeps happening.
If you think in the systems of how criminals work, they tend to spend more time stealing things they think will pay off. Taking something that will cost them time and not gain them money will over time bias thieves to not taking iphones.
You can't really prevent "I stole your phone just to cause chaos". What Apple did with Find My was to remove the financial incentive to steal phones. What Apple does with this is protecting your iCloud account from someone who knows your passcode. (I would imagine that most people in relationships know their partner's passcode. Sometimes relationships sour.)
What prevents "I stole your phone just to cause chaos" is the risk/reward profile. Even though your phone is useless to someone that stole it, it's still theft, and you'll still have to face consequences if caught. If the incentive is "I'll be able to buy $1200 worth of shit", then people are probably going to take their chances with getting caught. If it's "I'll get nothing except the satisfaction of smashing someone else's electronics", then most people won't take their chances.
With the whole "knowing your passcode doesn't help" situation, it makes the long tail crimes even more difficult. "Tell me your passcode or I'll shoot you" no longer works, for example. It makes the crime significantly more difficult to commit, and requires committing crimes that carry significantly longer sentences. (Armed robbery turns into kidnapping. You could be looking at the rest of your life in prison for $300 in someone's checking account. Not worth it to most people.)
At the end of the day, there is only so much you can do. The rest is your insurance company's problem. The fewer viable attacks there are against you, and the less often they happen, the less your premiums are. (I actually don't know if there is insurance for this. I should check.)
An interesting scenario I heard was a fellow in, I think, Colombia. He was visiting, and was looking at his phone on the sidewalk. As he was looking at it, a pair of people rode up on a motorcycle or scooter, grabbed it out of his hand, and drove off.
They just got themselves an unlocked phone.
I assume this protects, somewhat, against this by the fact that were the thieves to try and change anything, there's another step of verification necessary than there was before.
And I think it was very clever of Apple to leverage the device location as an ad hoc "2FA". "Something you know, some place you are."
Thieves have been known to steal iPhones not just for the value of the parts but to compromise your entire digital existence. Most online banking transfers only require a 2nd factor from your phone (your saved passwords are already on there).
If you're robbed at gunpoint, and they demand you unlock your phone for them, this protection means they would have to kidnap you for at least an hour to then unlock it again. The former happened pretty regularly, but upgrading to kidnapping is a lot riskier, more dangerous, and invites a serious police response.
> Security Delay: Some security actions such as changing your Apple ID password also require you to wait an hour and then perform a second Face ID or Touch ID authentication.
Emphasis mine.
It seems like you have a lot of reasonable questions and concerns about the efficacy of this measure, but Apple have done a pretty good job of addressing them and explaining their rationale in the first few paragraphs of the documentation.
> In the event that your iPhone is stolen, the security delay is designed to prevent a thief from performing critical operations so that you can mark your device as lost and make sure your Apple account is secure. Learn what to do if your iPhone is lost or stolen.
I had to hand my phone over to a third party repairer. This would mean they needed to know my passcode so I wanted to lock down the phone to allow them to perform whatever diagnostic steps they might need but to restrict access to the wallet and iCloud keychain.
The first part was actually quite simple using a separate screen time passcode to restrict all apps bar the camera and any that they needed. The frustrating part was that the settings app itself cannot be blocked by screentime (I guess as thats where you configure the restrictions) and as iCloud keychain passwords are accessed from settings there was no way to block access to them.
With this update I could (somewhat) safely supply my passcode while being relatively confident that my keychain passwords were not viewed.