[natch]

So the next step for the criminals (the ones who steal both the passcode and phone) is to find your address (often stored in Contacts, or available in your Amazon account) then physically go there and lurk nearby while finishing their pwning steps.

I may be missing something. But if not it seems like Apple is now incentivizing a scenario where thieves will physically go to the location of their victims homes in order to circumvent some of these measures.

[landr0id]

I know somebody who was recently drugged and had their iPhone stolen (amongst other things) while on a trip in New Orleans. While he has no recollection of the night, this may have mitigated the damage they were able to cause and the trouble he had to go through to recover his Apple ID.

I doubt the thieves would physically travel to his home for the phone, but I suspect that this will lead to blackmailing scenarios where the thieves exfil risqué or compromising content and threaten to send it to sensitive contacts if you don't unlock the phone the next day.

[dakial1]

This is time sensitive. The criminals would lose too much time doing that. At least for the “criminal use case “ in Brazil, where they want to quickly access your bank app, this wouldn’t work.

[gnicholas]

Yes, as long as you know your phone was taken, and you immediately use someone else's phone to mark your as lost (or wipe it), you can probably beat them to it. But if your phone was stolen while you were at a movie theater, for example, you might not notice until it was too late. At least there's a 1 hour delay + biometric requirement for certain changes.