In the previous year, a series of articles penned by reporters Joanna Stern and Nicole Nguyen of the Wall Street Journal shed light on a concerning trend of criminal activity targeting iPhone users. The modus operandi involved a thief obtaining the victim’s iPhone passcode, snatching the device, and making a swift getaway. Armed solely with the passcode, the thief could promptly alter the victim’s Apple ID password, lock them out of their iCloud account, and exploit apps and data on the iPhone for illicit financial gain, purchases, and digital chaos.
Essentially, Apple inadvertently empowered the passcode, susceptible to discovery through tactics like shoulder surfing, covert filming, or social manipulation, allowing criminals to exploit this vulnerability. While it's advisable to utilize Face ID or Touch ID, particularly in public settings, some individuals persist in relying solely on the passcode.
Fortunately, Apple has now tackled this issue for iPhone users with the introduction of the new Stolen Device Protection feature in iOS 17.3. This feature safeguards critical security and financial transactions by mandating biometric authentication—Face ID or Touch ID—when outside familiar environments such as home or workplace. Moreover, significant actions prompt an hour-long security delay before a secondary biometric authentication, enhancing protection. We strongly recommend all Face ID and Touch ID users to activate Stolen Device Protection. Regrettably, this feature is unavailable for iPad or Mac users, but these devices are less likely to be targeted in environments such as crowded bars where iPhone thefts commonly occur.
The functionality of Stolen Device Protection revolves around location awareness. In familiar locations, where the iPhone owner frequently visits, all security and financial tasks can be performed as usual, including using the passcode as a fallback. However, in unfamiliar locales—typical scenarios where iPhone thefts occur—Stolen Device Protection mandates biometric authentication to perform various tasks, such as accessing passwords or payment methods saved in Safari, disabling Lost Mode, erasing device content, applying for an Apple Card, and more. Certain actions with severe repercussions necessitate not only biometric authentication but also an hour-long security delay, reducing the risk of coercion through threats of violence.
Some caveats accompany this protection:
- The iPhone passcode still remains functional for Apple Pay purchases, leaving room for a thief to exploit the passcode and iPhone for unauthorized transactions.
- While Apple recommends keeping Significant Locations enabled for additional security, users have the option to disable it, requiring extra biometric authentication and security delay everywhere to mitigate concerns about potential exploitation by thieves.
- If intending to sell, gift, or trade-in an iPhone, it's crucial to deactivate Stolen Device Protection beforehand. Once relinquished, no one else will be able to reset the device, maintaining security.
Turn On Stolen Device Protection
Before you get started, note that Apple says you must be using two-factor authentication for your Apple ID (everyone should be anyway), have a passcode set up for your iPhone (ditto), turn on Face ID or Touch ID, enable Find My, and turn on Significant Locations (Settings > Privacy & Security > Location Services > System Services > Significant Locations), although this last one doesn’t actually seem to be required.
Then, go to Settings > Face ID/Touch ID & Passcode, enter your passcode, and tap Turn On Protection. (If it’s enabled, tap Turn Off Protection to remove its additional safeguards.)
Once Stolen Device Protection is on and you’re in an unfamiliar location, the actions listed above will require either biometric authentication or two biometric authentications separated by the hour-long security delay.
There is one group of people who should not turn on Stolen Device Protection: those for whom Face ID or Touch ID don’t work. Most people have no trouble with Apple’s biometric technologies, but some people have worn off their fingerprints or have other physical features that confuse Touch ID or, less commonly, Face ID.
If that’s you, stick with our general recommendation for discouraging possible iPhone thefts: Never enter your iPhone passcode in public where it could be observed.
(Featured image by iStock.com/AntonioGuillem)
