Stolen Device Protection

[Morac]

You are not alone. one of my phones in beta took 3 weeks to learn my home, one activated immediately.
Ask Apple to allow us to choose our iwn familiar locations

https://apple.com/feedback

I figured since I had significant locations on since I got the phone it would just work. I know my Home is in my significant locations.

On a side note, I also noticed in iOS 17.3 my photos started changing from saying “Home” to the name of my town when I check the info on them, so there’s issues with home detection.

 

[Cunir]

This seems like a bit of a niche case. I'm not saying it cant happen, but the chances are pretty slim. But someone seeing you input your code at the pub or work or wherever, and walking off with it, probably happens quite a lot, so I'm glad we've got the extra protection for that.

 

[P_Watt]

Are you aware that with the device password you can reset the screen time password? So there is only an extra step for a thief to do its thing, it is not the same security as with the new stolen device protection...

Not if you disallow account and passcode changes in Screen Time.
Plus use your partner’s Apple ID or omit the Apple ID when saving the passcode.
Please run through the steps in case I am wrong.

 

[fivenotrump]

This seems like a bit of a niche case. I'm not saying it cant happen, but the chances are pretty slim. But someone seeing you input your code at the pub or work or wherever, and walking off with it, probably happens quite a lot, so I'm glad we've got the extra protection for that.

both pub and work may be 'significant locations'

 

[P_Watt]

both pub and work may be 'significant locations'

Precisely!
We should have control over familiar places and that choice would of course need to be protected from changes when away from them.
Aint gonna happen but I will keep suggesting it in feedback

 

[Cunir]

that seems like a little loophole that they should close up.
they should let you restrict it to your home

But i tested it out inside a cafe i've been visiting four or five times a week for a year, sitting down for 20 minutes each time, and it doesnt count that as a familiar location. (i covered up the FaceID camera and tried to log into a site using a password in keychain - it won't let you and comes up 'stolen device protection is turned on)

 

[P_Watt]

that seems like a little loophole that they should close up.
they should let you restrict it to your home

But i tested it out inside a cafe i've been visiting four or five times a week for a year, sitting down for 20 minutes each time, and it doesnt count that as a familiar location. (i covered up the FaceID camera and tried to log into a site using a password in keychain - it won't let you and comes up 'stolen device protection is turned on)

Good to hear.
I have “Home” set in Apple Maps. Why on earth did they not use that instead?!

 

[I7guy]

You are not alone. one of my phones in beta took 3 weeks to learn my home, one activated immediately.
Ask Apple to allow us to choose our iwn familiar locations

https://apple.com/feedback

That might be a great feature until an assaulter forces you to make the bar a familiar location.

 

[Deifie]

Not if you disallow account and passcode changes in Screen Time.
Plus use your partner’s Apple ID or omit the Apple ID when saving the passcode.
Please run through the steps in case I am wrong.

As i said, its only one additional step for a thief, they can try to reset the screen time passcode and when they are prompted with the apple id login they can reset the apple id passwort with the device password.
If you use another apple id for the screen time reset it coud possibly work and be not that easy to access.

 

[P_Watt]

As i said, its only one additional step for a thief, they can try to reset the screen time passcode and when they are prompted with the apple id login they can reset the apple id passwort with the device password.
If you use another apple id for the screen time reset it coud possibly work and be not that easy to access.

OK, I thought you had tested it snd found I’d made a mistake.
I think you’ll find it is almost as powerful as Stolen Device Protection for iphones X and older which cant use it, except for access to passwords which is why your or your partner’s apple ID must never be in Keychain

 

[P_Watt]

That might be a great feature until an assaulter forces you to make the bar a familiar location.

User selected familiar locations would have to be in the list of settings that is protected by a delay.
To be honest at that end of the crime spectrum where you are being held hostage it’s best to co-operates with your face or fingerprint, or kiss your ass goodbye

 

[I7guy]

User selected familiar locations would have to be in the list of settings that is protected by a delay.
To be honest at that end of the crime spectrum where you are being held hostage it’s best to co-operates with your face or fingerprint, or kiss your ass goodbye

I suppose apple could do that, apple could do anything they want. But the more they add the more complex it becomes and apple probably evaluates these functions from the persona of an average user.

 

[Morac]

Good to hear.
I have “Home” set in Apple Maps. Why on earth did they not use that instead?!

Because that's changeable. Thief steals phone, takes it home and changes home location in Maps or your contacts to their home.

Using significant locations should works, because it keeps tracks of not only where you've been but how long. People tend to spend a large amount of time at home and work (at least 8 hours). If you spend 8 hours a day at a pub, you may have a drinking problem.

That said significant locations seems to have some issues and Apple needs to be more transparent on how this works as it wouldn't recognize I was home for close to 21 hours and it only did so when I left home and came back about 20 minutes later. Even then it took a few hours for the phone to realize I was home even though my Home Automation events ran the moment I got home. Maybe that's part of the security features in case you are followed home, but Apple should make mention of that.

 

[P_Watt]

Because that's changeable. Thief steals phone, takes it home and changes home location in Maps or your contacts to their home.

Using significant locations should works, because it keeps tracks of not only where you've been but how long. People tend to spend a large amount of time at home and work (at least 8 hours). If you spend 8 hours a day at a pub, you may have a drinking problem.

That said significant locations seems to have some issues and Apple needs to be more transparent on how this works as it wouldn't recognize I was home for close to 21 hours and it only did so when I left home and came back about 20 minutes later. Even then it took a few hours for the phone to realize I was home even though my Home Automation events ran the moment I got home. Maybe that's part of the security features in case you are followed home, but Apple should make mention of that.

Maybe I don’t want my Workplace to be unprotected.
I think I said in another post that user selection of locations, eg by adding Home or Work to Maps, would need to be protected by biometrics and delay too. Maybe that’s why they will never do that.

 

[timeislove]

As far as anyone knows it uses Significant Locations in Location Services so if you go to Apple Store every day for 8 hours it might well count it as Familiar .
Join me in asking for the familiar places to be chosen by the owner instead.
Feedback Assistant now or next week

Product Feedback

We would love to hear your comments about any of our hardware and software products. Send us your thoughts.

apple.com

just enabled stolen protection mode and then turned it off in my office. but the action required an hr security delay. it looked like ios considered i was not in a familiar location.

how precise (perimeter) does ios check for familiar location? i was at one end of my office building.

on the other hand, i noted from the apple learn more section that stolen protection mode works with the knowledge of significant locations which i have some 280 nos.

so, which significant locations actually are considered familiar for the working of protection mode?

 

[WolfSnap]

So, if I spend a LOT of time at Disneyland....... Will that be enough of a significant location to defeat stolen device protection? Guess I need to test it the next time I'm there...

 

[Morac]

My phone apparently doesn’t think I go to my office enough as it’s not trusting the location. I do wish Apple clarified what is “frequently” visited.

 

[iStorm]

I wonder why Apple says "You should turn off Stolen Device Protection before you sell, give away, or trade in your iPhone." I mean, wouldn't "Erase All Content and Settings" already take care of this anyway?

About Stolen Device Protection for iPhone

Stolen Device Protection adds a layer of security when your iPhone is away from familiar locations, such as home or work, and helps protect your accounts and personal information in case your iPhone is ever stolen.

support.apple.com

Or maybe what they're trying to say is that you should turn it off before going to an unfamiliar location to sell, give away, or trade (if you wanted to wait and wipe the phone there when the deal is done).

This could be interesting for those that decide to upgrade without having any forethought. If someone were to walk into an Apple Store, Best Buy, or carrier store and decides to upgrade and trade-in...would they now have to wait an hour to turn SDP off and wipe the phone?

 

[VineRider]

Some issues I've seen so far:

If you have stolen device protection on, you can still access contacts without any authentication. Many people have their home addresses in their contact card.

You can still access significant locations with a PIN fallback when not in a significant location.

You can access Maps without any authentication and many people have their home and work addresses as favorites.

I am sure there are other examples, but all this to say, if a thief has your PIN, it's not that far of a stretch for them to find one of your significant locations, go there, and do their thievery.

This is still much better than what we had before, but I think it's still lacking in preventing someone from stealing your account if they have your PIN code. It does give you time to put your phone in lost mode and/or erase, but it's not foolproof IMHO.

PS, when i put a test phone in lost mode with SDP turned on, it would only unlock with face id and would not fall back to PIN code, so that is good.

EDIT: Just tested this again with my main phone in a significant location. I put my phone in lost mode, and the phone prompted for my passcode to validate face id. I put in my PIN and then it needed to validate my face ID just as stated. I didnt allow my phone to see my face and it went back to the lock screen.

So, I think the safety net if you get your phone stolen, is to put it in lost mode as quickly as possible. It cannot be unlocked without face ID even if it's in a known significant location.

 

[ifxf]

You are not alone. one of my phones in beta took 3 weeks to learn my home, one activated immediately.
Ask Apple to allow us to choose our iwn familiar locations

https://apple.com/feedback

I am not going to use a feature that doesn’t allow you to select familiar locations. I can only see one but Apple won’t let me see the other 30 I have. The one visible, I would never choose since it is a foreign airport that I recently spent multiple hours waiting for my next flight.

 

[P_Watt]

Some issues I've seen so far:

If you have stolen device protection on, you can still access contacts without any authentication. Many people have their home addresses in their contact card.

You can still access significant locations with a PIN fallback when not in a significant location.

You can access Maps without any authentication and many people have their home and work addresses as favorites.

I am sure there are other examples, but all this to say, if a thief has your PIN, it's not that far of a stretch for them to find one of your significant locations, go there, and do their thievery.

This is still much better than what we had before, but I think it's still lacking in preventing someone from stealing your account if they have your PIN code. It does give you time to put your phone in lost mode and/or erase, but it's not foolproof IMHO.

PS, when i put a test phone in lost mode with SDP turned on, it would only unlock with face id and would not fall back to PIN code, so that is good.

EDIT: Just tested this again with my main phone in a significant location. I put my phone in lost mode, and the phone prompted for my passcode to validate face id. I put in my PIN and then it needed to validate my face ID just as stated. I didnt allow my phone to see my face and it went back to the lock screen.

So, I think the safety net if you get your phone stolen, is to put it in lost mode as quickly as possible. It cannot be unlocked without face ID even if it's in a known significant location.

You are right, still full of holes but it gives you time to put it in lost mode whereas the thief cited in thr WSJ article could take your account in minutes before this new feature.

 

[Morac]

So, I think the safety net if you get your phone stolen, is to put it in lost mode as quickly as possible. It cannot be unlocked without face ID even if it's in a known significant location.

Apple has stated the purpose of SDP is to give someone more time to put the phone in lost mode as previously someone could swipe the phone and lock the user out of their AppleID in a matter of minutes.

SDP is not meant to be a panacea as there are a number of ways to bypass it for the motivated criminal such as following the person home or even straight out kidnapping them.

On a side note, I’ve found that it takes awhile for the phone to allow the passcode after arriving at a familiar location. It seems to take at least 15 minutes meaning that someone going to your home would need to hang out in the vicinity for at least that long. Not an issue for the criminal in a city, but in the suburbs it would be noticeable.

 

[VineRider]

Apple has stated the purpose of SDP is to give someone more time to put the phone in lost mode as previously someone could swipe the phone and lock the user out of their AppleID in a matter of minutes.

SDP is not meant to be a panacea as there are a number of ways to bypass it for the motivated criminal such as following the person home or even straight out kidnapping them.

On a side note, I’ve found that it takes awhile for the phone to allow the passcode after arriving at a familiar location. It seems to take at least 15 minutes meaning that someone going to your home would need to hang out in the vicinity for at least that long. Not an issue for the criminal in a city, but in the suburbs it would be noticeable.

Good info, I hadn't seen the statement from Apple about more time to enter lost mode. It is definitely good for that, and this is a much needed addition to the security arsenal to keep your information safe. Hopefully Apple will continue to refine and improve this feature.

 

[anonymousmoose]

I had some issues with SDP where it wouldn’t deactivate despite waiting for 60 mins.

I turned it on Tuesday night, tested it by entering the wrong passcode on purpose. It activated the 60 minutes delay. But, after the countdown it just starts again, over and over.

I didn’t leave my location.

I managed to turn it off eventually. Very odd behaviour though.

Here are the details:

1. I was at home and it still made me wait 1 hour.
Does that mean it doesn’t see my home as a trusted location?

2. I turned the feature on Tuesday night and after 60 mins I still couldn’t turn it off. Went to sleep.

3. When I got up at around 8:45am. The 60 min countdown started again. When I checked again after 10:30am the delay kicked off again for another 60min.

4. At 11:45am I unlocked the phone and it kicked off another 60min delay.

5. This time I actually left the phone unlocked and monitored it. Leaving the countdown on screen. When the delay ended, I made sure I didn’t lock the phone and was able to turn the feature off.

Until I understand why this happened – I’m leaving the feature off!

I like the idea of the feature but after this experience, not really trusting it.

 

[P_Watt]

I had some issues with SDP where it wouldn’t deactivate despite waiting for 60 mins.

I turned it on Tuesday night, tested it by entering the wrong passcode on purpose. It activated the 60 minutes delay. But, after the countdown it just starts again, over and over.

I didn’t leave my location.

I managed to turn it off eventually. Very odd behaviour though.

Here are the details:

1. I was at home and it still made me wait 1 hour.
Does that mean it doesn’t see my home as a trusted location?

2. I turned the feature on Tuesday night and after 60 mins I still couldn’t turn it off. Went to sleep.

3. When I got up at around 8:45am. The 60 min countdown started again. When I checked again after 10:30am the delay kicked off again for another 60min.

4. At 11:45am I unlocked the phone and it kicked off another 60min delay.

5. This time I actually left the phone unlocked and monitored it. Leaving the countdown on screen. When the delay ended, I made sure I didn’t lock the phone and was able to turn the feature off.

Until I understand why this happened – I’m leaving the feature off!

I like the idea of the feature but after this experience, not really trusting it.

Settings, Privacy & Security, Location services, System Services, Significant locations must be on. Not only that, it must have bern on for a week or two, and you will have needed to have travelled in and out of your home during that time so the phone learned your home.
It’s poor but there it is.