Thief stealing iPhone

Major flaw with Apple’s Stolen Device Protection

In my previous article, No biometrics on your mobile device? You’re close to total disaster, I discussed a total cybersecurity disaster that can befall you if you do not turn on biometrics in your iPhone or Android smartphones. Due to the media publicity of this security weakness, Apple added a new feature starting from iOS 17.3: Stolen Device Protection:

With iOS 17.3 and later, you can use Stolen Device Protection to protect against the rare instance when someone has stolen your iPhone and knows your passcode. When you’re away from familiar locations like home or work, Stolen Device Protection prevents the person from performing critical device and Apple ID account operations (like changing your device passcode or Apple ID password) by requiring biometric authentication with Face ID or Touch ID with no passcode fallback.

When Stolen Device Protection is turned on, more sensitive operations require a Security Delay: a successful Face ID or Touch ID, an hour wait, then an additional successful biometric authentication. Security Delay helps prevent someone from making changes to settings that can lock you out of your iPhone or Apple ID account. These measures help protect your device and account, and give you more time to turn on Lost Mode using the Find My app or Find Devices on iCloud.com.

Here is the summary of what Stolen Device Protection entails:

Biometrics are required to:Biometrics + an hour wait + Biometrics are required to:
Use passwords or passkeys saved in KeychainChange your Apple ID password
Use payment methods saved in Safari (auto-fill)Sign out of your Apple ID
Turn off Lost ModeUpdate Apple ID account security settings (such as adding or removing a trusted device, Recovery Key or Recovery Contact)
Erase all content and settingsAdd or remove Face ID or Touch ID
Apply for a new Apple CardChange your iPhone passcode
View Apple Card virtual card numberReset All Settings
Take certain Apple Cash and Savings actions in Wallet (for example, Apple Cash or Savings transfers)Turn off Find My
Use your iPhone to set up a new device (for example, Quick Start)Turn off Stolen Device Protection

As you can see, Stolen Device Protection will severely disrupt the ability of the thief to completely compromise your iPhone and Apple ID account if he/she knows its passcode.

Internal contradiction with Stolen Device Protection

By now, you may notice an internal contraction with this feature.

This feature protects you if the thief has physical access to your iPhone and knows its passcode. To turn that feature on, you need to turn on biometric security in your iPhone. But if biometric security is turned on, you will not need this feature in the first place.

How to turn on Stolen Device Protection

At the time of writing, this feature is only available on iPhones. It is not available on iPads.

To turn on this feature:

  • Go to Settings, then tap Face ID & Passcode.
  • Enter your device passcode.
  • Tap to turn Stolen Device Protection on. 

The major problem with Stolen Device Protection

Unfortunately, there is a major flaw with this security feature. If you do not rectify this flaw, you can potentially lose the protection of this feature. Currently, there is a workaround to this flaw. But there are disadvantages to this workaround. Soon, Apple is going to issue a fix to this defective workaround.

Subscribe to continue reading

Become a paid subscriber to get access to the rest of this post and other exclusive content.

Already a paid subscriber?