Major flaw with Apple’s Stolen Device Protection
There is a major flaw with Stolen Device Protection. If you do not rectify this flaw, you can potentially lose the protection of this feature.
In my previous article, No biometrics on your mobile device? You’re close to total disaster, I discussed a total cybersecurity disaster that can befall you if you do not turn on biometrics in your iPhone or Android smartphones. Due to the media publicity of this security weakness, Apple added a new feature starting from iOS 17.3: Stolen Device Protection:
With iOS 17.3 and later, you can use Stolen Device Protection to protect against the rare instance when someone has stolen your iPhone and knows your passcode. When you’re away from familiar locations like home or work, Stolen Device Protection prevents the person from performing critical device and Apple ID account operations (like changing your device passcode or Apple ID password) by requiring biometric authentication with Face ID or Touch ID with no passcode fallback.
When Stolen Device Protection is turned on, more sensitive operations require a Security Delay: a successful Face ID or Touch ID, an hour wait, then an additional successful biometric authentication. Security Delay helps prevent someone from making changes to settings that can lock you out of your iPhone or Apple ID account. These measures help protect your device and account, and give you more time to turn on Lost Mode using the Find My app or Find Devices on iCloud.com.
Here is the summary of what Stolen Device Protection entails:
As you can see, Stolen Device Protection will severely disrupt the ability of the thief to completely compromise your iPhone and Apple ID account if he/she knows its passcode.
Internal contradiction with Stolen Device Protection
By now, you may notice an internal contraction with this feature.
This feature protects you if the thief has physical access to your iPhone and knows its passcode. To turn that feature on, you need to turn on biometric security in your iPhone. But if biometric security is turned on, you will not need this feature in the first place.
How to turn on Stolen Device Protection
At the time of writing, this feature is only available on iPhones. It is not available on iPads.
To turn on this feature:
Go to Settings, then tap Face ID & Passcode.
Enter your device passcode.
Tap to turn Stolen Device Protection on.
The major problem with Stolen Device Protection
Unfortunately, there is a major flaw with this security feature. If you do not rectify this flaw, you can potentially lose the protection of this feature. Currently, there is a workaround to this flaw. But there are disadvantages to this workaround. Soon, Apple is going to issue a fix to this defective workaround.