Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

How to Enable Stolen Device Protection on iPhone

I tried this on my 13 Pro Max when I installed IOS 17. After 3 weeks it still hadn't learned when I was home, which is where I spend most of my time, so I gave up and turned it off. For my lifestyle the chances of somebody seeing me enter my 10 digit passcode then stealing the phone would seem to be exceedingly small anyway.
 
  • Like
Reactions: canyonblue737
Pleonasm said:
@ypl, the (potential) problem is that Stolen Device Protection [SDP] is designed to prevent an unauthenticated user from performing this action: "Add or remove Face ID."

If SDP is automatically active on a new iPhone that has been setup from a backup of an old iPhone with SDP enabled as "Always," then a user may be unable to add Face ID on the new iPhone - and, therefore, be unable to access iOS settings that are secured by SDP?

P.S.: SDP is also designed to prevent using "your iPhone to set up a new device" which may further complicate the situation?
Click to expand...
FaceID is one of protection tools used for SDP, so blocking adding/removing FaceID when SDP is active is obvious. But that restriction applies to Stolen Device only, doesn't it? When you setup new device, FaceID is not configured at all (even if you recover your data from iCloud backup), so there's nothing to be protected by SDP with regards to FaceID.

The only problem is (what you mentioned above) that stolen device cannot be used as 2nd step of 2FA when configuring new device. You must just use other method (Recovery Contact/Key, TPN, other not-stolen device like macBook or Apple Watch, etc.) to setup new device.

Again, SDP is a tool to protect your data to be breached using stolen device, not any device.

Last but not least - that is my understanding of how SDP works. I haven't tested "stolen device" scenario in reality. I may be wrong (partially?), then. It may be that SDP is not being activated at all when backup data is restored from iCloud regardless of its status on stolen device.
 
ypl said:
FaceID is one of protection tools used for SDP, so blocking adding/removing FaceID when SDP is active is obvious. But that restriction applies to Stolen Device only, doesn't it? When you setup new device, FaceID is not configured at all (even if you recover your data from iCloud backup), so there's nothing to be protected by SDP with regards to FaceID....
Click to expand...

@ypl, when setting up a new iPhone from a backup of an old iPhone with Stolen Device Protection [SDP] enabled as "Always," I do not believe that "there's nothing to be protected by SDP." Complete access to all the iOS settings from the old iPhone on the new iPhone by an adversary is exactly what SDP is intended to prevent, including critical configurations such as changing the Apple ID password with the device passcode.

Interestingly, I am unable to find any documentation by Apple concerning how SDP behaves in the backup/restore scenario we are discussing. I suspect that a solution exists? However, until I know for a fact that an iPhone owner can easily recover from using SDP="Always" in the event of a Face ID hardware failure, I personally will only use SDP="Away from Familiar Locations."
 
Pleonasm said:
@ypl, when setting up a new iPhone from a backup of an old iPhone with Stolen Device Protection [SDP] enabled as "Always," I do not believe that "there's nothing to be protected by SDP." Complete access to all the iOS settings from the old iPhone on the new iPhone by an adversary is exactly what SDP is intended to prevent, including critical configurations such as changing the Apple ID password with the device passcode.

Interestingly, I am unable to find any documentation by Apple concerning how SDP behaves in the backup/restore scenario we are discussing. I suspect that a solution exists? However, until I know for a fact that an iPhone owner can easily recover from using SDP="Always" in the event of a Face ID hardware failure, I personally will only use SDP="Away from Familiar Locations."
Click to expand...
What you mean by “complete access to to all iOS settings”?
Thief doesn’t know your password (and cannot reset it due to SDP even if he/she knows passcode). It is perfectly safe to allow user to login to AppleID account on new device using current password and some 2nd 2FA step (excluding stolen iPhone ofc).
Really, I don’t see ANY reason activation of Touch/FaceID and logging in to AppleID account should be blocked.
Anyway, it is always better to be on the safe side, so your approach not to use “Always” is understandable. At least until you will be 100% sure that recovery is possible without Touch/FaceID.
Btw. Apple doesn’t provide any information that would make thieves job easier. I think the information you seek is exactly this. You can only count on Apple to be able to help you in such specific case.
 
August West said:
I tried this on my 13 Pro Max when I installed IOS 17. After 3 weeks it still hadn't learned when I was home, which is where I spend most of my time, so I gave up and turned it off. For my lifestyle the chances of somebody seeing me enter my 10 digit passcode then stealing the phone would seem to be exceedingly small anyway.
Click to expand...

This behaviour makes me so furious. Imagine if you ordered something off Amazon and they said “No need to give us your address, we’ll just guess! And if we get it wrong you can’t correct it”

SDP is such a complex over-engineered solution for a very simple problem. All we need is a toggle that allows us to prevent the device’s passcode from being used to reset the Apple ID password. That’s literally it.
 
  • Like
Reactions: Amstrman, canyonblue737, LlamaLarry and 2 others
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back