Dec 13, 2023 8:40 AM PT

What is Stolen Device Protection for iPhone and how does it work?

The new protection follows incidents in which criminals apparently spied on users to get passcodes before stealing their iPhones.

CSO_Secuirty_shadowy figure_Breach_Thief_Hacker_gettyimages 1170855903 by motortion
Motortion / Getty Images

Take that, iPhone thieves — Apple is about to make it even more difficult to use its smartphones when you have no right to do so. In the upcoming iOS 17.3, it is testing out a new security system called "Stolen Device Protection."

Here's a look at what this is, and what it does.

Stolen Device Protection explained

Apple’s beta notes explain: “Stolen Device Protection adds an additional layer of security in the unlikely case that someone has stolen your iPhone and also obtained your passcode.”

The company explains the features this way:

  • Accessing your saved passwords requires Face/Touch ID to be sure it’s you.
  • Changing sensitive settings like your Apple ID password is protected by a security delay.
  • No delay is required when iPhone is at familiar locations such as home and work.

Stolen Device Protection prevents a thief who has a device and knowledge of the victim’s passcode from performing critical device and Apple ID account operations like changing the device or Apple ID passcode by requiring biometric authentication, with no passcode fallback. 

Some operations require a single biometric authentication, while others require the user to wait an hour and then authenticate a second time with Face ID or Touch ID. 

The idea is that Stolen Device Protection introduces another obstacle that makes it difficult for thieves to gain access to your data, erase it, or delete the device to factory fresh status for resale.

If someone has your device and attempts to make such a change, there will be a one-hour delay after which whoever has the device must successfully login again. That one-hour delay could be critical when using Find My to track device location.

What does Stolen Device Protection do?

Basically, Stolen Device Protection adds another layer of authentication that needs to be completed if someone has both your iPhone and its password.

This double verification process provides an additional authorization barrier to protect the device and the information it contains. It means that when you want to access passwords, change device or Apple ID passcodes, turn off Lost mode and other critical actions you will need to pass a biometric challenge, wait an hour, and then pass Face/Touch ID again. This will happen any time you try to make a change when in an unfamilar place. 

To achieve this, Stolen Device Protection uses Location Data, specifically frequently visited places such as your home or office.

So, if a colleague or family member has access to your device and your passcode and attempts to pry inside your iPhone, they will be able to if they are in the same place you usually happen to be.

What problem does Stolen Device Protection solve?

Recent reports say criminals have peered over a user's shoulder while the victim enters their password before seizing the device. That’s just one of a multitude of ways criminals will attempt to seize or guess a user’s passcode.

Once a criminal has both the device and the passcode, they can then change the Apple ID password, turn off Find My protection, steal your account and credit card details and passwords, and sell your iPhone for a profit.

Apple knows all about iPhone crime and has a track record of anti-theft measures it's put in place to protect devices. In October, it attended meetings at government level focused on device protection. We’ve also been warned that criminals accessing these phones end up opening people’s digital lives. Even if criminals aren’t chasing data, they can shift iPhones they are able to open up for good money or sell those they can’t return to factory setting for spare parts.

What to think about

The big take away behind this protection is that no one should ever share their passcode with anyone, bar their most trusted contacts. However, we now have slightly more protection in the event we do share our passcode.

What about iPhones in business?

We don’t yet know whether Apple will extend its device management protections so  that Stolen Device Protection can be enabled remotely using MDM solutions. It seems plausible.

In any case, enterprise users should already use device management systems that enable them to remotely wipe and reset their mobile fleets. Not only does doing so provide additional security, but managed devices are inherently a little harder to reset to factory status, even if a criminal does get through the authorization process.

Make crime pay (less)

As iPhones become harder to steal, casual criminals will inevitably target other less well-protected devices, despite the higher selling price iPhones command. Apple’s decision to introduce this protection follows reporting from the Wall Street Journal earlier this year of incidents in which thieves spied on users to steal passcodes before taking the iPhone.

At that time, Apple said: “We sympathize with users who have had this experience, and we take all attacks on our users very seriously, no matter how rare. The thefts described are uncommon and require multiple physical steps — stealing a user’s device is not enough…. We will continue to advance the protections to help keep user accounts secure.”

We can now see the company meant that promise.

How do you enable Stolen Device Protection?

Once iOS 17.3 ships, Stolen Device Protection will not be enabled by default. The protection can be enabled in Settings>Face ID & Passcode>Stolen Device Protection.

Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.