Apple is introducing a new feature for iPhones called Stolen Device Protection, designed to restrict the actions of thieves who have access to a stolen phone and its passcode. Developed in response to a Wall Street Journal report by Joanna Stern earlier this year, this opt-in feature is part of the iOS 17.3 beta, currently available to developers. Stolen Device Protection utilizes a combination of location tracking, biometric scans, and time delays, providing victims with the ability to lock out the thief and protect their data.
The primary objective of Stolen Device Protection is to counter a common tactic employed by iPhone thieves in public spaces. These thieves observe users entering their passcodes before swiftly stealing the device. In such scenarios, the perpetrator could exploit the time window to reset the owner’s Apple ID password, disable Find My, add a recovery key, and perform a factory reset for resale—all before the victim can take any action.
For instance, without Stolen Device Protection activated, a thief with the passcode could change the owner’s Apple ID password, effectively locking them out of their device. This enables the thief to turn off Find My, a crucial step for wiping the device and preparing it for resale at its full used value, rather than attempting to sell a locked device for a significantly lower price.
However, when activated, this feature introduces additional security measures. If the user is outside a familiar location, such as home or work, the phone will prompt for a Face ID or Touch ID scan. Changing the Apple ID password on the device will also require a one-hour delay. Even after the hour has elapsed, the device will still demand a Face ID or Touch ID scan before permitting changes to the Apple ID password. This enhanced security makes it significantly more challenging for thieves and provides the owner with the time needed to report the iPhone as stolen, thereby locking out the perpetrator.
Stolen Device Protection operates in tandem with Apple’s security settings, addressing common tactics employed by thieves to lock out the original owner. For instance, when attempting to add recovery keys or update the account’s trusted phone number, iPhone thieves often exploit vulnerabilities. With the new feature activated, the phone will request two biometric scans separated by an hour if it is away from trusted locations, further fortifying the device’s security.
Likewise, when utilizing iCloud Keychain passwords, Apple’s integrated password manager, a Face ID or Touch ID scan will be mandatory. With Stolen Device Protection activated, the passcode will not act as a fallback for unsuccessful biometric scans.
According to The Wall Street Journal, Apple intends to encourage users to enable this feature in iOS 17.3. As the initial beta of the update was just released, the general public may have to wait at least several weeks before being able to test it out.