Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the TidBITS Content Network for Apple consultants.

iOS 7 Locks Stolen iPhones to Prevent Resale

In the June 2013 announcement of iOS 7, Apple emphasized changes in the Find My iPhone app and service. With good reason: the new version makes any iOS device far less attractive to steal, erase, and resell, plus it provides more location-tracking data. These improvements should reduce thieves’ interest in iOS devices because they won’t be easy to sell or fence, and might help law enforcement track down less-wary criminals more often.

Apple added this feature because mobile carriers (at least in the United States and several other countries) have shown little interest in helping their customers recover stolen mobile phones or eliminate the value of those phones at resale. Both GSM and CDMA phones have unique, burned-in hardware identifiers — the IMEI and MEID, respectively — and carriers know which ID is associated with your account. If you report a phone as stolen, the carrier could prevent that ID from being reactivated, provide you with information about its location, notify law enforcement, seize it when brought into a store, and so forth. Carriers do essentially none of that.

As a result, expensive smartphones with high resale value, like the iPhone, have become desirable targets for thieves, and account for a significant percentage of serious crimes in many cities. For instance, cellphone-related thefts accounted for 41 percent of serious crimes for six months earlier this year in San Francisco, 40 percent of robberies in Washington, D.C., and over 50 percent of all street crime in New York City.

With iOS 7 and Find My iPhone, Apple now has the technology to stop iOS device theft in its tracks, although the company couches these capabilities in terms of “lost” iPhones, not stolen ones. No one wants to think about theft, but we all misplace things.

Enabling Find My iPhone is easy, and isn’t really any different than in previous versions of iOS. All that’s necessary is a free iCloud account. When you configure that account in the Settings app, you can turn on Find My iPhone with a single tap. What’s new is that, once Find My iPhone is turned on, you must enter the Apple ID password for that iCloud account to disable the service. Up to this point, savvy thieves knew to disable Find My iPhone on an unlocked iOS device immediately to prevent tracking — that will no longer be possible.

Of course, a thief could still power down the device, put it into a metal-lined box, or wrap it in aluminum foil to prevent it from broadcasting its location. But all that requires more preparation, and if it doesn’t happen immediately, the device could be reporting its location and optionally displaying recovery messages as soon as the owner marks it as lost via the iCloud Web site or the Find My iPhone app on another iOS device. That’s the first strike against crime.

The second — and most important — strike is that the device cannot be erased without entering the owner’s Apple ID password, preventing a thief from resetting a stolen iPhone to factory defaults before reselling it. Of course, if your iPhone lacks a passcode, it would still be somewhat usable, which isn’t ideal, but as long as it can reach a network, it continues to update its location. And, of course, you can opt to wipe it remotely. Even if the iPhone was off when the erase feature was invoked, the iPhone erases itself the instant it establishes any sort of network connection. Since the iPhone 3GS, a hardware encryption chip immediately destroys the iPhone’s contents by discarding the encryption key necessary to decrypt data. Once that happens, the data is gone, and can’t be recovered via forensic tools.

The third and final strike is that, even after the device is wiped remotely, the recovery messages still appear and the owner’s Apple ID and corresponding password are required to restore it to working order. So even if you wipe your iPhone remotely, you don’t have to worry about anyone else ever being able to use it again. If it’s later recovered, you can easily restore from your most recent backup, entering your Apple ID and password when prompted.

In short, if you have Find My iPhone turned on in iOS 7, your Apple ID and password are required to:

  • Turn off Find My iPhone
  • Erase the iPhone
  • Restore or set up the iPhone

(If you want to sell or give your iOS device away, disable the activation lock by going to Settings > General > Reset > Erase All Content and Settings.)

There’s a final piece to the puzzle for which we don’t yet have the answer: does Find My iPhone continue to transmit the device’s location after it has been erased? Up through iOS 6, it does not. But since iOS 7 clearly must have a network connection in order to confirm the entry of an Apple ID and password, it could in theory continue to send location updates.

There’s a precedent, too. In Mac OS X 10.7 Lion, Apple replaced the directory-based FileVault with FileVault 2, which encrypts the entire disk. (iPhone models with encryption chips use essentially the same system.)

Lion also includes Recovery HD, a hidden partition that one can boot into in order to run Disk Utility, or even reinstall Mac OS X. When FileVault 2 is enabled, Recovery HD (since 10.7.2, and also in all versions of 10.8 Mountain Lion) adds a Guest User login, as long as the Mac’s owner had previously logged into iCloud.

That Guest User login is useful, because it boots into Recovery HD and allows a network connection and access to Safari. But it’s also a honeypot. If a thief were to abscond with your MacBook Pro, log in via Guest User, and connect to a network, Find My Mac would be able to report its location back to you, assuming you had marked the Mac as lost.

Even if a Mac marked as lost is simply powered up, if it’s near a Wi-Fi network to which it has previously connected, Mac OS X associates itself and starts transmitting location information. (I explained this more fully at Macworld in “Can FileVault 2 and Find My Mac foil thieves?”)

Apple may be employing the same minor subterfuge here. Allowing a thief to power up a stolen iPhone and try to enter Apple ID passwords gives the device time to phone home. Will this lead the police to more recoveries? Hard to say. But it very well might help Good Samaritans to return misplaced iPhones, since you can now wipe a lost iPhone and still have a recovery message displayed!

Of course, just adding these features to iOS 7 won’t immediately turn an iPhone into technologia non grata. Thieves will still see them as quick returns on criminal investment for some time. But once word of the pointlessness of trying to resell a useless iPhone spreads among the intermediaries through whom stolen goods are fenced, we hope to see a significant drop in such thefts — and their associated intimidation and violence.

In the end, this subtle update to Find My iPhone may be the most important reason to upgrade to iOS 7. In fact, police officers in New York City are encouraging citizens to upgrade to iOS 7 for this very reason.


READERS LIKE YOU! Support TidBITS by becoming a member today!
Check out the perks at <>
Special thanks to Rob and Danielle Sandmann, Kim MacMillan, George
McHugh, and Sean Peisert for their generous support!

Comments about iOS 7 Locks Stolen iPhones to Prevent Resale
(Comments are closed.)

So from now on, thieves just need to remember to force you to surrender your apple id when they steal your device...
Adam Engst  An apple icon for a TidBITS Staffer 2013-09-18 15:17
Obviously, I haven't tried this, but my suspicion is that even if you're coerced into turning off Find My iPhone, the Apple ID will be required to erase or set the iPhone up from scratch. So there's a very short window when this could take place (ie, before you go home and change your Apple ID - and if you can't do that, you have bigger problems than your iPhone being stolen).
Glenn Fleishman  An apple icon for a TidBITS Staffer 2013-09-19 00:13
I believe that Find My iPhone has to be active when a phone is shut down to keep the Apple ID lock on for erase/reinstall. I haven't had the opportunity to test!
Don't think a theft don't need that you can restored it via dfu mode and put the iOS firmware again so no more
Account can be seen because its new again
You say "savvy thieves knew to disable Find My iPhone on an unlocked iOS device immediately to prevent tracking — that will no longer be possible"

No. A thief only needs to swipe up on the display & enable airplane mode. Even if they phone is locked. Location services are immediately disabled. Thieves rejoice!
artMonster  2013-09-18 15:09
They can just power it off as well. What good is the phone if they can neither turn it on nor enable the radios ?
Adam Engst  An apple icon for a TidBITS Staffer 2013-09-18 15:16
Yes, they can certainly prevent Find My iPhone from reporting location in a variety of ways, as noted. But the real point is that without that Apple ID, the phone has no resale value at all.
People who are concerned about that can prevent the Control Center from being accessed from the lock screen.
Ha! I hadn't noticed that. Cool beans :)

Now I wish that powering off could be disabled when locked. At least that way you could track the stolen phone until it ran outta juice (assuming they didn't jam the signal).
Matt Cone  2013-09-18 15:02
Great article. Glenn, I really appreciate your security articles. Thanks!
After updating my iOS, i saw this find my iphone app then it said to erase your ipad then register it again. and now all my files are gone after doing it. is there a way to recover my files and stuff? because i write my lecture notes and assignments on my ipad + my apps (temple run) i spent ages to get what i got in there. and my ipad is not updated on my itunes because i use my brother's laptop. how do i recover everything? please help..
Adam Engst  An apple icon for a TidBITS Staffer 2013-09-19 06:41
There are two ways to back up an iOS device, to iCloud and to iTunes. If you've done either of those, you can restore from those backups, but if not, you're kind of out luck. (Though I must say, Find My iPhone saying that you need to erase your device sounds wrong to me too.)
So what do you do when you are ready to sell your iPhone? Does all these settings have to be turned off?
Adam Engst  An apple icon for a TidBITS Staffer 2013-09-19 06:48
That's an interesting question, but I'd be very surprised if it wasn't possible. The question is, exactly what steps are necessary.
Tonya Engst  An apple icon for a TidBITS Staffer 2013-09-19 09:16
kb, yes, when you want to sell your iDevice, you'll go into the Settings > iCloud and turn off Find My iPhone. To do so, you'll have to specifically enter your iCloud password. Ideally, you would then erase the device fully and then you (or the new owner) would set it up as a new device. And, once it's set up, ideally, the new owner would sign in to iCloud and enable Find My iPhone.
barefootguru  An apple icon for a TidBITS Contributor 2013-09-20 02:57
In the iPad User Guide for iOS 7 there's a section on ‘Sell or give away iPad?’:

Erase iPad and remove Activation Lock: Go to Settings > General > Reset > Erase All Content and Settings.
Alex Breshears  2013-09-19 02:57
Unfortunately, this doesn't work if you put the phone in DFU mode.
Gamblor  2013-09-19 06:52
It does. I have just updated an iPad mini to iOS7 to test this. It allows you to restore, but it asks for the iTunes password associated with the account that the device was originally set up with.
Adam Engst  An apple icon for a TidBITS Staffer 2013-09-19 06:45
What part doesn't work? My understanding is that the Apple ID is required on Activation, regardless.
Bob Hobson  2013-09-19 07:47
Sometimes what appears to be stolen is actually a case of someone finding lost stuff and not being able to return it. If they are not able to easily figure out who it belongs to it won't get returned very fast if at all. This is why I put tracker tags ( ) on all my stuff. They make it easy for someone to return things quickly and securely. I figure for a couple bucks it's worth a try and better than wiping my phones data and then getting a call that it has been found a few days later.
Adam Engst  An apple icon for a TidBITS Staffer 2013-09-19 10:28
The new capability to wipe an iPhone and still have a message displayed should be good in this case.

And remember, restoring a wiped iPhone is trivial - just restore from your latest backup. You are making constant backups to iTunes or iCloud, right? :-)
Sotipap  2013-09-19 16:24
The complexity and the frequency of the Lock screen passcode is extremely annoying. Working in my office or at home the whole day I am not afraid of loosing my iPhone and iPad. I would like to carry the responsibility and then to have the choice to activate / deactivate the service of "passcode lock"; a very good function to use when i am out or travel. I would highly recommend the iOS people to consider this activate / deactivate option in their next improvement - I would rather risk to have my phone stolen than this extreme inconvenience any time I use my iPhone/ iPad...
Adam Engst  An apple icon for a TidBITS Staffer 2013-09-20 06:43
The fingerprint scanner in the iPhone 5s should eliminate this issue for those who buy new phones (and I expect it to make its way into the product line at large over time).

But you're absolutely right - our devices have extremely poor locational awareness overall, because how you act at home is likely to be quite different than how you act when you're out and about.
What happen if the thief put the device on DFUmode and restores from iTunes?
Can someone please help! On the new update I didn't realize I would have to enter my code every time I get on my phone. Is there a way of turning this off?
Adam Engst  An apple icon for a TidBITS Staffer 2013-09-20 09:53
Go into Settings > General > Passcode Lock to turn it off or change the frequency with which you're prompted.
Thank you Adam!
Roquefort  2013-09-21 10:02
The big problem is going to be people who forget their apple id and password or the apple id is tied to a email they no longer use, or worse, a phone and email recovery they no longer have access to.

I suggest that Apple should allow someone to take the phone into a store to be erased and be able to look up the IMEI to see if the phone is reported stolen.
Roger Chong  2013-10-12 23:50
I encoutered this problem after I gave away my iPhone4 (here refer to "the device")to my daugther who was using iPhone3GS. First, the device was upgraded to iOS7, then restored her backup into the device. Later on, I found that "Find My iPhone" cant see the device as just relaizing the device's iCloud is using my old email (not in service now as I got a new email for my AppleID) which I can't turn it off and can't reset the device to default (as need to turn off "Find My iPhone" first). And I can't delete the iCould account from the device also. Before that, old email still can associate with new email of AppleID but not for iOS7. So how to solve it either change or delete the iColud ID?
Adam Engst  An apple icon for a TidBITS Staffer 2013-10-13 08:22
I think you need to talk with Apple support about this - I don't know the answer, but if it can be solved, I suspect it will be the sort of thing that only Apple can do.
BruceH  2013-09-24 18:58
The article is way too optimistic regarding the effectiveness of this change to Find My iPhone. Once a jailbreak comes out for iOS7 then all bets are off. The thief need only switch off the stolen device (or throw in the trunk of a car along with a Wifi jammer and a cell phone jammer - both super cheap - until he can get to somewhere out the way to turn them off properly) and remove SIM cards.
Then do a jailbreak and wipe the internals. Then restore/reset as if a new user. Once the jailbreak is out, the tools to wipe will soon circulate.

Best deterrent is to get your name engraved on the device. If mugged, chances are you'll find the phone 50 yards down the street once the thief realises.
Curtis Wilcox  An apple icon for a Friend of TidBITS 2013-09-25 08:45
You expect a street thief to own and operate jammers but not figure out they can cover an engraving with a case or sticker?
Dustin Blake  2013-09-28 06:55
I'm all on board with these great improvements to Find My iPhone... but I wonder - will any of this matter if the thief simply ejects the SIM card of my AT&T iPhone? I would hope that the AppleID requirement would still work, but I'm guessing any phoning home wouldn't work.
Glenn Fleishman  An apple icon for a TidBITS Staffer 2013-09-28 09:03
As far as we can tell so far, this is something that is locked away within the phone, and cannot be erased or reset. It's possible Apple is using Secure Enclave for this, as it is with Touch ID fingerprint data. Jailbreaking the phone may not help, either, as erasing the phone won't reset the Apple ID lock — or so it seems. I'm sure we'll start to see attempts and answers soon.
If you set your device to wipe after 10 wrong password attempts and the device is wiped because someone enters the password incorrectly 10 times (whether a thief or a good samaritan who found it), are you still able to use the iCloud / Find My iPhone features to track the device's location and send "Please call..." messages to the lock screen? Or must those be triggered before the device is wiped?
I may have just found the answer to my own question, and also to the "final piece of the puzzle" near the end of the article: According to this Apple document:

Once a device is erased, it cannot be tracked or even be sent the command to play the lost (sonar ping) sound. This document was updated last month (Sept. 18, 2013). So unless it is somehow incorrect, a wiped device (either remotely or via the setting to erase device on 10 failed passcode attempts) will be fully bricked, and the best the owner can hope for is that someone finds their lost device and takes it to an Apple Store so they can look up the Apple ID associated to it.

So the "remote wipe" in Find My iPhone should really be treated as one's last resort "nuclear" option. It should only be used if one really needs to protect their data by wiping the lost device, with the expectation that the chances of getting the device back are slim to none.
Jason Burroughs  2013-10-18 22:24
I sold my iPhone 5 freshly wiped and installed iOS7 today. We met at the Tmobile store (I was an AT&T customer) and he had them check if it was unlocked and usable. The guy said yes, BUT that I could walk out of the store, call AT&T and tell them it was stolen, and then claim it under insurance.

I'm a pretty tech savvy guy, and having sold at least one iPhone a year for the past 5 years, I was pretty shocked to hear this. According to him, at any time now or in the future, I could permanently (and irreversibly) render my old phone useless.

He made it sound like the guy should never feel safe, because I could take it all away from him. Sounded like BS at first, but once it sunk in, I realized he had a point - Apple doesn't have a "transfer" mechanism for the phone or AppleCare+, and neither does AT&T. I'd love to hear others' thoughts on this, as it seems to invalidate the entire used market for iPhones. I understand the stuff about Find iPhone, but that does not seem to apply here.
Hossam  2013-11-10 11:23
I am stuck in this update, I bought a second hand 4S without knowing about it. Now it is not working and I don't know the owner. Unfortunately, I can not get to contact the owner even when I know his apple id