Apple is adding a new iPhone feature called Stolen Device Protection that limits what thieves can do with a stolen phone and passcode. The opt-in feature, which was developed following a report earlier this year by the Wall Street Journal’s Joanna Stern, is included in the iOS 17.3 beta now available to developers. It uses a combination of location, biometric scans and time delays to allow victims to lock out the perpetrator and protect their data.
Stolen Device Protection aims to eliminate a common practice among iPhone thieves in public places, who watch users enter their passcode before snatching the device and locking it away. In such cases, the thief could reset the owner’s Apple ID password, disable Find My, add a recovery key and reset the phone to factory settings for resale before the victim can do anything.
For example, without Stolen Device Protection turned on, an iPhone thief with your passcode could use it to change your Apple ID password, locking you out of your device. This allows the thief to turn off Find My, which is critical to wiping the device for a new user. The thief can then sell the device at full secondhand value, rather than trying to pass off an iCloud-locked brick for much less.
But with the feature turned on, the phone will ask for a Face ID or Touch ID scan when the user is away from a known location, such as home or work. There will also be a one-hour delay before changing the Apple ID password on the device. After the hour, it will still ask for a Face ID or Touch ID scan before changing the Apple ID password on the iPhone. This makes life much harder for the thief and gives the owner time to report the iPhone as stolen and lock the thief out.
Stolen Device Protection works in a similar way with Apple security settings. Adding recovery keys or updating the account’s trusted phone number is another way iPhone thieves can lock out the original owner. As in other areas, with the new feature enabled, the phone will ask for two biometric scans an hour apart when away from trusted locations.
Similarly, passwords for iCloud Keychain, Apple’s built-in password manager, will require a Face ID or Touch ID scan. The passcode won’t work as a backup for failed biometric scans if Stolen Device Protection is turned on.
The Wall Street Journal reports that Apple plans to prompt users to enable the feature in iOS 17.3. As Apple only released the first beta of the update today, the general public may have to wait at least several weeks before trying it out.