Apple is adding a new iPhone feature called Stolen Device Protection that limits what thieves can do with a stolen phone and passcode. Created following a report earlier this year by the Wall Street Journal’s Joanna Stern, the opt-in feature is included in the iOS 17.3 beta, now available for developers. It works using a combination of location, biometric scans, and time delays, allowing victims to lock out the perpetrator and safeguard their data.
Stolen Device Protection aims to snuff out a common practice among iPhone thieves in public places, who watch users enter their passcode before snatching the device and bolting. In such cases, the perpetrator could reset the owner’s Apple ID password, turn off Find My, add a recovery key and factory reset the phone for resale before the victim can do anything about it.
For example, without Stolen Device Protection turned on, an iPhone thief with your passcode can use that to change your Apple ID password, locking you out of your device. This allows the pickpocket to turn off Find My, crucial to wiping the device for a new user. The thief can then sell the device at full used value, rather than trying to pass off an iCloud-locked brick for much less.
But with the feature turned on, the phone will ask for a Face ID or Touch ID scan if the user is away from a familiar location like home or work. It will also require a one-hour delay before changing the Apple ID password on the device. After the hour, it will still ask for a Face ID or Touch ID Scan before changing the Apple ID password from the iPhone. This makes life much harder for the thief and gives the owner time to report the iPhone as stolen, locking out the perp.
Stolen Device Protection works similarly with Apple security settings. Adding recovery keys or updating the account’s trusted phone number is another way iPhone thieves lock out the original owner. Like in other areas, with the new feature activated, the phone will ask for two biometric scans an hour apart if away from trusted locations.
Similarly, iCloud Keychain passwords, Apple’s built-in password manager, will require a Face ID or Touch ID scan. The passcode won’t serve as a backup for failed biometric scans when the Stolen Device Protection is turned on.
The Wall Street Journal reports that Apple plans to prompt users to turn on the feature in iOS 17.3. Since Apple only launched the update’s first beta today, the general public may need to wait at least several weeks before trying it out.