With iOS 17.3, Apple introduced a new feature, Stolen Device Protection. You should enable it. This feature prevents a thief from taking your device after watching you enter your own passcode, then changing your account passwords, locking you out of your device and accounts so you can’t recover it. It does so by requiring Face ID or Touch ID authentication when you’re not in a familiar place.
There’s a small problem with that though. Apple doesn’t let you define familiar places. Sure, it might use your home address from your address card in the Contacts app, but what else? One tech YouTuber, ThioJoe, realized that Apple’s “familiar locations” isn’t something the user can set up, but something your iPhone will figure out for itself. That means your favorite cafe, bar, or even your train station could get flagged as a significant location, and therefore potentially a “familiar location,” making you vulnerable to a thief in public places.
Fortunately, there’s an easy band-aid fix you can apply now. Unfortunately, it means you’ll never be able to take advantage of easier changing of passcodes until Apple fixes their feature.
Familiar Locations Everywhere
Apple hasn’t said much about how “familiar locations” work. However, they seem to draw from an existing feature: “significant locations.” These are supposed to be places you’ve gone that are in some way “significant.” Perhaps you go there frequently, maybe it’s an office, a friend’s house, or your favorite bar. Apple seems to identify places you pause for some time throughout your day.
However, these aren’t “safe” locations. Someone could steal your phone at work or at the bar far more easily than they could at your home. You’d probably notice someone suspicious in your home. Probably. Apple also seems to label anything as “significant.” I checked myself. After a night out with friends, the venue we were at was listed as a “significant location” for me. I had spent but a few hours there. It was a public space, crowded at that. It might be one of the worst choices to make a “familiar location.” However, thanks to Apple’s designation of the location as “significant,” it might be. Again, we have no idea what criteria “familiar locations” pulls from, only that it uses these significant locations and perhaps your home address from your contact card, if you’ve provided one.
Fixing the Problem
You might think the solution is obvious: disable “Significant Locations.” And you can do this, though you may not want to. If you do it, you might have to use your Face ID to reset or change your password, even while at home. If Face ID breaks, say from dropping your iPhone, you could lock yourself out of being able to change your password until you can re-enable significant locations and Apple decides that somewhere is a “familiar location.” If you get completely locked out of your device somehow, you could be out of luck. With that risk in mind, here’s how you can disable Significant Locations:
- Open Settings
- Go to “Privacy and Security”
- Select “Location Services”
- Scroll down and select “System Services.”
- There you can select “Significant Locations.”
You can turn it off, or, alternatively, you can just clear it, like clearing the history of where you’ve been. If you clear significant locations, you may alter the list of what familiar locations can pull from. This could help limit your familiar locations, without turning the feature off entirely. You’ll just have to clear out significant locations frequently, and it’s not exactly a top-level menu item.
Better Options
First, you can ignore the potential risk. Stolen Device Protection will still make you a little more secure, even if it’s not perfect. Apple will surely update it in the future to eliminate this flaw in their design, now that someone discovered it.
You could—and should—enable an alphanumeric password. Instead of a 6-digit number, choose either a long numeric passcode, at least 15 numbers long (good luck remembering that) or set an alphanumeric password, like one you’d set for your computer. Thanks to Face ID and Touch ID, you won’t need the password very often. This longer and more complex password will be more difficult for someone to observe and copy from over your shoulder. It’ll make your phone more secure than number-only passwords could. A 6-digit passcode is easy to watch, observe, and even crack later if you miss a digit. After all, there are only 10 options for each digit.
While you’re at it, make your device less useful if it does get stolen. Disable Control Center on the lock screen so someone can’t put your iPhone into airplane mode until they can break in and change your passwords so you can’t track them with Find My. In Settings -> Face ID & Passcode, scroll down to “Allow access when locked” and turn off features you don’t need from a locked screen. Everything you shut off will make it more difficult to get your data from your device.
iPhone security is pretty great, but it’s far from perfect. With a few tweaks, you can protect your device and all the important accounts and information on it.