According to Fast Company, Apple recently launched the Stolen Device Protection anti-theft feature in the iOS 17.3 update, promising to protect iPhone users from thieves who have found ways to know the unlock password. However, this feature may not be as perfect as advertised.
When enabled, if an iPhone leaves a familiar location such as home or work, some features and actions will require additional security measures. Specifically, accessing saved passwords and credit card information will require users to authenticate with biometrics via Face ID or Touch ID. More sensitive security actions, such as changing your Apple ID password, will require two biometric authentication steps 1 hour apart.
But recently, 9to5Mac reported a worrying vulnerability that exists in Stolen Device Protection. Specifically, suppose users turn on the Significant Locations feature (used to remember important locations) and are in a familiar location. In that case, they will not be able to activate the protection of Stolen Device Protection.
This was also clearly stated by Apple in the feature’s support document, with the content: “When iPhone is in a familiar location, additional security settings will no longer be necessary and you can use the code device battery as normal”. The company often identifies a user’s key location based on how often and when they visit that place.
According to popular YouTuber ThioJoe, the use of key location data for Stolen Device Protection could be a concern if users frequently visit complex locations such as bars, which have been reported to be followed by many thieves.
“By default, protections are disabled when in a familiar location. The problem is that you won’t control which locations are considered familiar,” ThioJoe noted. ThioJoe also said he can disable Device Stolen Device’s anti-theft capabilities at one of the familiar locations without Face ID authentication.
However, there is still a temporary protection against the vulnerability, users can simply turn off the Significant Locations feature by going to Settings > Privacy & Security > Location Services > System Services > Significant Locations, then turn off the Significant Locations option.
After disabling this option, changes to Stolen Device Protection will always require Face ID or Touch ID.
