Device Theft: The Limitations of iOS 7's Activation Lock

By: Absolute Editorial Team | 6/12/2013

Apple recently announced the Fall release of iOS 7, an major upgrade to iOS that includes a redesigned UI, new features such as AirDrop for iOS and multitasking support, and additional security features. The major security updates to iOS 7 include the iCloud Keychain / Password Generator to store account information and create / remember stronger passwords and the new Activation Lock feature.

The Activation Lock feature in Apple iOS 7 makes it harder for unauthorized users (like thieves or people who purchase stolen phones) to use your device.

Now turning off Find My iPhone or erasing your device requires your Apple ID and password. Find My iPhone can also continue to display a custom message, even after your device is erased. And your Apple ID and password are required before anyone can reactivate it. Which means your iPhone is still your iPhone. No matter where it is.

Apple's Activation Lock: Limitations & Issues

The Activation Lock feature in Apple iOS 7 is interesting and we commend Apple for taking steps to combat mobile theft. However, although there is some secondary satisfaction in deactivating a device so that an unauthorized user is unable to use it, the value of this capability is limited and even potentially harmful to the device owner.

At Absolute Software, we've spent 20 years investigating these types of crimes and recovering stolen devices. We do not recommend that the device owner take any action during or post-theft, especially attempting to make contact with the unauthorized user in an effort to recover the device. Self-recovery can be dangerous and even fatal as detailed in our Cyber Vigilante Justice whitepaper. The best case scenario is for the user to surrender their device without resistance and then rely on trained professionals to work with law enforcement to recover the device and pursue any criminal charges that may result.

Many people assume that they can use the information in Find my iPhone to recover their own devices - an assumption that is both dangerous and erroneous. Even police have trouble recovering iPhones using GPS data alone.

The Safer Response to Device Theft: Absolute Software

In situations where the device owner is assaulted and injured in the commission of the crime, it’s important that law enforcement have the means to investigate and potentially catch the perpetrator. Absolute persistence technology remains with a device regardless if the unauthorized user wipes it clean to factory settings. This connection allows Absolute to deploy a forensic toolkit that is used to collect evidence which is then provided to law enforcement in support of their investigation. None of this work would be possible if the device was deactivated.

It’s exciting to see technology innovators tackle this problem. Samsung is an early adopter and has already embedded Absolute persistence technology in their Galaxy S4 smartphones. This provides Samsung customers with a safe response to device theft (including the potential to recover the device), while also providing law enforcement with the means to identify and capture criminals. This is a meaningful result that will protect the public and assist law enforcement in reducing crime.

Learn more about our partnership with Samsung here.

Financial Services