iOS 17.6 and iPadOS 17.6
Juli Clover (release notes, security, developer):
There are no notable features in the iOS 17.6 and iPadOS 17.6 updates, with Apple adding unspecified bug fixes and security updates. Nothing new was discovered during the beta testing process.
Updating to iOS 17.6 now prompts to enable Stolen Device Protection on the first boot. This will lead to some people getting locked out of their phones and requiring an erase and restore because the drawback to enabling it is not made clear to the user.
Presumably it will prompt at each future update as well, just as I have to decline to enable Siri at every single update.
Previously:
19 Comments RSS · Twitter · Mastodon
While I don’t disagree that Stolen Device Protection isn’t suitable for everyone, why highlight the fearmongering from Eric deRuiter about this?
“This will lead to some people getting locked out of their phones and requiring an erase and restore”? Even with Stolen Device Protection turned on, you can still use your normal passcode at familar locations like home and work, right? And presumably most people find themselves either at home or at work at least once a day anyway?
I just have trouble following the connection of going from point A of enabling Stolen Device Protection to point B of needing to erase your iPhone?
@Ashley Because in my experience it doesn’t work properly. I almost got locked out of my own phone when I was at home, which it somehow didn’t realize was a familiar location. And then the process of turning off Stolen Device Protection also didn't work properly. I don’t trust the feature and think it’s more likely to harm me than help me. I and others have had multiple cases of Apple IDs being locked, and if this happens when I’m away from home (without another device to unlock) or when Stolen Device Protection is misbehaving it could be a real problem.
Maybe the calculus is different for people for whom Stolen Device Protection seems to know the right locations or who frequently enter their passcodes in public.
The main issue that Eric is concerned about is that, with Stolen Device Protection enabled, if Face ID stops recognizing your face you have to erase the phone (even if you’re at a familiar location).
@Michael Tsai
Ah—those are all very fair considerations. In that case, I concede that Eric makes an excellent point.
I am not trying to fear monger. I think that a strong alpha numeric device password, combined with FaceID/TouchID is best practice. That comes along with being careful when entering the password in public to prevent shoulder surfing and knowing how to quickly temporarily disable biometrics. A strong password is more difficult to shoulder surf than a 4 or 6 digit pin.
Since I am so careful with my device password I would only use Stolen Device Protection if I didn't face the potential big interruption of having to wipe and restore my phone. They could improve it by not requiring FaceID at home, which would mean if FaceID breaks you just have to go home where your device password would let you re set up FaceID fresh without requiring wiping the phone.
The scenario where we see this attack played out such as in the Joanna Stern Wall Street Journal article seems to often be public social situations like bars. For some people Stolen Device Protection will be helpful—primarily those with a 4 or 6 digit pin, are in those social situations often, and aren't careful in keeping their pin private. Alcohol probably doesn't help in keeping the pin private.
My point is that there is a downside in requiring the phone be wiped which is a scenario that will happen much more often than the stolen device and password attack. Having to wipe and restore your phone is not as bad as having your Apple Account compromised, but most importantly people do not realize that is the tradeoff they are accepting when setting up Stolen Device Protection.
I also wish it was possible to just not allow Apple Account password resets with a phone device passcode. Apple treats it not only as the device password, but as a recovery method for your account. Stolen Device Protection attempts to let them keep it as a recovery method but limit damage if someone does get the device and the password.
@Ashley You ask "Even with Stolen Device Protection turned on, you can still use your normal passcode at familiar locations like home and work, right? And presumably most people find themselves either at home or at work at least once a day anyway?"
This is how I thought it would work initially, but being at home or at another familiar location does not remove the requirement for FaceID for certain actions and you can't use the device password if FaceID fails. This is different from the pre Stolen Device Protection era where the password is your all access authentication to the phone and FaceID was basically a shortcut to that authentication, but you could always fall back to the password to get anything done if FaceID doesn't recognize you. With Stolen Device Protection FaceID is promoted to become THE authentication for certain actions and knowing the password is no longer sufficient to access them.
To demonstrate this scenario of FaceID no longer recognizing you:
1. Set up Stolen Device Protection including with familiar locations enabled.
2. At home, cover one eye with your hand and try to disable Stolen Device Protection by getting it to prompt you for the password after the failed FaceID auth. It won't give you a password prompt.
Once you see it is not possible you can remove your hand from your face and you'll be able to use FaceID to disable it (after the 1 hour delay).
I encountered the Stolen Device Protection issue a couple days ago, whereby the prompt said I was not in a familiar location. I was at work. I spend more time at work than anywhere, and it's not even close. Password reset was requested and I declined to do so (I was trying to visit the Apple Card site on my Mac) because I have many devices and changing my Apple ID password is a brutal process.
All my at-work devices continued to behave as normal, and just the Mac would periodically throw up a notification I could dismiss. Eventually, I pulled up my contact card on my phone, tapped my work address so it would open in Maps, and it said my work location was 80 feet away. I have no idea how to correct that other than using incorrect information in my contact card, which would then be useless (or a pain) when sharing.
So the scenario is that you want to change your password when you're out and about. You can't because you're away from home.
You're in a big rush — can't wait an hour — so you go home, it asks for your face/fingerprint again, and you can't provide it.... because you were in a horrible accident on the way?
While I guess that's a possibility, but I think there's a much higher chance that someone saw you enter your password, steals your phone, and later tries to take over your account to 1) sell your phone or 2) get into your passwords and empty your bank accounts.
So given that alternative, the time delay seems reasonable to me, as does the biometric authentication.
How often do folks change their iCloud password, anyway?
This solution seems especially reasonable when you consider how many people forget their iCloud password.
(The root issue is that Apple made your device password the key to your entire iCloud Keychain. 4 digits gets you access to the keys to the kingdom — way worse than losing the physical phone. I noticed this security hole probably 8+ years ago and am really glad they've finally closed it. Their old solution was security through obscurity, but that security gap became quite well known in recent years. )
The system needs to be designed for true security novices, and while perhaps not perfect or convenient for the experts. I think the current state seems like a good balance. I'm not sure I can think of a better solution.
@Bryan You don't have to just worry about FaceID failing coinciding with you being away from home and needing to reset your password all at once. If FaceID fails at any point you will be locked out of a number of important functions so you will need to erase and restore the phone in fairly short order. It won't become a brick or lock you out of all functionality but it will be necessary to erase it.
Obviously phones are stolen fairly often but without knowledge of the password by the thief, so this is a very rare and specific attack. I don't have the numbers but I suspect the amount of phones and passwords stolen will be dwarfed by frustrated people having to erase their phones now that this is pushed as a default and the implications are not clear.
I think overall it is a pretty good solution that would be greatly improved by not requiring biometrics at home.
At https://support.apple.com/en-us/120340 dated June 12, 2024 the language seems to indicate that you are not required to use biometrics at home but based on me testing it twice and speaking to Apple Support that is not the case and what I have commented above is true.
@Bryan I have had multiple times where I didn’t want to change my password, but Apple decided to lock my account (even though I didn’t forget the password or enter it incorrectly) and forced me to change it. I’m also currently fighting an issue where one of my Macs can’t sign in to Apple ID because the account is locked and it just goes through an endless loop of unknown errors when I click Unlock Account.
The issue that @NaOH brings up about Apple's absurd location problems is pretty important. I've been filing bug reports/feedback to Apple for over a decade (never so much as getting a "Hi, how are ya?" in return, so I know they're going to File 13) about how Apple is handling "locations". The biggest gripe is that—because of their MASSIVE egos, apparently—they don't give the user ANY control over the actual LOCATION PIN, and instead rely on… what? the USPS? Further, everything is geared around "Home" and "Work". What about us folks that live in a home but park our cars elsewhere? Or work somewhere with a parking area that isn't in a parking garage under the building? All of my mapping starts out assuming I'm walking out of my front door (on one street), versus pulling my car out of the place I've parked it for 25 years (on another, a half-block away), and hence directions are always all wrong. I have clients that live up long driveways… good luck getting gelocated automations to ever work consistently. And in the cases where I've submitted Map problems, only maybe like 1 out of 10 actually get fixed, usually with zero feedback from Apple. (My cabin 'location' is 10 miles away, because 'location' doesn't use the GPS coordinates that I set by dropping a pin while standing on my porch and instead uses the generic ZIP code… for the nearest town… and drops the location at some central point. So when I'm there, all the travel times for events on my calendar are screwed, as are notifications based on Travel Time. All because I can't seem to get Apple to grasp the concept that I know more than them about my individual needs.)
So when I saw that Stolen Device Protection used 'locations', it was a no-brainer for me: it was getting turned off.
@Scott Hmm, I wonder whether part of my problem is that the Apple Maps coordinates for my home address are off. However, Stolen Device Protection didn’t even show the actual coordinates as a location where I spend a lot of time.
@Michael You can see home in Settings > Privacy & Security > Location Services > System Services > Significant Locations. For me I can see it has correctly labeled my home.
I enabled Significant Locations to see if it would help my phone recognize when I'm at work. I think I'd previously disabled that option because it was (remains?) the basis for the unsolicited notifications I'd see saying something like, "It's a 15-minute drive without traffic back to work."
Anyway, from the same, fixed outdoor seat I used yesterday Maps went from telling me I was 80 feet from work to 90 feet away. Typing this comment inside, about 50 feet from where I sat outside, the Maps app says I'm 100 feet away.
Now let me explain. I'm in a space that's one of a number in a one-story building. My space is a rectangle, the long sides going east to west. Sitting outside checking if Maps properly shows where I am, I'm on the east side. (Maps says 90 feet away). Typing this on a Mac inside, I'm almost in the middle of my east-to-west space and Maps says I'm 100 feet away. If I go to the west-side entrance, I'm 40 feet away.
In a building with eight spaces, Maps thinks I'm in the first one based on the walking directions it gives me. It also still lists the business that was in #2, but closed when Covid began in Spring 2020. The business in #8 — at the end of the building — is shown on the map at about #6.
I'll leave Significant Locations on for a week or so to see if it improves with time, otherwise I'll disable it.
Apple's location problems are real, and they are spectacular. I (and others) have experienced this firsthand with location-based HomeKit automations. I've had morning automations fail to run because my Home location changed _in the middle of the night_. There are various incantations you can invoke to force some kind of a reset of location data that have worked in the past, but obviously you'd have to first be aware that your Home location changed in the first place (I only knew because the failed automations prompted me to start digging around for a cause).
In the Settings > Privacy & Security > Location Services > System Services > Significant Locations that @Eric deRuiter mentions… what does everyone else see?? Because… well… that “feature” seems rather pointless to me. I see what LOOKS to be a button with a label of “134 Records” (or “ 38 Records” on my iPad) under a heading of “SUMMARY”… but—in typical crappy Apple UI fashion—tapping that ‘button’ does nothing (on both devices). Nice ‘summary’. And below that, under a heading of ‘RECENT RECORDS’, on both devices, is a single ‘record’ of the grocery store I go to weekly. That’s it! No Home. No Work. No Cabin. A shopping plaza with a grocery store and liquor store.
I’m the kind of on-spectrum person that would happily be willing to spend hours providing Apple/iOS location information, with intricately drawn boundaries and ranking of importance… if only they’d let me. But they know better. I’m stupid.
The arrogance, it hurts. (I’ve come around to believe it’s actually false arrogance. Apple has become lazy. They used to sweat over the “last 10%”. Then they slewed to the “80–90%”. Then, “70–80%”, and most stuff was 20% undone. We’re well under that now, with most releases going out as ‘beta’ quality at best. iOS, what was supposed to be the savior next-generation OS for Apple—following on the heels of their predecessor ‘savior’ OS, macOS—but has become a trundling mess of old spaghetti code and 20-year-old stale app concepts where NOTHING seems to have been well architected and engineered. They ‘design’ the shit out of everything, though! Like the Frank Lloyd Wright house that’s falling down (Falling Waters is a terrible disappointment to anyone who has seen it in person with any knowledge of proper, good construction understanding) or fashion designer clothes that fall apart at the seams as soon as you pull them off the hanger. I expected better from Apple with ‘success’; guess they’re right, I am dumb.)
I also see a non tappable button of 126 locations and then below that 2 recent records, home and the doctor I went to yesterday.
@Scott That’s what it showed for me for the first few months: just a grocery store and no home. Now it only shows home.