Apple’s new Stolen Device Protection has a big vulnerability. Here’s how to fix it

Creative image of a passcode

Getty Images/Boris Zhitkov

Last week, Apple released iOS 17.3 with much anticipated updates such as Collaborative Apple Music Playlists and AirPlay hotel support. One of the biggest highlights was a new Stolen Device Protection; however, it’s not as secure as we initially thought. 

Stolen Device Protection in iOS 17.3 is meant to add an extra layer of security to prevent bad actors who have your passcode from completing critical operations such as changing your Apple ID password, which would prevent you from being able to track your iPhone or mark it as stolen.

Also: This new iPhone app fuses AI with web search, saving you time and energy

With the feature enabled, performing critical actions on your phone when your phone is away from familiar locations, such as work or home, requires additional security requirements, including biometric authentication, such as Face ID or Touch ID, or a Security Delay, which requires you to verify your biometrics a second time an hour later. 

In theory, this is a foolproof solution since being in a familiar location — such as your home — typically means the device is in your possession. However, who determines if a location is familiar and that it’s worth putting your phone’s security guards down?

As spotted by 9to5Mac, Apple uses how often you visit a place to determine whether it is a significant — in other words, “familiar” — location. This can become a security issue when you frequent less secure places such as your favorite grocery store, bar, or cafe, and Apple, therefore, flags any of these as significant locations. 

To view how many significant locations you have, you can visit Settings > Privacy & Security > Location Services > System Services > Significant Locations.

Also: How to use iPhone’s Security Keys feature to protect your Apple ID

I was shocked to find that Apple identified 197 records of significant locations between December 4, 2023, and January 28, 2024, on my phone, including a pizzeria where I ate yesterday for an hour and a deli that I never even entered but was near. 

As you probably inferred, I do not have 197 locations I frequent daily; therefore, having the feature turned on would do more harm than good. The good news is that you can shut off Significant Locations by following the exact instructions above and simply toggling Significant Locations off. 

Significant Locations

Screenshot by Sabrina Ortiz/ZDNET

It is worth remembering that once you turn off the Significant Locations feature, your phone will require FaceID for critical operations even when you are at actual familiar locations such as your home. Therefore, if you prefer not to employ biometric verification from places you frequent, this may not be the ideal solution.

Also: Make your iPhone super secure. This app shows you how

If you don’t want to deal with Stole Device Protection altogether, you can visit Settings > Face ID & Passcode, and then enter your passcode and toggle Stolen Device Protection on or off. 

READ MORE HERE