What differentiate the owner of an iPhone and a thief, is the former's knowledge of the device's passcode.
Even without knowing an iOS device's Apple ID credentials, a thief can literally see and steal almost everything inside an iPhone. Knowing that Face ID is just a convenience-for-security feature, all it takes is a passcode to obtain one's sensitive data.
Because of this, there is nothing scarier than having an iPhone at the hands of a malicious person who knows the passcode.
Apple knows that incident like this can happen, and the company is addressing the issue by raising the bar.
Here, Apple is introducing what it calls the 'Stolen Device Protection' mode.
This feature requires users to input both the passcode and complete Face ID biometric authentication to access sensitive information on iPhones.
According to an Apple spokesperson:
"In the rare cases where a thief can observe the user entering the passcode and then steal the device, Stolen Device Protection adds a sophisticated new layer of protection."
iPhone users can either unlock their phone using Face ID, which is quick and easy, or use passcode. No Face ID can be created without a passcode, meaning that passcode can be considered an iPhone's last line of defense.
Stolen Device Protection is initially introduced on Apple's iOS 17.3 beta, and this feature simply adds an extra layer of security.
In the case that a passcode is stolen, traditionally, a thief can unlock a stolen iPhone and look at everything inside it.
They can open the camera roll, take phones, look at emails and messages, and many more.
With Stolen Device Protection, whenever the iPhone is at a location unrelated to the user, there is no way for anyone to even peek inside the iPhone, without having both the passcode and the Face ID.
What this means, a thief cannot change the associated Apple ID, factory reset the phone, or do anything else.
It's worth noting that iPhones also include a similar feature called "Lost Mode," which allows users to mark an iPhone as lost from their iCloud. This action disables the device, shares its current location with the owner, and allows the configuration of displaying contact details for the owner if found.
But when a thief knows the passcode of an iPhone, they can disable this.
The thief can also disable Activation Lock.
With Stolen Device Protection, a thief wouldn't be able to do anything.
Additionally, the feature also adds a one-hour delay and require a second Face ID or Touch ID scan for the most sensitive tasks, including changing an Apple ID password, turning off the Stolen Device Protection feature, creating a new passcode, and disabling Touch ID or Face ID.
There will be no delay, however, if users are at a known location, like their home or work.
The passcode feature was first implemented in the original iPhone in 2007, through iPhone OS 1. At that time, a 4-digit passcode can be made to lock an iPhone, making its data encrypted behind a 256=bit AES encryption.
Then, in 2015, Apple ramped up the security by recommending a 6-digit passcode by default through iOS 9. Only after a passcode is set, that users can set biometric identification such as Face ID and Touch ID on supported devices can be enabled.
Since passcode is practically an iPhone's last-line of defense (before Apple ID credentials), people who wish to steal someone's iPhone would befriend their target, and launch social engineering technique that can include the so-called "shoulder surfing," where the attackers would obtain passcode by looking over their target's shoulder.
With Stolen Device Protection, this technique is no longer effective.
A working stolen iPhone is valuable and can be sold in the market in no time. But an iPhone that is locked down through software is pretty much a brick.
With the the phone automatically activating its Stolen Device Protection mode, the thief won’t be able to do much with a stolen iPhone, aside from selling it for parts.