My daughter's phone was just pick-pocketed on a Rome subway. Help

So what about Remote Wipe (aka Erase My Device)?

Ignoring identity matters that require internet access, like Apple Pay, and given that these guys appear to be smart enough to keep this phone offline, is there any value to requesting a remote wipe? If they crack the PIN, they can get to any phone data that doesn’t require additional authentication, since the remote wipe request will never reach the phone, right? Am I missing something?

I will probably do it anyway just in case, as soon as I can confirm she has a valid iCloud backup. But I’m just trying to think this through…

Professional pick-pockets will shut it off and keep it off. They typically work in a gang or smaller crew and sell their stolen goods to others. There are credit fraud gangs, smartphone gangs, smash and grab gangs, stolen goods fencers, etc., etc., etc. Eventually entire cargo containers can be shipped to other criminal gangs around the world. There are hacks with older iPhones to bypass Activation Lock and remove a carriers SIM lock. One such gang was caught bribing AT&T offshore call center workers to unlock thousands of phone carrier locks.

An iPhone 12 is quite secure, especially if it had the latest iOS 14.x. But they might still be able to bypass Activation Lock. If not, then the device will be scrapped for parts. In Shenzhen and Hong Kong there are a million little shops selling iPhone system boards that were activation locked. People buy them for the chips on the system board such as RAM / FLASH, etc. Many were from broken iPhones but many were also stolen. You can actually build your own Frankenstein iPhone from used parts if you have a microscope and fine detailed pro soldering station, etc. Many buy these system boards for practice before they work on a valuable system board.

Remove Apple Pay from the device, change the iCloud password, report it stolen / lost via iCloud. Do not remove the device from iCloud as that removes the Activation Lock. Call the carrier and report it stolen, they can disable the SIM and mark the device as stolen on a network the carriers use internationally. If it ever pops up online you can wipe it but still keep it in your list of Devices so Activation Lock applies. It is extremely unlikely you will ever get the device back.

If the device was corporate owned and tied to an MDM via Apple Business / Education using DEP then if it’s wiped it could still re-enroll with the MDM and that is the only way you might possibly collect enough data remotely to recover the device and give evidence to police. I wish individuals could setup their own MDM without needing a business and having enough devices. Maybe Apple will enhance iCloud with a lightweight MDM some day. It would help with parental controls. I believe there are some parental control companies that actually do use MDM (Mobile Device Management). Apple banned them temporarily then resumed their ability to continue offering the service despite using MDM technology. But it still requires User Approved MDM and it’s not auto-enrolled via purchase. As a business or educational institution you can register with Apple and when you buy products use an identifying code. That device will then be managed out of the box. As soon as it’s startup wizard runs it enrolls with your MDM automagically. If it’s wiped it re-enrolls. You have to remove the device from Apple Business / Education before it can be deacquisitioned.

Probably a good idea for the daughter to change all her passwords, email, banking, iCloud, etc.as a precaution. Keep an eye out for phishing attacks, fraud, etc. Change hotels ASAP for personal safety reasons.

Read this nightmare scenario: (if they get a foothold they can cascade across multiple accounts)

I’m not following how MDM enrollment helps here.

Where is the Serial Number stored?

Depending on how deeply it’s buried into chips on the mother board, then even if someone were to crack the PIN and find a way to break activation lock, then next time they try to activate the phone, wouldn’t Apple be able to detect the S/N of a previously “marked lost” phone and raise flags ?

It doesn’t in your case. But if you did have MDM it would be helpful. I was making the point that Apple should provide MDM like features in iCloud to go well beyond Find My as well as offer truly functional parental controls.

Okay. I knew it wouldn’t apply in my case. But you made comments that weren’t about parental controls, but rather about device recovery:

“if it’s wiped it could still re-enroll with the MDM and that is the only way you might possibly collect enough data remotely to recover the device and give evidence to police”

So I’m not following how a device that had been managed by an MDM would be in any better position to be recovered than one not enrolled in MDM?

Do not notify your bank for the card you have on file with Apple until after you have recovered your Apple ID and have control of your Apple account.

Apple uses the card to recover your Apple ID.

In iOS 14 Apple has implemented a recovery code, very long, like 20 characters that you must use to change your Apple ID password.

You should be using a good password manager like 1password so every password is unique, random and complex.

I disagree that the contents of your phone are vulnerable. The phone’s IMEI can be blocked by your carrier. It will never work as a cellular phone but could be used on wifi. But I am no expert on what thieves do with stolen cell phones.

My phone and credit cards were stolen and no content was ever used. They were able to change my Apple ID password, turning off Find My.

I suspect they simply sell the phone for the component parts to repair shops that are not able to buy parts from Apple. The screen, battery, case, etc. are all worth fast cash to a thief who wants to unload the goods ASAP.

I always buy the AppleCare + plan. Covers two instances of loss or theft. The deductible is $149 for a new device. Repairs are free and user caused damage like cracked screens are reasonable to fix.

Apple forever never allowed extending the AppleCare. It was only available on new devices. When it expired, Apple expected users to upgrade to a newer model.

Now Apple sells AppleCare by the month after the original plan expires if you buy it within a few weeks of expiration. The plus plan that covers loss and theft is $14 a month and users can cancel at any time.

$168 a year plus $149 to replace a lost or stolen phone seems a good deal on a $1,200+ device. Sadly the $39 case isn’t covered.

Apple ran a cool remote diagnostics test on my device before I was approved to buy the extended AppleCare.

Jun.2012 - article date.

A lot of that’s largely out of date as to what is possible now, as things have moved on.

I do remember reading it at the time and likely it helped me to decide to make some changes to my 2FA (two factor authentication), or rather 2SV (two step verification) as I think it was at the time.

My guess is that a lot of people don’t report their iPhone as lost to Find My. If they are on a plan then the phone company knows and they will blacklist the IMEI code, but that isn’t worldwide. It is possible to restore an iPhone to factory condition. I assume that if Apple hasn’t had the phone reported lost, and it reappears as linked to a new iCloud they just consider that it has been sold. So the phone just goes to Somalia or somewhere similar, reset and if it does everything else fine it is someones new iPhone at a cheap price. Otherwise it probably gets used for parts.

The devices for breaking iPhones are expensive and the companies who build them would be keeping good track of them.

Yes, but they generally work by exploiting unpatched security flaws. You have no way of knowing (until something makes headline news) if they are known by the thieves or are only known by the security companies.

Yes, if they didn’t enable Find My on their phone. Otherwise, the activation would be locked.

I forget, is it enabled by default these days?

Never cancel your credit or debit cards until you are 100% positive you (and no one else) has access to your AppleID.

If somehow the thief has discovered your unlock code, they can change your AppleID password easily in the iOS device, and it will happen instantly, the millisecond the device has Internet access. When the PW change routine runs, it turns off Find My . . . instantly. Before it ever reports the location.

Since Apple only gives you one e-mail address to send the Find My reports, if you are using your AppleID e-mail to receive those reports, you won’t be able to use Apple Mail to get them or read them once your password has been changed.

Set up your AppleID Mail to forward all incoming messages to a mailbox that you will always be able to access, like on Gmail.com.

You are going to need the credit card on file with Apple to reset your password for your AppleID. If you cancel the card account, Apple cannot verify the card, and you go into the giant mysterious black pyramid, where you will wait weeks to get back into your AppleID account.

Been there, done that. I keep all my passwords on 1Password. And no where else. Every password is complex and unique. I do not allow any other system, be it macOS, iOS, Keychain, or browsers to save my passwords. They are all safe and encrypted in 1Password.

Your phone is gone, sorry to say. Most of the time, the phone itself is useless. The IMEI cannot be registered except in a few countries in Africa. The thieves are pros, they sell it fast to a fence for very little money, who has a chop shop to extract all the parts, that are then sold to the independent repair shops for much less than Apple charges.

Apple is doing its best to put all third-party repair shops out of business. You may think this is a good idea or that it reeks of monopoly control of who can fix what belongs to you. Read more here:

This just make parts from stolen Apple products even more valuable.

Wow, good point, and several others as well! My main email is not an iCloud account, so I have that covered. And I use 1Password.

I didn’t think about this. The purpose of activation lock is to make the hardware useless to thieves. But if the parts are still valuable, then they just undermined that goal. And I’m living proof.

I don’t claim to know how this algorithm works. But I would think that if the phone had been placed by its owner in Lost Mode, as ours was, that a password change – especially one initiated from the device itself – should be considered suspicious, and perhaps be required to provide additional authentication to be granted.

Thanks again to you and others for suggesting this.

I spent the last month pursuing this and recently concluded my effort with failure.

The short answer is that they cover it up to 120 days from the date of purchase. We had purchased the phone literally one week prior to that time frame. It did not matter that it was on a payment plan, and there were 4 monthly installments on that credit card towards that phone that were within the 120 day window. My appeal failed. It was a valiant effort, but they insisted on going by the original purchase date. Lame. 120 days really isn’t very long for theft coverage.

Regarding insurance, I had remembered carrier and AppleCare Theft insurance being about the same price. But they’re not in this case. Apple’s theft insurance was about $11, not the $18 from T-Mobile. So I cancelled T-Mobile’s and switched to Apple’s. So that saves me a few bucks a month. Plus Apple’s per-incident deductible was substantially lower.

I must be missing something. Or many things. Please educate me.

Does Apple allow me to set an email address, or is it (for me, at least) locked to the email address that is my AppleID?

If Find My … is turned of instantly, then what report is it that I’m no longer able to receive?

I think this means that I cannot set an email address separately from the AppleID address. But if that’s the case, why wouldn’t I just use the other address as my AppleID address? (For me, it’s because I already set up my AppleID using an iCloud address, but would it make sense for a newcomer to Apple to use a non-iCloud address?)

To have all email forwarded to another address seems tedious at best.

I have no credit card on file with Apple. What does this mean for me?

Is 1Password invulnerable to corruption, hacking, or expiration? (It’s a serious question. My password manager is an encrypted file that I maintain, with multiple backups.) How is 1Password better than a browser, for example? Or Keychain?

Go to https://appleid.apple.com/. In the Security section, you can set the Notification e-mail address, which is where Apple will send important security and account information in addition to your Apple ID address.

Pretty close – expired subscriptions still have read access to their local vaults. As near I can determine, all data encrypt/decrypt is local.

Currently, browsers do not follow a common standard for password storage and retrieval. Cross-browser and cross-OS synchronization is often complicated and not easy to understand. In some cases we see that user data is, by default, uploaded to servers not under user control. (See the latest Chrome password articles.)

Browsers are not the only place where login credentials are required. 1Password works with many iOS applications such as those which vendors provide to provide banking services while still working with browser access to the same services. 1Password use is independent of user login on macOS, iOS, and others. This means vaults may be shared between different users on different hardware, as may happen in a domestic partnership where device usage patterns fairly insist in separate devices. Simple put, 1Password provides a powerful superset of browser password storage.

My relationship with AgileBits is as a satisfied customer for more than six years. I didn’t speak of other programs since you asked specifically about 1Password.

Thanks, @Shamino. I had visited that site earlier, but I hadn’t clicked on Edit for the Security section because nothing at the main page indicated to me that it held an email address.

Two comments. First, each time I went to that login page, I was required to enter a six digit number that appeared on the same computer screen from which I was logging in; I don’t understand how that enhances security. Second, apparently I had already been warned about using a non-Apple email address, because I already was.

With no intention to be snarky, I ask if 1Password follows a common standard? More importantly for this conversation, I do not use any cross-browser or cross-OS synchronization, mainly because I use one browser on one computer. (If find iPhone screens and even iPad screens to be too small, so I postpone almost everything web related until I get to the Macintosh.)

Now that could be significant, and I was unaware. Thanks. Can one 1Password account have multiple vaults? (I can’t think why I would want that now, but I can envision situations where I might.)