A new software update for iPhones — iOS 17.3, released this week — is trying to remedy this. Apple’s big idea? Adding extra layers of security based on where the iPhone is when someone tries to make sensitive changes.
Here’s what you need to know about it.
What Stolen Device Protection does
Let’s say you’re at a concert, and someone peering over your shoulder sees you punching in your phone’s passcode when you’re trying to send pictures to friends.
If that person were to grab your phone and take it somewhere else before you turned on Stolen Device Protection, they would be able to unlock your phone and change key details, such as your Apple ID password, dig through account passwords you’ve stored on your iPhone, or erase the thing entirely to facilitate a speedy resale. It’s more common than you might think, too — a Wall Street Journal investigation found hundreds of instances of these kinds of thefts within the last year.
Stolen Device Protection tries to mitigate these kinds of attacks by adding more layers of authentication when someone tries to make these changes at a location you haven’t spent much — or any — time at.
If that thief tried to access your stored passwords or payment details while the feature is on, they’ll have to try to get past one additional Face ID or Touch ID check. And if they try other tactics, like disabling Find My, changing your Apple ID password or iPhone passcode, or turning off Stolen Device Protection entirely, the iPhone will make them try to pass a Face ID or Touch ID check, wait an hour, then pass another one.
You shouldn’t run into these additional security checks when you do these things yourself at what your iPhone deems “familiar” locations, like at home or work. But early reports suggest that it can take multiple days for the feature to accurately determine where you actually spend most of your time, leading to some moments when even legitimate users are treated like would-be thieves.
That’s an annoying twist, to be sure. But considering how infrequently we have to perform some of these sensitive tasks, the extra level of protection is probably worth a bit of temporary hassle.
Before you enable this feature, there are a few prerequisites you’ll need to take care of. You’ll need to make sure your iPhone has a passcode, and that Face ID or Touch ID is enabled. (You’ve almost certainly set these up already, but if not, consider this a friendly reminder to please do it right now.)
You’ll also have to turn on your iPhone’s Significant Locations feature, if you haven’t already. It’s buried deep in your iPhone’s Settings app. Here’s how to find it:
- Open the Settings app and tap Privacy & Security, then tap Location Services.
- Scroll all the way down to System Services, tap it, and then tap the Significant Locations option at the bottom of the screen
- Make sure the toggle for Significant Locations is on — or turn it on, if it isn’t.
Now, all we have to do is turn on Stolen Device Protection.
- Open the Settings app and tap Face ID & Passcode
- Punch in your passcode to authenticate yourself
- Scroll down until you see Stolen Device Protection, and tap Turn On Protection
What are “Significant Locations?”
The Stolen Device Protection feature won’t work unless you’ve enabled your iPhone’s Significant Locations feature, which helps the device determine where it should be requiring those additional authentication requests.
When you turn this feature on, you may soon be surprised at how many locations your iPhone stores. Between the end of November and the middle of January, my own iPhone has logged 165 entries, the latest of which is an airport rental car center where I occasionally begin weekend drives from. That’s hardly a place I would consider “significant,” but there it is anyway.
(Apple, for its part, says these locations are encrypted and only live on your phone, so the company can’t access them.)
Here’s the important thing to keep in mind: Despite what the “significant” label suggests, hardly any of those 165 locations are ones the iPhone deems “familiar” — which means I’d probably trigger those Stolen Device Protection measures if I tried changing my Apple ID password at that rental car center. Some of the underlying technology Apple uses to determine those Significant Locations is also used to figure out what your safe zones are, but there’s very little overlap between the many entries you may see and the ones that actually matter to the Stolen Device Protection feature.
That said, those “familiar” locations will remain largely invisible to you.
Apple wouldn’t confirm how long it takes for a location to become a recognized safe zone, and there is no way to set safe locations yourself, presumably because a thief would just add their own location as one.