Apple exploring 'proactive' iPhone security methods for stolen hardware
Apple could be planning to greatly enhance its "Find My iPhone" security feature in the future, as the company has shown interest in giving users the ability to scramble or delete specific data, or even record audio or visual information in the event that an iPhone is lost.
Apple's new potential security options are detailed in a patent application made public this week and discovered by AppleInsider. Entitled "Proactive Security for Mobile Devices," the feature would offer extremely flexible, custom options for security measures on an iPhone.
For example, with specific data such as e-mail, contacts and stored passwords, users could selectively choose to either scramble, delete or ignore the information if the handset is reported stolen or missing.
Users could even choose to deny a potential thief access to certain features of the iPhone, including the ability to make phone calls or access Wi-Fi. Users could also prevent a security breach to a corporate network by having their iPhone automatically change VPN settings once a security risk has been detected.
But a user may also decide to continue to allow some features on a missing device, such as Wi-Fi or GPS, to help track down the handset and identify its location. Keeping that functionality active allows the rightful owner of the device to determine its place on a map.
In one example included in the application, the missing iPhone displays an alert that a secure password must be entered within 60 seconds or location data associated with the handset will be transmitted back to the owner.
If a correct password is not entered in time, the location data will be sent, and the device can also be locked and restricted only to the functionality chosen by the original owner. For example, the device could become password locked, and the only available activity would be to contact the original owner of the iPhone.
Apple's solution could also utilize the sensors inside of an iPhone to record unusual activity, and alert users that their handset is at security risk, potentially preventing it from being lost forever. Such a system could detect suspicious activities like calls or texts to an unknown number.
If an iPhone is reported stolen, the device could record images and ambient audio. This data could be provided to investigative authorities to help track down the hardware.
These options are more powerful and flexible than the existing Find My iPhone functionality, which late last year Apple made free for all iOS devices. The current service allows users to identify the location of their device, display a message on it, set a passcode lock, or remotely wipe it.
But in its patent application, Apple notes that features like the remote wipe command are an all-or-nothing approach that can be frustrating for users. If a remote wipe is conducted, the user is forced to restore all of the deleted information, which can be inconvenient and time consuming.
Apple's new potential security options are detailed in a patent application made public this week and discovered by AppleInsider. Entitled "Proactive Security for Mobile Devices," the feature would offer extremely flexible, custom options for security measures on an iPhone.
For example, with specific data such as e-mail, contacts and stored passwords, users could selectively choose to either scramble, delete or ignore the information if the handset is reported stolen or missing.
Users could even choose to deny a potential thief access to certain features of the iPhone, including the ability to make phone calls or access Wi-Fi. Users could also prevent a security breach to a corporate network by having their iPhone automatically change VPN settings once a security risk has been detected.
But a user may also decide to continue to allow some features on a missing device, such as Wi-Fi or GPS, to help track down the handset and identify its location. Keeping that functionality active allows the rightful owner of the device to determine its place on a map.
In one example included in the application, the missing iPhone displays an alert that a secure password must be entered within 60 seconds or location data associated with the handset will be transmitted back to the owner.
If a correct password is not entered in time, the location data will be sent, and the device can also be locked and restricted only to the functionality chosen by the original owner. For example, the device could become password locked, and the only available activity would be to contact the original owner of the iPhone.
Apple's solution could also utilize the sensors inside of an iPhone to record unusual activity, and alert users that their handset is at security risk, potentially preventing it from being lost forever. Such a system could detect suspicious activities like calls or texts to an unknown number.
If an iPhone is reported stolen, the device could record images and ambient audio. This data could be provided to investigative authorities to help track down the hardware.
These options are more powerful and flexible than the existing Find My iPhone functionality, which late last year Apple made free for all iOS devices. The current service allows users to identify the location of their device, display a message on it, set a passcode lock, or remotely wipe it.
But in its patent application, Apple notes that features like the remote wipe command are an all-or-nothing approach that can be frustrating for users. If a remote wipe is conducted, the user is forced to restore all of the deleted information, which can be inconvenient and time consuming.
Comments
I make an iPhone app. It's pirated, like all other iOS apps, but Apple does not care about this. Why would they? Pirated apps or not, Apple gets money from hardware sales. They definitely care about protecting their hardware, but they don't give a sh...t about protecting our apps.
You're the one who does that.
Applications themselves can tell when they're pirated; I've seen screenshots of stupid pirates who downloaded the wrong apps.
And being able to record audio and video by a remote command opens so many privacy holes that I can't imagine it would ever be approved. There's no such thing as unhackable software. How long before someone's legitimate and/or private activities get recorded and transmitted, unbeknownst to them, by their own phone? Apple would be crossing into extremely dangerous territory if they decide to go there. There's so much potential for evil, it should not even be a consideration. This is taking Facebook's very questionable (hopefully deemed illegal at some point) facial recognition efforts to privacy-shattering levels.
Steve's reply:
Why didn't you have your password turned on?
Sent from my iPhone
On Mar 31, 2011, at 12:48 AM XXX wrote:
Apple needs to change the ?Find my iPhone? setting to ask for a password when trying to disable the feature.
My phone was recently stolen and I had the ?Find my iPhone?-function activated. However, after a few minutes it was gone and the thief probably just deactivated it in the settings. This should not be possible, Steve. Thanks
I make an iPhone app. It's pirated, like all other iOS apps, but Apple does not care about this. Why would they? Pirated apps or not, Apple gets money from hardware sales. They definitely care about protecting their hardware, but they don't give a sh...t about protecting our apps.
The only people who can pirate your apps have jailbroken their OS. Anybody who wants to pirate apps and is jailbreaking their OS can conceivably use a jailbreak that removes any anti-piracy solution apple might attempt to place into iOS.
Sorry but they've already done as much as they can.
I'm sorry, but this just sounds way too Big Brother-ish. It would intimate that Apple logs, records and saves each and every communication, whether by text, call or email, so that they could recognize if a thief (or you!) has made a new contact, not already on your list.
And being able to record audio and video by a remote command opens so many privacy holes that I can't imagine it would ever be approved. There's no such thing as unhackable software. How long before someone's legitimate and/or private activities get recorded and transmitted, unbeknownst to them, by their own phone? Apple would be crossing into extremely dangerous territory if they decide to go there. There's so much potential for evil, it should not even be a consideration. This is taking Facebook's very questionable (hopefully deemed illegal at some point) facial recognition efforts to privacy-shattering levels.
It does sound big Brother-ish. And I think Apple actually feels the same way, given the application they just denied.
http://news.cnet.com/8301-27076_3-20...?tag=cnetRiver
I make an iPhone app. It's pirated, like all other iOS apps, but Apple does not care about this. Why would they? Pirated apps or not, Apple gets money from hardware sales. They definitely care about protecting their hardware, but they don't give a sh...t about protecting our apps.
My garage was broken into last year. Why didn't you stop it?
Apple is not responsible for YOUR SHIT.
The only people who can pirate your apps have jailbroken their OS. Anybody who wants to pirate apps and is jailbreaking their OS can conceivably use a jailbreak that removes any anti-piracy solution apple might attempt to place into iOS.
Sorry but they've already done as much as they can.
No, they haven't.
- Their jailbreak protection is inefficient. iOS 5 was jailbroken within minutes after release. Since they make their own hardware, they could make iPhone un-jailbreakable on hardware level.
- Their piracy protection is very rudimentary. They could do much more, like an encrypted purchase receipt and other well-known measures. And again, since they make the hardware, they could protect apps on hardware level, that would be unbreakable.
they could make iPhone un-jailbreakable on hardware level.
Go ahead and keep thinking that that's possible. We'll wait for you to come to your senses.
unbreakable.
My garage was broken into last year. Why didn't you stop it?
Apple is not responsible for YOUR SHIT.
If you had paid 30% of your income to the company that built your garage, you would expect them to make your garage unbreakable, would you? Well, that probably depends on your income... Last year I paid Apple enough for a garage :-)
My garage was broken into last year. Why didn't you stop it?
Apple is not responsible for YOUR SHIT.
Wow, talk about a bad analogy...
Considering that they do all of this 'signed app' stuff through the App Store, it actually is a bit strange that they don't encrypt the apps on a per-user basis to prevent both tampering and theft.
and find my iphone does not work because the wifi is off.
That's your fault.
If you had paid 30% of your income...
Wait! You didn't pay 30% of your income to Apple. You sell products through a distributor. Every penny you received from your distributor, you kept.
I had left my iPhone 4 by mistake in the back of a taxi on my way home and by the time I realised and called the cab company, the cab had already taken on another passenger. I was informed that my phone was not spotted and perhaps I made a mistake. I knew however that someone HAD found my phone because it was already switched off.
I requested that the cab driver turn back to where I had alighted (and offered to pay for the fare) provided the thieving passenger was onboard. Luckily he agreed. While waiting, it occurred to me to check the Find My iPhone app on my iPad and I chose to utilise the "Send A Message" function, hoping that the thief would read it and return my phone if I made a promise of a cash reward.
Upon the taxi's return, I did a search but to no avail. Somehow something I did on the app woke my iPhone up and it started to show up on the GPS, displaying that the phone was within the vicinity. Since the thief refused to hand over my phone, I had no choice but to call the police.
In the presence of the police I started to use the "Play a sound" function fo the app and the policeman noticed a vibrating sound from the thief. Long story short, I got my phone back and the feller got to spend a night in jail.
Seriously, I was never so thankful for the innovation of an app until then. I do lots of work for a government military arm and the classified emails contained within would have spelt a lot of trouble for my career if those had got out. I learnt my lesson in keeping my phone safer and also just how useful technology these days can be!
I actually wrote to Steve Jobs about "Find My iPhone" in March. It wasn't about these features but I think it's ridiculous (!) that anyone can just turn off the "Find My iPhone" setting option in the settings menu without entering a password. I recently had my iPhone stolen out of my hand and I couldn't track it because the setting option was turned off few minutes after the incident.
1) I have written them as well. You need to have a passcode to enable or disable this service.
2) I did find a solution for user that isn't very cumbersome. Go to Settings » General » Restrictions. Enable Restrictions and allow everything, but under Accounts switch to Don't Allow Changes. This doesn't give you an extra step if you do need to change your Mail account settings but I haven't found that to be an issue.