WSJ Article re iPhones thefts

Then they’d be able to turn on airplane mode. The automation can have a different passcode to your device passcode if you’d prefer. But anyone with your device passcode would be able to find the automation and turn it off, delete, or change it, so it’s a bit redundant.

It protects against a different, far more common (at least before WSJ published a step by step how to for rookie thieves) threat. It won’t protect against the one reported by the WSJ. My understanding is neither does the screen time passcode.

I’m not sure if I’m properly understanding your question, but the shortcut and automation will send an email from your gmail account and can use a pin that is separate from your device passcode, yes.

If you’re asking if there are any apps that off that same functionality? I don’t think so.

But as a means to safeguard your email account from intruders who have access to your device, I believe there are apps that offer functionality yes. Spark is one I know for certain that allows you to protect your email with both biometrics and a separate passkey to your device passcode:

I’m sure there will be others too.

1 Like

sadly I can’t read the WSJ article above. What’s the bypass here that means the Screen Time passcode wouldn’t work?

@breville_monkey did a good job explaining why the screen time password doesn’t protect you from this attack above:

And to get past the paywall:

https://archive.is/Q4NOR

Interesting! How would they reset the AppleID I wonder… I can’t tap on it, it’s greyed out everywhere on the phone.

There are a few ways:

  1. Privacy & Security > Safety check > manage sharing and access > requires iPhone password to reset Apple ID password at the end > use new Apple ID password to turn off screen time passcode. You can also remove all other Apple devices from the account during this process.

  2. Screen time > change screen time passcode > forgot passcode > enter Apple ID email > tap forgot password > wait 5 seconds > enter device passcode > create new Apple ID password.

I’m really not sure I should be sharing this… let me know and I’ll message you the reply privately instead.

Here’s a little gif of the last few steps for that one:
IMG_2493

Both steps will require knowledge of your Apple ID, which screen time does make harder to do (unless you’re saving your credentials in passwords or a password manager protected by your biometrics/passcode).

I’d advise you to also take measures to keep your Apple ID email as hidden as possible. In my case, my Apple ID email is not used for email, and is turned off for things like email and iMessage, instead opting for an alias as my primary email address. Don’t attach it to your contact card either. My Apple ID email is not visible anywhere on my phone other than in Apple ID settings.

To do this, if you’re not already head to Settings > Apple ID > iCloud > iCloud Mail > Addresses > your primary email > turn send from off.

These changes, as far as I know, will keep your Apple ID email completely hidden across the entire system when you have these screen time restrictions in place.

2 Likes

Thanks! This is an awful lot of effort for something so obvious that Apple shouldn’t allow… honestly makes me think I should only leave the house with my 4a

2 Likes

There’ll be flaws with how pixel does things somewhere along the chain too no doubt. There kinda has to be to protect dumb users from themselves.

The problem Apple has with this issue now, is how widely known it is. I still think it’s irresponsible journalism. But then I’ve just taught you how to get around the screen time protections, so I’m not one to talk. Those screen time bypasses did initially to me appear like design flaws, or oversight, or even bugs, but I’ve been told it’s intentionally done that way.

As far as things go though, I do still think it’s a very niche issue, and FaceID does 100% prevent it. I’d pair it with an alphanumeric password fallback as opposed to a passcode. Probably the best we’re gonna get for now. I don’t think we’ll see anything in iOS 17 to tackle it, but I think 17.x release might, else it’ll be iOS 18 with some kind of bigger overhaul. It is a priority issue for them, and not an easy dilemma to solve.

2 Likes

This is what I asked. Thanks for the suggestion.

1 Like

thanks just enabled Face ID on spark email

2 Likes