Apple’s new anti-theft measures will cause pain for thousands

iOS / User Experience

Much has been made of Apple not doing enough to prevent the trade in stolen iOS devices. Finally they are doing something about this, but I think it is going to cause a lot of problems for ordinary people and a predictable PR backlash against Apple. Here’s hoping that Apple put in place a system to deal with this very soon.

I’m going to ask you a simple question: What is the Apple ID that your iOS device is associated with?

You just might have an instant reply for me. Or you might think “well… do you mean my iTunes Store Apple ID, or my iCloud ID?”. You might think “What do you mean by associated?”.

Let’s rephrase the question: What Apple ID is your wife, husband, or child’s iOS device associated with?

If you know what it is, do they know what it is?

Next, take the following scenario:

  1. A customer buys an iPhone
  2. They set it up using pure iCloud, no iTunes or Mac or PC involved
  3. When prompted, they create an Apple ID. They don’t care what it is and its hard to find a unique one… so they choose blabla74@icloud.com – they use Gmail for mail anyway and won’t be using the mail account
  4. Later the customer has to restore the device or performs a major iOS upgrade

What happens next, with iOS 7 and in some situations it seems with iOS 6.1.3, is that the device will not activate.

It will stop and say something like:

This iPhone is already associated with an Apple ID (b*****@icloud.com).
Please sign in with this Apple ID.

You cannot activate or use the device until you have done this.

As my questions and scenarios should have indicated, if you cannot remember the Apple ID address you used, you are in trouble.

For many people this is not information they need to keep track of, and it is the Achilles heel in the entire system.

This is because you cannot recover your Apple ID from Apple unless you know the e-mail address associated with it. If you used a “throwaway” iCloud address six months ago to register, you’re up the creek without a paddle.

Apple’s iForgot service has tools to help with these kinds of problems, but even there if you really have no idea what your ID was you are screwed. Apple seemingly cannot help you. I recently went through this with a test device where I had picked a “trash” test iCloud address.

The only tool useful to you on iForgot is the “Forgot my ID” link where you can enter your full name and guess the iCloud e-mail address you used. After that it will tell you if that ID exists or not. If you find what you think is the right ID, you then have to hope you set up security questions with sensible values.

If not, there is currently no way for Apple to unlock your device. I’m not joking. That £600 piece of electronic wizardry in your hand is now totally useless.

If you never set the iCloud e-mail account up on any other computer or device, and never sent any e-mail to friends using it, you have no way of finding out the ID.

I imagine it will be only a few weeks before we start seeing stories about “Apple lock customers out of their own iPhones and offer no solution”, and then Apple will throw together a help line for people to call to prove they own the device and have the lock removed. That is, if iOS even has a mechanism to allow that currently. I received no indication from Apple Customer Support or Apple Developer Support that this is the case.

Luckily, the iForgot tool helped me track down the ID I used, and I wisely used real security question answers when setting it up. Disaster averted, for me at least.

I know that my wife would have no idea which ID her iPhone was associated with.

The Author

Marc Palmer (Twitter, Mastodon) is a consultant and software engineer specialising in Apple platforms. He currently works on the iOS team of Concepts sketching app, as well as his own apps like screenshot framing and backgrounds app Shareshot and video subtitling app Captionista. He created the Flint open source framework. He can also do a pretty good job of designing app products. You can find out more here.