This is a very entertaining and educational article, giving insights into the methods used by thiefs to try and get access to your phone data.

I don’t like Apple but it’s great that their security is so good when it comes to this.

  • themoonisacheese@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    4
    ·
    5 months ago

    How so? A Samsung or pixel with default settings would also behave that way, possibly even more securely because it wouldn’t show the thieves your number.

    • Monument@lemmy.sdf.org
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      5 months ago

      iPhones don’t do that on their own.

      She said she activated lost mode, so it’s possible/likely she made her contact info available. Asking Siri who the phone belongs to will also give up contact info, but you can change that remotely from the find my phone app.

      I think - being a writer - she sort of set herself up for the interaction so she would have material. No judgment, though. It was an interesting read.

    • Nurse_Robot@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      5 months ago

      I guess just anecdotally. I have a pixel 7, I’m pretty confident I could factory reset the device without 3rd party authentication. Also, from the tech channels I follow, I think I could recover my data if I forgot the password. Android has always felt more "free"and customizable, and I love it for that. But I also think that freedom allows for more exploits. It’s a trade off that’s worth it to me, personally. But if I had illegal shit to hide on my phone, I’d probably do it on an apple device.

      Edit: just checked. I can completely bypass all my locked down Google Pixel settings to factory reset my phone pretty easily if I press the right keys in the right order. It would be pretty easy to steal and resell my phone.

      • wreckedcarzz@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        5 months ago

        If you do it the manual way - not unlocking the phone and doing it through settings - you can wipe it sure, but when you try to set it up it requires the prior Google account credentials to proceed. No creds, no passing go, just a shiny brick. It’s been like that for years.

        Also might I recommend you take a gander at GrapheneOS for more intense security capabilities than stock.

      • Avid Amoeba@lemmy.ca
        link
        fedilink
        English
        arrow-up
        1
        ·
        5 months ago

        You can factory reset it easily. You can’t use it without the previous Google account credentials afterwards. You can’t reuse a stolen Pixel which has Google account logged into it.

      • steersman2484@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        0
        arrow-down
        1
        ·
        edit-2
        5 months ago

        The encryption on Android devices is pretty strong, as long as you use a good screen lock you should be fine. Yes they can reset you phone, but accessing your data is a whole other level.

        If I had illegal shit on my phone, I wouldn’t send it to apple servers by using an iPhone. They are the first who would comply with a surpena. I’d use GrapheneOS on a Pixel and use an obvious duress pin like 1234. If entered it wipes your encryption keys and avoids restoring your data.

        And if it gets stolen, it is gone and I’d get a new one. This is the cost of having proper opsec.

        Edit:

        But I also think that freedom allows for more exploits.

        This is a common misconception called security through obscurity

      • TrickDacy@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        arrow-down
        1
        ·
        edit-2
        5 months ago

        As everyone is pointing out you’re just wrong about this.

        Also apple is overbearing AF. I recently had several back and forths with my IT department about an old company mac laptop I used to have. Since I had signed into my apple account once, Apple permanently tied that laptop to my account and wouldn’t allow the fucking IT department to fully wipe it.

        Keep in mind also that I would have preferred to not have or use an apple account (they kind of force it on you, even asking you to login to iCloud constantly even if you’ve literally never used it once), and even though I could login to the apple account in my browser and see that the laptop wasn’t listed under my devices, IT was still locked out.

        Literally the only way to fix this was giving the IT dept my apple password so they could authenticate then sign out of it. There was nothing I could do remotely about it. This is a security issue in itself. Zero reason I shouldn’t be able to use my account remotely to remove or sign that device out. Zero reason I should have to give my password to another human. Except for apple being shit.

        The apple security theater is widely believed but it’s still largely theater.

        Edit: before you tell me I didn’t have to give up my password, understand that I fucking know that. I could’ve driven to the office, told my employer to fuck off, had them ship the laptop, etc… all of which are things that shouldn’t be necessary. I took the least shitty option at the time. Kindly fuck off if you are so dicksloppery on apple that you can’t understand the obvious point: pretending every shit decision is about security doesn’t shield you from all criticism.

        • Juvyn00b@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          5 months ago

          I get this as being a bit of a hurdle, but wouldn’t a good option in hind sight be to create a separate work related apple account based on your work email? I’ve done that in the past with various companies for iPhones and MacBooks. Makes it cleaner to return the device and doesn’t compromise my personal account should they ultimately need my credentials on the non-owned-by-me device.

          • TrickDacy@lemmy.world
            link
            fedilink
            English
            arrow-up
            0
            arrow-down
            1
            ·
            5 months ago

            The thing is, I never expect logging into a service to immediately lock my device to that account. But I’ve since learned not to trust Apple’s login systems for this reason. So yeah, I won’t buy any other apple devices and any work machines will use a work account for everything like that

          • TrickDacy@lemmy.world
            link
            fedilink
            English
            arrow-up
            0
            arrow-down
            1
            ·
            5 months ago

            I eventually did do that, but apparently at the time that I was nagged into iCloud for the 1000th time I was quite annoyed and just used my personal account like an idiot.

        • matthewc@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          5 months ago

          Your post details how it isn’t possible for IT professionals to wipe a Mac without the consent of the owner’s account. How is that security theater?

          • TrickDacy@lemmy.world
            link
            fedilink
            English
            arrow-up
            0
            arrow-down
            1
            ·
            edit-2
            5 months ago

            You missed the part where I had to give my password to another human.

            Also, I wasn’t the owner, they are. Also, again, it makes zero sense to not allow me to sign it out remotely.

            Nothing is secure about a system designed so poorly you have to give out your password. That should never be needed.

            Not to mention, I never wanted or needed to sign in. I was just nagged to do so 100 times so I relented. Nothing about that means I own the device.

              • Natanael@slrpnk.net
                link
                fedilink
                English
                arrow-up
                0
                arrow-down
                1
                ·
                5 months ago

                You should finish reading the part where the company owned the device.

              • TrickDacy@lemmy.world
                link
                fedilink
                English
                arrow-up
                0
                arrow-down
                1
                ·
                5 months ago

                I don’t have the type of position where that would be needed or considered appropriate. Why should I need to anyhow? A lot of people are missing the point here. Logging into a service (especially one I didn’t want or need but was harassed into doing it) should not unexpectedly be considered proof of ownership.

                The scenario wasn’t that during os setup I was asked to login. And I wasn’t prompted with a warning that this could happen. What happened was every time I opened system settings for months it wanted me to login to iCloud and no matter how many times I refused it just kept asking.

                • danl@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  0
                  ·
                  5 months ago

                  Nah - you’re complaining that you “were forced into handing your password to someone else” when there were at least six ways you could have avoided that:

                  • you gone to the computer,
                  • they send the computer to you,
                  • you remote in to the computer,
                  • you tell them “suck it, you should have blocked iCloud sign-in with MDM” or, as others mentioned,
                  • you sign out before handing the computer back or, my favourite,
                  • don’t sign in to personal accounts on work devices even if they bug you to.

                  Finally, we release devices like this all the time through our ABM account. It takes 5 days maximum. Your IT team led you up the garden path.

                  • Natanael@slrpnk.net
                    link
                    fedilink
                    English
                    arrow-up
                    0
                    arrow-down
                    1
                    ·
                    edit-2
                    5 months ago

                    It was a small company, as he said elsewhere, negating your first 4 options, and the last two of blaming the user are equally stupid because Apple can fix this and doesn’t want to. Not everybody has an MDM tool which can set up ownership right for Apple devices - and they should not have to

                    It’s shameful that you have a bunch of upvotes and he’s getting downvotes

                  • TrickDacy@lemmy.world
                    link
                    fedilink
                    English
                    arrow-up
                    0
                    arrow-down
                    1
                    ·
                    5 months ago

                    You are bending over backwards to justify absolute garbage practices. I am aware there were literally other ways around this. I was more referring to being forced into a situation where I’d even need to consider this.

                    Yes, I shouldn’t have used my personal account… however I also should have never expected doing so to tell apple “I own this shit please make sure no one else can use it ever without my permission”. Logging into iCloud should mean “I want to use iCloud”, which btw I NEVER wanted to do. Every time I opened system settings the piece of shit insisted I login to it. That alone is a problem. But I’m sure you’ll justify that one too.

            • BorgDrone@lemmy.one
              link
              fedilink
              English
              arrow-up
              0
              arrow-down
              1
              ·
              5 months ago

              Nothing is secure about a system designed so poorly you have to give out your password. That should never be needed.

              You didn’t have to give out your password, in fact you never should. If the machine remains locked, that’s not your problem. Your IT department should have created an admin account on the machine for IT before handing it over to you to avoid this scenario. The IT departments incompetence is not your problem.

              If you wanted to unlock it as a courtesy, then they should have offered to send the laptop to you so you could unlock it. You never ever give anyone your password, and IT should know better than to ask for it.

              If someone is holding a family member at gunpoint and threatening to kill them if you don’t give up your password; you do NOT give up your password. If an evil mastermind is about to destroy the world, and it can only be saved by you telling your password to another person. You do NOT give your password. There is no valid reason to ever give your password to anyone.

              • TrickDacy@lemmy.world
                link
                fedilink
                English
                arrow-up
                0
                arrow-down
                1
                ·
                edit-2
                5 months ago

                You missed the point entirely. Harassing me into signing into iCloud shouldn’t mean I ever have to do anything inconvenient at all, regardless.

                I wasn’t presented with a dialogue that said “login to establish device ownership”. Instead it was “login to iCloud now” dozens and dozens of times. I have never once used iCloud nor will I ever. That part alone was indefensible. But then locking the device to that account is plain stupid and reckless. There are plenty of scenarios where this fucks people worse than having to choose from a few shitty options

                • BorgDrone@lemmy.one
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  5 months ago

                  I wasn’t presented with a dialogue that said “login to establish device ownership”.

                  There is an entire screen in the initial setup that explains that the machine is added to your Find My and what that means. You probably just clicked ‘continue’ without reading.

                  Also, you don’t have to do anything inconvenient. It’s not your laptop so not your problem. The owner can have activation lock removed if they provide proof of ownership to Apple.

                  • TrickDacy@lemmy.world
                    link
                    fedilink
                    English
                    arrow-up
                    0
                    arrow-down
                    1
                    ·
                    5 months ago

                    You really earn your “apple simp” tag. You know apple doesn’t give a fuck about you, actually.

                    And I really don’t care about your invalidations of what happened to me. If by some chance I did make some other mistake besides using my personal apple account, it’s irrelevant. I do not think it should be possible to accidentally opt in to this bullshit. It is a shitty feature to force on every user. And it shouldn’t be possible for an employee to render thousands of dollars worth of company hardware useless trash ready for the landfill. It shouldn’t be possible intentionally, let alone by accident. If you removed the apple schlong from you mouth for a second you might see my point but you won’t.