Last week, Apple released iOS 17.3 with a new security feature called Stolen Device Protection, which aims to help protect your data in case a thief has stolen your iPhone and obtained the password.
Stolen Device Protection helps thwart this vulnerability in two key ways. When enabled, the feature requires Face ID or Touch ID authentication (with no passcode fallback) before users can change important security settings like Apple ID passwords or device passcodes. It also enacts a one-hour security delay before users can change these security settings. This is designed to give victims time to mark an iPhone as lost before a thief can make critical changes.
Fatal flaw in Stolen Device Protection
However, if a user has Significant Locations enabled and is currently located in a familiar location, they won’t get these extra layers of security.
“When your iPhone is in a familiar location, these additional steps are not required, and you can use your device passcode like usual,” states Apple in the Stolen Device Protection support documents. “Familiar locations typically include your home, work, and certain other locations where you regularly use your iPhone.”
Apple deems a location significant based on how often and when a user visits it.