iOS 7: Activation Lock + Find My iPhone

Soon after Apple debuted the completely redesigned iOS 7 on June 10, 2013, it became obvious that the iOS user experience has changed enough to merit a public re-introduction—a forward-looking discussion of the updated user interface and integrated apps. Over the next week, our series on iOS 7 will look at every key section of Apple’s new operating system, starting with setting up iOS devices, the new Lock Screen and Home Screen, then continuing through other major UI elements and built-in apps. For a broad look at all of iOS 7’s changes from iOS 6, check out our big picture look at iOS 7, published on June 10, as well as our articles on iOS 7 setup, the Home Screen, and Lock Screen. Note that some features and graphics may change before iOS 7’s final release.

About Activation Lock

While Apple was generally ahead of the curve with Find My iPhone, an app designed to reunite users with lost or stolen devices, the feature suffered from one very important weakness: anybody who finds your device can easily erase it, thereby removing almost all of the tracking and location features before turning it into a “good as new” product.

Apple hopes to address this problem with “Activation Lock”—a new feature in iOS 7 that effectively ties your iPhone, iPad, or iPod touch to your iCloud Apple ID even after it’s been completely wiped and erased. The idea here is to deter theft of iPhones and other iOS devices by rendering them all but useless to would-be thieves.

Activation Lock is based in technology that has been used by Apple since the debut of the original iPhone in 2007. Every iPhone has had to “phone home” to Apple’s servers for authorization before it can actually be used. In the early days, this was a form of secondary carrier-lock, ensuring that devices were properly signed up for service with AT&T before they could be used. For whatever reason, Apple chose to extend activation to non-carrier iOS devices such as the iPod touch. In essence, until you plugged into iTunes and “activated” your device, it was essentially a brick.


iOS 7: Activation Lock + Find My iPhone 3

While the appropriateness of such a feature has been debated for years, it has opened the doors to a new security model. Since a device cannot be “activated” without talking to Apple’s servers, it’s now fairly easy for Apple to refuse to activate a device that’s still registered under somebody else’s Apple ID. Apple is now preventing third-party developers from using Unique Device Identifiers (UDIDs), but it still has access to a virtual serial number that identifies a given device, and can associate it with a specific Apple ID.

Enabling Activation Lock

You won’t find a setting in iOS 7 to specifically enable Activation Lock, however. This is because Apple has transparently integrated this into the “Find My iPhone” app and related feature that has been part of iCloud and MobileMe for several years. The assumption seems to be that if you’re interested in tracking your iPhone, iPad, or iPod touch, you’re likely also interested in using Activation Lock.


iOS 7: Activation Lock + Find My iPhone 4

In iOS 7, once Find My iPhone has been enabled, it can no longer be turned off without supplying the user’s iCloud password. This prevents the Find My iPhone feature from being too easily disabled, but now more importantly prevents the Activation Lock from being easily bypassed.


iOS 7: Activation Lock + Find My iPhone 5

Location Services can still be disabled without requiring a password, but Find My iPhone will now automatically re-enable Location Services temporarily whenever the device’s location is requested.


iOS 7: Activation Lock + Find My iPhone 6

An iOS 7 device that has Activation Lock enabled via the Find My iPhone feature cannot be restored through iTunes without specifically disabling Find My iPhone, which of course requires the iCloud password to be entered.


iOS 7: Activation Lock + Find My iPhone 7

iOS 7 still provides an option for directly wiping an iOS device under Settings, General, Reset, however if Find My iPhone is enabled, the user will be required to enter the iCloud password before the device can be wiped. Doing this disables the Activation Lock as the user is obviously wiping the device deliberately.

Setting up an Activation Locked Device

Both iTunes and iOS prevent a device from being wiped normally while it has the Activation Lock feature enabled, which itself acts as a deterrent for the casual user. There are still ways to forcibly erase and restore an iOS device, however, and as a result the Activation Lock provides an additional line of security, preventing the device from being activated by Apple’s servers until the original owner’s iCloud Apple ID and password are provided.

The current shipping version of iTunes 11 seems to already know how to deal with this, and will advise the user that the connected device is locked and require that he or she enter the Apple ID that was used to set the device up originally.


iOS 7: Activation Lock + Find My iPhone 8

This same procedure applies to using the iOS setup assistant, which will stop the user at the normal activation screen, prompting for the same information.


iOS 7: Activation Lock + Find My iPhone 9

In fact, even iOS 6.1.3 has some awareness of the Activation Lock. Downgrading an Activation Locked iOS 7 device will still prevent it from being activated under the older iOS version.


iOS 7: Activation Lock + Find My iPhone 10

In both scenarios, a hint is provided for the Apple ID to help the user remember which iCloud account may have been used for the device, but until those credentials are entered, the device is effectively locked and rendered useless.

Find My iPhone and Remote Erase

iOS 7 also adds a new feature to the Find My iPhone app that allows users to not only take advantage of Activation Lock but also allows you to display a phone number and custom message that will appear on the target device after it’s already been erased. This message will also appear as a dialog box if the device is connected to a computer running iTunes.


iOS 7: Activation Lock + Find My iPhone 11

While remotely wiping a device will still cause you to lose the ability to actually track the device, at least you can now guarantee that your personal information is securely erased while still leaving some contact information to hopefully allow an honest finder to return your device back to you.


iOS 7: Activation Lock + Find My iPhone 12

The process itself works in much the same way as engaging the “Lost Mode” introduced in iOS 6, prompting you to enter a phone number and a message before erasing the iPhone. Once this has been done, the erase request is sent out and the Find My iPhone app provides a note confirming that the device has been erased and how long ago the erasure occurred.


iOS 7: Activation Lock + Find My iPhone 13

iOS 7: Activation Lock + Find My iPhone 14

Even with the message displayed, a user can still initiate the iOS setup assistant in the usual way, however he or she will be stopped at the activation screen and prompted to enter the iCloud Apple ID and password to continue. In this case, the note clearly indicates that the iPhone in question was “lost and erased” and provides no hint of the original Apple ID that needs to be entered to activate the iPhone. This also works in much the same way if the device is connected to iTunes.


iOS 7: Activation Lock + Find My iPhone 15


iOS 7: Activation Lock + Find My iPhone 16

So, How Secure Is This, Really?

The process of jailbreaking an iOS device bypasses Apple’s activation process entirely. In fact, this was the reason for the very first iPhone hack about a week after the original iPhone was released, allowing users to use the iPhone without signing up with AT&T.

Although Apple fights jailbreaking with each new iOS and hardware release, by the late Steve Jobs’ own admission, it is in a cat and mouse game in that regard. It is therefore very likely that jailbreak hacks will continue to be available that can bypass the Activation Lock, allowing an iOS device to be used to some degree.

How effective this is, however, largely depends on how restrictive Apple chooses to be with its Activation Lock feature. So much of what a modern iOS device does requires communication with Apple’s servers in an unprecedented way. iCloud, the App Store, iTunes, iMessage, FaceTime, Game Center, and even Siri all need to “phone home” to Apple’s servers, and it would not be inconceivable for Apple to block all of these services from working on an Activation Locked iPhone—even one that had been jailbroken. Without access to these services,  a market for stolen iPhones isn’t likely to exist outside of the hacker community. Given the white hat claims made by some hackers, the implications of this for the rest of the community are fascinating.

Further, the device identifiers that are likely being used by Apple for this purpose would be based entirely in hardware and therefore very difficult to alter.

At the end of the day, however, no system is foolproof, and much like jailbreaking in general, the hacking underground may find ways around much of this. Any security model is about deterrence, rather than outright prevention, and the new Activation Lock feature should go a long way in deterring casual theft of iOS devices by rendering the stolen devices useless to the average user.

More Information

For more information on iOS 7, check out big picture iOS 7 guide, and other articles in this series. Note that Find My iPhone will likely change considerably in appearance before the final release of iOS 7.