Soon after Apple debuted the completely redesigned iOS 7 on June 10, 2013, it became obvious that the iOS user experience has changed enough to merit a public re-introduction—a forward-looking discussion of the updated user interface and integrated apps. Over the next week, our series on iOS 7 will look at every key section of Apple’s new operating system, starting with setting up iOS devices, the new Lock Screen and Home Screen, then continuing through other major UI elements and built-in apps. For a broad look at all of iOS 7’s changes from iOS 6, check out our big picture look at iOS 7, published on June 10, as well as our articles on iOS 7 setup, the Home Screen, and Lock Screen. Note that some features and graphics may change before iOS 7’s final release.
About Activation Lock
While Apple was generally ahead of the curve with Find My iPhone, an app designed to reunite users with lost or stolen devices, the feature suffered from one very important weakness: anybody who finds your device can easily erase it, thereby removing almost all of the tracking and location features before turning it into a “good as new” product.
Apple hopes to address this problem with “Activation Lock”—a new feature in iOS 7 that effectively ties your iPhone, iPad, or iPod touch to your iCloud Apple ID even after it’s been completely wiped and erased. The idea here is to deter theft of iPhones and other iOS devices by rendering them all but useless to would-be thieves.
Activation Lock is based in technology that has been used by Apple since the debut of the original iPhone in 2007. Every iPhone has had to “phone home” to Apple’s servers for authorization before it can actually be used. In the early days, this was a form of secondary carrier-lock, ensuring that devices were properly signed up for service with AT&T before they could be used. For whatever reason, Apple chose to extend activation to non-carrier iOS devices such as the iPod touch. In essence, until you plugged into iTunes and “activated” your device, it was essentially a brick.
While the appropriateness of such a feature has been debated for years, it has opened the doors to a new security model. Since a device cannot be “activated” without talking to Apple’s servers, it’s now fairly easy for Apple to refuse to activate a device that’s still registered under somebody else’s Apple ID.
Apple is now preventing third-party developers from using Unique Device Identifiers (UDIDs), but it still has access to a virtual serial number that identifies a given device, and can associate it with a specific Apple ID.
Enabling Activation Lock
You won’t find a setting in iOS 7 to specifically enable Activation Lock, however. This is because Apple has transparently integrated this into the “Find My iPhone” app and related feature that has been part of iCloud and MobileMe for several years. The assumption seems to be that if you’re interested in tracking your iPhone, iPad, or iPod touch, you’re likely also interested in using Activation Lock.
In iOS 7, once Find My iPhone has been enabled, it can no longer be turned off without supplying the user’s iCloud password. This prevents the Find My iPhone feature from being too easily disabled, but now more importantly prevents the Activation Lock from being easily bypassed.
Location Services can still be disabled without requiring a password, but Find My iPhone will now automatically re-enable Location Services temporarily whenever the device’s location is requested.
An iOS 7 device that has Activation Lock enabled via the Find My iPhone feature cannot be restored through iTunes without specifically disabling Find My iPhone, which of course requires the iCloud password to be entered.
iOS 7 still provides an option for directly wiping an iOS device under Settings, General, Reset, however if Find My iPhone is enabled, the user will be required to enter the iCloud password before the device can be wiped. Doing this disables the Activation Lock as the user is obviously wiping the device deliberately.
Setting up an Activation Locked Device
Both iTunes and iOS prevent a device from being wiped normally while it has the Activation Lock feature enabled, which itself acts as a deterrent for the casual user. There are still ways to forcibly erase and restore an iOS device, however, and as a result the Activation Lock provides an additional line of security, preventing the device from being activated by Apple’s servers until the original owner’s iCloud Apple ID and password are provided.
The current shipping version of iTunes 11 seems to already know how to deal with this, and will advise the user that the connected device is locked and require that he or she enter the Apple ID that was used to set the device up originally.
This same procedure applies to using the iOS setup assistant, which will stop the user at the normal activation screen, prompting for the same information.
In fact, even iOS 6.1.3 has some awareness of the Activation Lock. Downgrading an Activation Locked iOS 7 device will still prevent it from being activated under the older iOS version.
In both scenarios, a hint is provided for the Apple ID to help the user remember which iCloud account may have been used for the device, but until those credentials are entered, the device is effectively locked and rendered useless.
Find My iPhone and Remote Erase
iOS 7 also adds a new feature to the Find My iPhone app that allows users to not only take advantage of Activation Lock but also allows you to display a phone number and custom message that will appear on the target device after it’s already been erased. This message will also appear as a dialog box if the device is connected to a computer running iTunes.
While remotely wiping a device will still cause you to lose the ability to actually track the device, at least you can now guarantee that your personal information is securely erased while still leaving some contact information to hopefully allow an honest finder to return your device back to you.
The process itself works in much the same way as engaging the “Lost Mode” introduced in iOS 6, prompting you to enter a phone number and a message before erasing the iPhone. Once this has been done, the erase request is sent out and the Find My iPhone app provides a note confirming that the device has been erased and how long ago the erasure occurred.
Even with the message displayed, a user can still initiate the iOS setup assistant in the usual way, however he or she will be stopped at the activation screen and prompted to enter the iCloud Apple ID and password to continue. In this case, the note clearly indicates that the iPhone in question was “lost and erased” and provides no hint of the original Apple ID that needs to be entered to activate the iPhone. This also works in much the same way if the device is connected to iTunes.
So, How Secure Is This, Really?
The process of jailbreaking an iOS device bypasses Apple’s activation process entirely. In fact, this was the reason for the very first iPhone hack about a week after the original iPhone was released, allowing users to use the iPhone without signing up with AT&T.
Although Apple fights jailbreaking with each new iOS and hardware release, by the late Steve Jobs’ own admission, it is in a cat and mouse game in that regard.