Newsroom Update

New iPhone photography exhibition features work from five esteemed photographers, all shot on iPhone. Learn more >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Regarding Erasure of a Stolen iPhone

Someone that I have been helping has had their iPhone 12 Pro Max stolen a little over a week ago. Since we had known it was stolen, I panicked a bit and opted to immediately try and erase the phone from Find My iPhone. I am learning that this may have been a mistake. The person who stole the phone has yet to connect it to any source of internet, so it has not erased yet. Does the activation lock work on the iPhone if you just erase it, or does it need to be put into lost mode first? If it does need to be put into lost mode, what should I do? I need to cancel the erase to put it in lost mode, but I worry that if I cancel the erase to do so, some issues may arise. To start, if I were to cancel the erase, would there be a cooldown period before I can try to erase it again? I would like to ideally cancel the erase, put the phone into lost mode, and then try to erase it again. Is this a risk worth taking or should I just leave it as is? I wouldn’t want to give the person who has stolen the phone a chance to fully use the phone with access to the internet, but I worry if they have a way to get past the normal 4 digit passcode they could still access plenty of information without connecting to the internet. And just to add, we have already notified the service provider, but I don’t think that changes much regarding this issue. Thanks.

iPhone 12 Pro Max

Posted on Mar 6, 2022 4:54 PM

Reply
Question marked as Apple recommended

So long as you don't remove it from the list of devices, it will still be activation locked after erasing it. A 12 Pro Max can still be tracked using find my after it's been erased.


Posted on Mar 6, 2022 5:08 PM

Similar questions

29 replies

Mar 7, 2022 6:31 PM in response to Lawrence Finch

Well I thought I was done for tonight but coincidentally enough apparently my friend did get two texts concerning this. One claimed to be Apple saying that they recovered the phone and was asking for the password and the other had something to do with a subscription. He ignored them both. This is at least somewhat reassuring, because it makes me think that they aren’t able to do anything with the phone for the time being.

I am somewhat curious however, do you know how they would have gotten his number?

It is the same number as his phone that was stolen, as he managed to have his service providers transfer the phone number onto his new phone. I am just confused as to how they would know what number to contact.

Mar 7, 2022 7:52 PM in response to Lawrence Finch

Sounds good. Do you think I should try to convince him to change his number? He is worried about losing all of his contacts and having to have his contacts put in his new number, along with social media, etc, but I worry that these people will continue to pester him with aggressive spam as time goes on and he might accidentally fall for something one day.

Mar 8, 2022 7:53 AM in response to ApplePerson1978_

Contacts are associated with email accounts, not phone numbers, so changing the number won’t affect contacts. But his phone number is used for 2 factor authentication for many sites and activities, so don’t change it unless it becomes a nuisance, and if it is changed it would have to be changed with all of those places that require 2FA.


Also, this would be a good time to create alternate ways to get 2 factor authentication codes for the Apple ID. Log in to https://appleid.apple.com and click on Account Security to set these up if they aren’t already.

Mar 8, 2022 1:57 PM in response to Lawrence Finch

Okay, that all makes sense. I have a few more questions regarding all of this, some are my own and some are some questions that my friend has after he talked about it with his coworker today.

  1. So regarding the SIM card, they weren’t actually able to access anything when they put the SIM card in the other phone right? I honestly just don’t understand how that SIM card thing works. All they got from it was his phone number correct? They weren’t able to access anything else? They weren’t able to bypass the activation lock?
  2. My friend was very worried today as his coworker said that whoever has the phone may take it to the nearest Apple store and claim that they tried to erase the phone because they thought they lost it, but now they found it and they don’t remember their Apple ID password to get past the activation lock. It wouldn’t be in lost mode, because as I previously said we went straight to trying to erase the phone without putting it into lost mode. Would an Apple worker have the ability to give them access to 1. the phone and/or 2. the Apple ID password assuming they believe that it was that person’s phone?
  3. This is similar to number 2, but if the person who has the phone tried to claim the same thing as in question 2, but online through the Apple website, would that work for them either? Whether it’s through Apple’s website, some customer support email type thing, or on the phone with an Apple representative, would he 1. be able to access the Apple ID password and 2. be able to access the phone?
  4. Would someone familiar with activation lock be able to “jailbreak” the phone and bypass all the passwords? I am not entirely sure what “jailbreaking” is on an iPhone, but my friend seemed worried that some experienced may be able to bypass the activation lock and other security precautions using said method. Is this a worry?


Mar 8, 2022 2:44 PM in response to ApplePerson1978_

ApplePerson1978_ wrote:

1. Okay, that all makes sense. I have a few more questions regarding all of this, some are my own and some are some questions that my friend has after he talked about it with his coworker today.
So regarding the SIM card, they weren’t actually able to access anything when they put the SIM card in the other phone right? I honestly just don’t understand how that SIM card thing works. All they got from it was his phone number correct? They weren’t able to access anything else? They weren’t able to bypass the activation lock?

The SIM card has no data on it. All it has is a code (ICCID) that maps the phone number to the network. It doesn’t even contain the phone number itself, just a code that the carrier’s network maps to the phone number.

. My friend was very worried today as his coworker said that whoever has the phone may take it to the nearest Apple store and claim that they tried to erase the phone because they thought they lost it, but now they found it and they don’t remember their Apple ID password to get past the activation lock. It wouldn’t be in lost mode, because as I previously said we went straight to trying to erase the phone without putting it into lost mode. Would an Apple worker have the ability to give them access to 1. the phone and/or 2. the Apple ID password assuming they believe that it was that person’s phone?

No, Apple employees cannot remove activation lock. Apple security will remove it only for the original owner of the phone, who can prove they own it with the original bill of sale and a matching ID. And even then it takes 2 weeks to process.

. This is similar to number 2, but if the person who has the phone tried to claim the same thing as in question 2, but online through the Apple website, would that work for them either? Whether it’s through Apple’s website, some customer support email type thing, or on the phone with an Apple representative, would he 1. be able to access the Apple ID password and 2. be able to access the phone?

No, the only way is using Account Recovery→How to use account recovery when you can’t reset your Apple ID password - Apple Support (CA)

. Would someone familiar with activation lock be able to “jailbreak” the phone and bypass all the passwords? I am not entirely sure what “jailbreaking” is on an iPhone, but my friend seemed worried that some experienced may be able to bypass the activation lock and other security precautions using said method. Is this a worry?

No. The phone must be unlocked to jailbreak it, requires an internet connection and the phone can not erased. And as soon as it has an internet connection it will be erased. And jailbreaking does not bypass activation lock, because activation lock is an attribute of the Apple ID account on Apple’s servers.

Mar 8, 2022 5:53 PM in response to Lawrence Finch

Thank you, you have once again been a great help. I just finished talking with my friend. He is relieved to hear a lot of the things you have said, but he is also worried that I did not word my some of my questions precise enough. So he has 5 questions to ask that I will quote directly. They are basically exactly what I have asked before, so I’m mainly doing this to put him at ease. Sorry if any of this is getting repetitive.

  1. Even though we tried to erase the iPhone without first putting it into lost mode, the activation lock was still turned on, correct?
  2. And to make sure, activation lock is a lock on the iPhone that requires the Apple ID’s password to access the phone, right?
  3. Even though the iPhone has been off the internet, including both WiFi and cellular, the activation lock has still activated, correct?
  4. Changing the Apple ID password will in no way remove the stolen device from the account, correct?
  5. Enabling two-factor authentication for the Apple ID account will in no way remove the stolen device from the account, correct?

Those were his questions, I believe you have already answered these sufficiently but if you wouldn’t mind answering them again I’m sure that would put him at ease slightly. I also have 2 pretty simple questions myself:

  1. Given all of the information I have provided you with concerning this situation, do you think that the data on his iPhone is safe? Assuming of course he doesn’t fall for any phishing scam.
  2. Assuming a really bad scenario happens and he accidentally falls for one of the scams, what course of action should we take? Perhaps two-factor authentication would make it so that the people who stole the phone can’t access the account even if they know the password.

Thank you so much for your help thus far, you have been so helpful.

Mar 8, 2022 6:19 PM in response to ApplePerson1978_

ApplePerson1978_ wrote:

1. Thank you, you have once again been a great help. I just finished talking with my friend. He is relieved to hear a lot of the things you have said, but he is also worried that I did not word my some of my questions precise enough. So he has 5 questions to ask that I will quote directly. They are basically exactly what I have asked before, so I’m mainly doing this to put him at ease. Sorry if any of this is getting repetitive.
Even though we tried to erase the iPhone without first putting it into lost mode, the activation lock was still turned on, correct?

yes

. And to make sure, activation lock is a lock on the iPhone that requires the Apple ID’s password to access the phone, right?

yes

. Even though the iPhone has been off the internet, including both WiFi and cellular, the activation lock has still activated, correct?

yes

. Changing the Apple ID password will in no way remove the stolen device from the account, correct?

correct

. Enabling two-factor authentication for the Apple ID account will in no way remove the stolen device from the account, correct?

correct

. Those were his questions, I believe you have already answered these sufficiently but if you wouldn’t mind answering them again I’m sure that would put him at ease slightly. I also have 2 pretty simple questions myself:
Given all of the information I have provided you with concerning this situation, do you think that the data on his iPhone is safe? Assuming of course he doesn’t fall for any phishing scam.

yes, as long as the phone had a passcode and was locked when it was stolen.

. Assuming a really bad scenario happens and he accidentally falls for one of the scams, what course of action should we take? Perhaps two-factor authentication would make it so that the people who stole the phone can’t access the account even if they know the password.

yes, once you have 2FA the password is not sufficient to log in to the Apple ID.

hank you so much for your help thus far, you have been so helpful.


Mar 11, 2022 4:39 PM in response to Lawrence Finch

My friend has once again come up with a number of questions, so I have some new things to ask:


Using the caller id/phone number, is it possible for someone to track the location of a phone with said number on it. He is worried that since they know his phone number, they may be able to track him.

-

So once we change his Apple ID password, will that apply to the activation lock? Or will it require the old password still until the phone is connected to the internet?

Important explanation: The second question is my own. I assumed for a while it would automatically change, but through some testing I have discovered that a lot of things do not update until a phone is connected to the internet. To show an example of what I mean, we took two devices on the same Apple ID and set one phone to airplane mode. We went to the passwords tab in settings on the other device, and unsaved one of the passwords from it. When we went to the passwords page on the airplane mode device, the login information for that site was still there, for only that device. Then when we turned off airplane mode and connected it to the internet, the login information disappeared. I am just curious if the same thing applies for the activation lock. If we changed the password, would the activation lock then require the new password, or would it require the old one until it is connected to the internet?


My next question is basically number 2, but with 2 factor authentication. If we turn on 2 factor authentication, would that update to the activation lock if the phone is offline?

-

Or does 2fa not actually effect the activation lock anyways?


These next questions concern the phishing scam. I understand these questions could vary depending on the scammers, but any insight could be helpful:


Do the scammers ever give up? We are worried they may stop for a few months, then try again in a few months when he has forgotten about all of this, and potentially fall for the scam. Or is it more likely that they just give up on the data after a while?


Do they typically stick to some sort of script, like Apple or police, or will they try other things such as a friend who is texting from another phone?


Will the scammers ever try to get other information like your address for example if they can’t get the Apple ID?


Once again, I understand that this may all vary greatly depending on who is doing the scamming, but if you have any knowledge to share about this, it would be appreciated.


Finally, is there a way to block texts that have certain phrases or keywords automatically? Or maybe to automatically block texts that send certain links?

Mar 11, 2022 5:49 PM in response to ApplePerson1978_

ApplePerson1978_ wrote:

My friend has once again come up with a number of questions, so I have some new things to ask:

Using the caller id/phone number, is it possible for someone to track the location of a phone with said number on it. He is worried that since they know his phone number, they may be able to track him.

No.

o once we change his Apple ID password, will that apply to the activation lock? Or will it require the old password still until the phone is connected to the internet?

Changing the password will change it for activation lock also. See→What to do after you change your Apple ID or password - Apple Support

Iportant explanation: The second question is my own. I assumed for a while it would automatically change, but through some testing I have discovered that a lot of things do not update until a phone is connected to the internet. To show an example of what I mean, we took two devices on the same Apple ID and set one phone to airplane mode. We went to the passwords tab in settings on the other device, and unsaved one of the passwords from it. When we went to the passwords page on the airplane mode device, the login information for that site was still there, for only that device. Then when we turned off airplane mode and connected it to the internet, the login information disappeared. I am just curious if the same thing applies for the activation lock. If we changed the password, would the activation lock then require the new password, or would it require the old one until it is connected to the internet?

It would require the new one, because Apple ID login is to Apple’s servers, not to the phone.

My next question is basically number 2, but with 2 factor authentication. If we turn on 2 factor authentication, would that update to the activation lock if the phone is offline?
-

Yes. Additional advice: Go to https://appleid.apple.com, log in and click on security. Make sure you additional methods to receive 2FA auth codes (“trusted phone numbers”)

r does 2fa not actually effect the activation lock anyways?


2FA protects your Apple ID, not your phone. It is not related to Activation Lock, except as it may be required to authenticate logging in to your Apple ID.


hese next questions concern the phishing scam. I understand these questions could vary depending on the scammers, but any insight could be helpful:

Do the scammers ever give up? We are worried they may stop for a few months, then try again in a few months when he has forgotten about all of this, and potentially fall for the scam. Or is it more likely that they just give up on the data after a while?

Yes, they give up. If you ignore them they will move on to someone else. And long before that they will have sold the phone to some poor slob who doesn’t know about Activation Lock.


Do they typically stick to some sort of script, like Apple or police, or will they try other things such as a friend who is texting from another phone?

Yes, the professionals, at least, are big businesses. Brian Krebs (https://krebsonsecurity.com) has just documented one large cybercriminal enterprise, Conti, that had gross receipts of $180 million last year. While they specialize in extortion, they are typical of the huge criminal cybercrime industry.

ill the scammers ever try to get other information like your address for example if they can’t get the Apple ID?

Yes, some will. There are huge databases of stolen credentials; all of your personal information is online somewhere on the “dark web”, which is why it is so easy to impersonate anyone. Think about the questions you are typically asked to prove your identity: SSN? Street Address? Phone numbers? Credit card numbers? Bank account numbers? Previous addresses? Children’s names? Auto registration? Drivers license number? All of this information has been stolen from various sources (than you Equifax). If you haven’t been impersonated it’s primarily because with hundreds of millions of identities to steal, yours just hasn’t been selected yet. The most important thing you can do is to “freeze” access to your credit history with the 3 major credit bureaus: Equifax, Trans union and Experian), and get credit reports from them to review them for tampering (https://consumer.ftc.gov/articles/free-credit-reports)

nce again, I understand that this may all vary greatly depending on who is doing the scamming, but if you have any knowledge to share about this, it would be appreciated.

Finally, is there a way to block texts that have certain phrases or keywords automatically? Or maybe to automatically block texts that send certain links?

No.



Mar 11, 2022 5:50 PM in response to Lawrence Finch

Additional ideas: Follow Brian Krebs with the link I posted; he is generally up with the cybercriminal world. And also Bruce Schneier (https://www.schneier.com)


Also, on your iPhone take seriously the warnings in Settings/Passwords about compromised passwords, and if you have a Google account they have a similar service for passwords you store with Google.. You should also visit https://haveibeenpwned.com and check your user IDs and passwords to see if they have appeared in any data breaches.

Regarding Erasure of a Stolen iPhone

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.