You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Is there a way to see list of log-in attempts on iphone?

My phone was taken by a known party. It has since been returned, but I would like to determine if they made attempts (failed or successful) to access my personal information. Is there a log that I can access myself? This would be preferred. If not, is this something that can be done via apple or at the apple store?

iPhone 5c, iOS 8

Posted on Jan 8, 2015 7:40 PM

Reply
Question marked as Top-ranking reply

Posted on Jan 8, 2015 9:21 PM

Thank you, ChitlinsCC. I've searched for a good while myself, hence my last ditch effort in hopes that someone here would have an answer. 😟 The user in this case does have personal knowledge and, although my password is not easily guessed, it comes down to a matter of criminality here. The phone was taken last night and then discreetly returned to a lost & found this morning. I know, if I were to question them, they would say they accidentally picked it up or something, but I have good reason to believe otherwise. If they made any log-in attempts (successful or failed), we have proof that their intent was to gain access to and/or use the information found on the phone and can pursue criminal charges. If not, we have little more than a gut feeling to go on.

As I mentioned previously, I have found posts about using 3rd party developler/configuration software to gain access to information of this nature, but no real guidance on where to look within the programs. Being configuration software, I don't want to play with them too much. I found a video on one of the software programs that appears to possibly support your theory that it would only be a temporary file if it does, indeed, exist. I haven't found much yet on the other software, but will continue to look. I appreciate your input!

20 replies
Question marked as Top-ranking reply

Jan 8, 2015 9:21 PM in response to ChitlinsCC

Thank you, ChitlinsCC. I've searched for a good while myself, hence my last ditch effort in hopes that someone here would have an answer. 😟 The user in this case does have personal knowledge and, although my password is not easily guessed, it comes down to a matter of criminality here. The phone was taken last night and then discreetly returned to a lost & found this morning. I know, if I were to question them, they would say they accidentally picked it up or something, but I have good reason to believe otherwise. If they made any log-in attempts (successful or failed), we have proof that their intent was to gain access to and/or use the information found on the phone and can pursue criminal charges. If not, we have little more than a gut feeling to go on.

As I mentioned previously, I have found posts about using 3rd party developler/configuration software to gain access to information of this nature, but no real guidance on where to look within the programs. Being configuration software, I don't want to play with them too much. I found a video on one of the software programs that appears to possibly support your theory that it would only be a temporary file if it does, indeed, exist. I haven't found much yet on the other software, but will continue to look. I appreciate your input!

Jan 9, 2015 8:09 AM in response to ChitlinsCC

It really is, and quite frustrating. After a lengthy call to tech support and speaking with multiplr levels of support/security this morning, I was advised that a log exists on the phone, but no one had any ideas or suggestions as to how it might be accessed. It's a "developer" issue and beyond the scope of the Genius Bar. I've called every iPhone repair place in town, thinking a techy person might have the knowledge and software to do so. No luck. My service provider suggested law enforcement. LE said they don't know of a way to access the info, which I find hard to believe since they can access SO much info during major cases such as kidnappings and such. They were asking me to check Internet history. What the heck? I'm not concerned with whether or not someone was surfing the net on the phone, nor do I think that's where someone with malicious intent would spend their time. I don't want, necessarily, to have anyone tossed in jail, but I certainly want to know if our privacy has been breached or if an attempt to breach our privacy has been made. Ugh! 😟

Jan 8, 2015 9:05 PM in response to cman1533

I understood your question - and your concern. I had hoped the fact that the security feature is a tough nut to crack might be of some consolation. Passcodes are almost impossible to guess, unless the guessER has special knowledge of you. The PIN code has been industry standard in the financial world for decades - but alas, a lot of folks use their birthdate or the digits of their street address.


I searched (which I am pretty good at) and found nothing here in the World of Apple that indicates that there is a log file (which I agree that there MAY be) that is user accessible using the iOS features or any other method. Google was not forthcoming either in the time I devoted there.


It is possible that IF this file exists it may not be permanent so that is a running total of all attempts since one first turned on the phone. It could be like a cookie in a browser or somesuch that resets when one gets by the temporary lock out by correctly entering the passcode. Although robust, iOS is not OSX.


If I had an acquaintance that had possessed my phone for a period of time, I would probably rely on subtle interrogation methods. Most times people are terrible liars. Additionally, I would take actions AS IF the damage had occurred. Better safe than sorry.


best luck

ÇÇÇ

Jan 8, 2015 8:21 PM in response to ChitlinsCC

Yes, I understand about the disable feature after multiple failed attempts. I would like, however, to know if they managed to guess my password and access my phone - or even attempted to access. If no attempt was made, I would feel better believing that it was an honest mistake, picked up accidentally. If, however, my phone was accessed or attempts were made to access, this was intentional and possibly criminal.

Jan 8, 2015 9:46 PM in response to cman1533

You could think of an encounter with this person as a poker game. Look for "tells" in their body language and voice. Inconsistencies in answers to the same question rephrased is a sure thing! No real need for direct accusation, just "feel 'em out". Wouldn't suggest it if your actions here didn't indicate intelligence level adequate for the task. If a cop can do it, why can't you? Worth a try?


Back to the FILE. Know an attorney? Private investigator? Attorney would know a PI. A PI would likely have the tools at hand.


Again, I would take action as if the worst had happened and 'tidy up' later. A shame how some folks are.

Jan 9, 2015 8:51 AM in response to cman1533

Well, at least one thing is cleared up - the file is there, Now to get at it.


When they say "developer" issue, they don't mean a repairman. They mean a programmer or an App 'developed' by an author that works on Apps that address iOS. If an App exists or can be made - a "Developer" is it. Odds are that one exists, but is for a "niche" market.


LE most CERTAINLY has it, but they are not in the business of just fishing for IF a crime has been committed. When they suggested 'internet history' , they were suggesting a low(er) tech way of checking to see if someone has been on your device. But sadly, you are not a wifey checking on her hubby's p*** practices.


I am still going to suggest a Private Investigator - who, like LE, likely have the technology, but aren't as picky about rules and regulations - I would ask one of my several attorney friends or my former FBI Special Agent pal for a referral.


don't be sad - or get mad - get EVEN

ÇÇÇ

Jan 9, 2015 9:17 AM in response to IdrisSeabright

Great idea (all this talk of developers, and such) - let's see what the OP thinks... if they want, maybe we could just get this one moved there?


Just to remind you, the OP has stated on more than one occasion that they really don't wanna do this themselves for fear of inadvertently harming the phone - which is why I am an advocate of a professional that has the tool in hand - which may well be a developer-PI-jack-of-all-trades?


Added advantage in the PI course of action is that it would then be seamlessly easy to take LE action with the chain of custody intact - 3rd party and all that. (Maybe I watched too much Magnum PI, et al )


It really IS a matter of Identity Theft as opposed to a true technical question (unless you count the now moot point of whether the file exists)

Jan 9, 2015 10:05 AM in response to IdrisSeabright

Meg St._Clair wrote:


I doubt very many PIs are iOS developers. And, they're expensive in most areas. Someone in the dev forums may be able to recommend a method, applicatioin or third party service that actually knows how to do this.

Regarding your first point, my tongue was firmly in cheek, as yours may be as well(?).


PI pricing is not the issue, identity theft IS and THAT can be VERY expensive.


Yes, I agree with all points and said as much - BUT, my point about chain of custody in future legal proceedings is not only valid but critical - the only option you mention that fits that bill is 3rd-party service. This is no longer solely a tech question, as the OP has opined.


best regards, as always

ÇÇÇ

Jan 9, 2015 10:45 AM in response to cman1533

If someone untrustworthy has had physical access to your phone, it is safest to simply assume that it has been compromised. Restore the phone from a backup made prior to the incident and change any account passwords. If you have sensitive personal information - such as credit card numbers, social security numbers, bank account numbers, etc - in unencrypted form on your phone, those should be assumed to have been compromised as well and monitored carefully. (And, in the future, don't put this kind of information on your phone unless it is locked up in an encrypted file of some kind, such as in an app like 1Password.)


As to whether you can determine whether the phone was actually accessed... I think you're chasing your tail on that one. It certainly may be possible that the failed lockscreen login attempts are logged somewhere, but if so, what those logs might tell you doesn't necessarily mean anything. For example, with physical access, someone could connect the phone to a computer and use special software to download data, without unlocking the phone.

Jan 9, 2015 11:46 AM in response to cman1533

Regarding your efforts to crack the logfile, I did some back-channel asking around.


The most trusted source says that you have already tried the only relatively "Easy to use" tool available [ your post -- Jan 8, 2015 9:41 PM ] and are not confident using it, much less other more robust tools.

<EDIT - link and reference removed by me - ÇÇÇ>


He is not confident that any data observable would be "decipherable" in the sense that you wish - likely to be gibberish, to the layman.

Is there a way to see list of log-in attempts on iphone?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.