Why iOS 7’s Activation Lock Is a Disaster Waiting to Happen

thingThere’s no question that the iPhone 5S and iOS 7 together make for the best phone ever made.

The din of offhand, dismissive criticism from the Android fan base that Apple never innovates should be silenced, at least for awhile, given that Apple now sells the only dual-tone LED flash; the only 64-bit mobile CPU; the only 64-bit OS; the fastest touch-screen performance phones by far; the only wide-scale deployment of Multipath TCP; and the only useful, usable and widely used fingerprint scanner ever placed on any consumer electronics device.

Yes, there’s plenty of petty grousing. And who knows what competitors will ship tomorrow?

But today, it’s clear that Apple rules the smartphone market.

The Android fan critics now also have to contend with a razor sharp, concise rebuttal to the cacophony of general criticism of Apple by Apple VP Craig Federighi: “New is easy. Right is hard.” He said that after referring to Samsung by saying that Apple “didn’t start opportunistically with 10 bits of technology that we could try to find a use for to add to our features list.” Ouch!

Unfortunately, iOS 7 is going to cause some huge problems that nobody is talking about yet, but will do when the unwanted bricking epidemic starts.

The Looming Activation Lock Crisis

Everybody’s praising iOS 7’s new Activation Lock. And, yes, it’s a great feature.

Activation Lock bricks your iPhone or iPad when you report it lost or stolen with Find My iPhone. Once bricked, the device cannot be used by whomever is in possession of it.

This is a great deterrent for “Apple Picking” crimes where thieves deliberately look for white earbuds to jack Apple devices based on their high re-sale value.

Activation Lock is great, but also introduces new problems. In addition to iPhone and iPad being victimized by theft, these thieves will now sell those devices in their bricked state to users too naive to check for Activation Lock before handing over the money. Yes, theft will go down. But some thefts will now have two victims instead of one.

The problem with Activation Lock is that there is no system for unbricking devices by their rightful owners, no Apple Court of Appeals.

As a result of that, using Activation Lock will become the best way for disgruntled employees to take a parting shot after being fired. They will report their device lost, then turn it in and leave. After that, the company will no longer be able to use the device, even though the company owns it.

Someone I know personally works for a Silicon Valley startup. They recently hired a new employee and bought him a MacBook Pro with Retina. That employee associated the laptop with his own iCloud account (allowing him to do this was a mistake on the part of the company).

Anyway, it didn’t work out and the employee was fired. In retaliation, he remotely wiped the MacBook Pro, and put a firmware lock on it.

So the company went through a time-consuming process of trying to get Apple to unlock it. In the end, they simply said no. Because the laptop was associated with the fired employee’s iCloud account, they would not unlock it.

Apple’s policy is iron-clad. If a device is locked by an associated iCloud account, they will not unlock it unless you know the password to that account — even if you show the receipt proving you are the person who bought it!

They were willing to let a brand new MacBook Pro be bricked forever.

(The story has a happy ending — the company eventually tracked down the employee and convinced him to unlock it.)

Now that Apple is rolling out Activation Lock at Apple scale — we’re talking hundreds of millions of people — mishaps are surely going to happen.

Activation Lock will also be used by a-holes who manage somehow to hack someone’s Apple account. They will impersonate the owner, and use Activation Lock to brick the phone as an evil prank. Usually, hacks can be recovered from. But not hacks that involve Activation Lock. Once they flip that switch, it’s over for those devices.

But here’s the worst part: Forgetting your Apple ID password could mean you and nobody else will ever be able to use your iPhone or iPad again. Apple has industry-standard means by which you can reset your password. Some unknown percentage of people are unable to do this for a variety of reasons.

Apple says this in their iCloud help file for iOS 7 Activation Lock: “If you forget your password and cannot reset it, you will lose access to your Apple ID and may be unable to use or reactivate your device.”

http://support.apple.com/kb/HT5818

So now the hassle of being unable to reset your password comes with it a bricked device, potentially.

All these bricked devices represent a needless environmental problem. Perfectly good gadgets will have to be recycled.

Activation Lock is a powerful new feature. But with great power comes great responsibility. Apple needs to set up some mechanism by which the rightful owners of Activation-Locked iPhones and iPads can un-brick them.

Until they do that, this feature is seriously flawed. Disgruntled employees, hackers and password problems can all prematurely end the useful life of your iPhone or iPad.

(Note: This post was updated to include the story about the MacBook Pro.)

  • Adrayven

    The disgruntled employee thing is dumb.. this is a BYOD time.. more than 50-70% of companies are now bring your own device when it comes to cell phones. They just re-imburse you for part or all of your cell bill. To me, this makes it a non-starter..

    Past that, not that many companies even provide or reimburse for phones. The average person this is silly to even think about as their company doesn’t provide or reimburse.

    Hackers / password problems Apple has a path for recovery.. sooo, ahhhh, yea, this is an article looking for a problem.

  • Whodakat

    I’m sure Apple can unbrick the phone if you can prove its yours. LOL Oops, I hit the wrong button, toss the phone in the trash. Don’t be an idiot Mike.

  • Gregory Wright

    I must say I don’t see a problem. Anyone who buys an iPhone or iPad without ascertaining the seller is the rightful owner and receiving the unlock credentials is a fool or is buying a product s/he knows is stolen. In others words, the victim is committing the crime of receiving stolen property. Shame on him or her. S/he is getting his or her just reward.

  • MoxleyQue

    “The problem with Activation Lock is that there is no system for unbricking devices by their rightful owners, no Apple Court of Appeals.”

    Um, don’t you just need to enter your Apple ID and password after it’s been reported lost or stolen? That’s what an e-mail I got from Apple the other day says.

  • iFan41

    What a silly article.

  • ChrisLeSure

    “Apple needs to set up some mechanism by which the rightful owners of Activation-Locked iPhones and iPads can un-brick them.”

    What on Earth are you talking about, Mike? I think you are confused on how this feature works. The phone can only be remotely wiped/locked from the iCloud account the phone is tied to via the Find My iPhone app. Once the Activation Lock has been activated, it can only be undone by using the same Apple ID that YOU used to wipe it (the ID that the phone is tied to; yours).

    Only the rightful owners of the Activation-Locked iPhones and iPads can “un-brick” them. No one else.

  • kevinscheer

    I just created an account to to say how wrong/confusing this article is. For all those lucky enough to read the comments prior to the article please go to next post!

  • edmar305

    I just created this account to say that you’re lucky you cant be sued or fired for this type of shit. Oh wait you can! Just because you have the ability to write an article on your opinion on here doesn’t mean you should. Keep it to yourself and do some more research before you write and if thats too much for you then just ask some body.

  • CoyoteDen

    What a bunch of crap. Companies that provide devices can manage them centrally, which means activation lock is perfect for preventing ex-employees from stealing corporate devices.

    If your Apple ID is compromised and your device is wiped/locked… Yeah, you have to get control of your Apple ID back. You have bigger problems than a bricked phone if you don’t.

    As for buying stolen property? Your fault. If the phone is activation locked, there is no way you can deny something shady is going on.

  • msidoric

    Sadly, Mike left his computer unattended and some idiot used it to file this….
    Elgan would have known better — this fool made mistakes that dear Mike never would have…
    As my seventh grade teacher Eunice Pickering cautioned: we never guess — we look it up.
    ‘Get your facts first then you can distort them as much as you wish…’

  • Lipmin

    This is a misleading article. I would propose Mike to rewrite it. The title is already bad. Perhaps it should be titled “Before You Bring an iPhone Home If It’s Loaded with iOS 7″. Teach the readers steps to prevent buying a bricked phone, but not to deceive readers that iOS 7 is a potential disaster.

  • mark_hunte_

    OMG. Did you have nothing better to do that write this tosh.

  • ssabpisa

    you are right but the chance of anyone forgetting their password (after having successfully logged in to iCloud via their computer to lock the device) is like what, negative infinity?

  • Eurofag

    I suggest removing this article, because the whole idea behind it is WRONG.
    “The problem with Activation Lock is that there is no system for unbricking devices by their rightful owners, no Apple Court of Appeals.”
    What the hell are you even talking about? You just have to sign in with the applied which was used on the phone.

  • KTGHowie

    It’s only a “disaster waiting to happen” if owners are negligent. After over 30 years of computers being in homes and in the workplace, don’t you think it’s time for people to start taking passwords seriously? With the exception of kids, and old people, I really don’t have any pity for people who refuse to learn how to choose strong passwords, and then remember them. Several years ago, I figured out what random key combinations were easy for me to type and remember. From that, I have created every password for the various accounts that I have. It really isn’t that hard. Someone will have a problem with Activation Lock only if they didn’t do a good job of finding a way to remember their passwords. When creating a password, it helps to type it out in some kind of text editor first so that you can figure out the best way to meet the password requirements, and choose something that you won’t forget. This article had an opportunity to inform the readers about a new feature in iOS 7, but it has instead scared a lot of people away from using Activation Lock. If someone steals my iPhone or iPad, I’m glad I have at least one way to make the process of selling them a lot harder. If Apple had a service that would send some thugs to beat the hell out of the thief, that would be worth a lot more than the yearly cost of iCloud :)

  • Ictus75

    More high school level journalism, or is it Cult of Android trollism? Just because you can type, doesn’t make you a writer or journalist! I’m extremely disappointed with the poor quality articles on Cult of Mac recently. Might be time to get some real writers with real news stories!

  • technochick

    The rightful owner knows the iCloud sign in. So it’s not an issue for that person

  • technochick

    you are right but the chance of anyone forgetting their password (after having successfully logged in to iCloud via their computer to lock the device) is like what, negative infinity?

    A forgotten password can be reset

  • Andrew John

    Its akin to saying an employee can lock out his work computer if he become disgruntled. Any employer worth his salt, wouldn’t allow a work phone to be administered by the employee. Simple. Any employer that does, is an idiot. A bit like the “author”. What, we had a night out last night Mike?

  • jmiah28

    I guess I am a glutton for punishment because I always end up reading the comment section of a story. Seriously, perhaps the English majors amongst us should have sprung for a different degree! They obviously can’t find a job and delegate themselves to be the Grammar Nazis of the internet.

  • Macguy59

    “The problem with Activation Lock is that there is no system for unbricking devices by their rightful owners, no Apple Court of Appeals”

    Isn’t this statement misleading ? Of course the rightful owner can “unbrick” it so long as they know their iCloud login/pass combo.

  • piepmanscher

    As this whole article doesn’t make any sense I’d really like to know the reason for writing it in the first place. Maybe Mike just bought an iPhone from somebody and it turned out that this device was stolen and cannot be unlocked now? Maybe this made him angry?

  • JoeRosser93

    i now have a useless iphone! my phone was automatically set to my old icloud account which i dont even know the password reset info for. so when i came to wipe it and update… BOOM! its locked to that account! apple CAN NOT manually reset your password without specific info that their system recognises which means its unreachable to human hands even if you can prove your identity. its a pathetic system, i should be able to prove my purchase and get a FREE hardware reset! (if one exists). seriously needs thinking out this system! screw iOS im totally onto android after this waste of money and time

  • ctt1wbw

    i now have a useless iphone! my phone was automatically set to my old icloud account which i dont even know the password reset info for. so when i came to wipe it and update… BOOM! its locked to that account! apple CAN NOT manually reset your password without specific info that their system recognises which means its unreachable to human hands even if you can prove your identity. its a pathetic system, i should be able to prove my purchase and get a FREE hardware reset! (if one exists). seriously needs thinking out this system! screw iOS im totally onto android after this waste of money and time

    Yeah because you don’t have to do the same thing with a Google account to use an Android phone. Wow, the comments these days.

  • Mike

    piepmanscher That’s such a great comment. I’m going to update the column shortly and tell exactly why I believe Apple won’t do anything when a legitimate device is Activation Locked.

  • Mike

    Because of the incredulity around my claim that Apple won’t unlock devices belonging to their rightful owners, I’ve added the following true story to the piece:

    Someone I know personally works for a Silicon Valley startup. They recently hired a new employee and bought him a MacBook Pro with Retina. That employee associated the laptop with his own iCloud account (allowing him to do this was a mistake on the part of the company).

    Anyway, it didn’t work out and the employee was fired. In retaliation, he remotely wiped the MacBook Pro, and put a firmware lock on it.

    So the company went through a time-consuming process of trying to get Apple to unlock it. In the end, they simply said no. Because the laptop was associated with the fired employee’s iCloud account, they would not unlock it.

    Apple’s policy is iron-clad. If a device is locked by an associated iCloud account, they will not unlock it unless you know the password to that account — even if you show the receipt proving you are the person who bought it!

    They were willing to let a brand new MacBook Pro be bricked forever.

    (The story has a happy ending — the company eventually tracked down the employee and convinced him to unlock it.)

    Now that Apple is rolling out Activation Lock at Apple scale — we’re talking hundreds of millions of people — mishaps are surely going to happen.

  • dbwie

    Well, you can get a recovery key for your Apple ID, to give you an extra chance to recover your password. I did that and I have it stored in 1Password. Now, I just cannot forget my 1Password password! Why not include a link so the readers can learn more about their AppleID? Like this one… https://appleid.apple.com/us

  • Harvey Lubin

    This seems like an easily solved problem, and not a “disaster” at all.

    There are several things that the employer can do to either prevent or regain the functioning of a device locked by a disgruntled employee:

    * For notebook and desktop computers, simply have the company make itself the administrator, and the employee who does not own the computer be made a user without admin privileges. He then can’t lock the computer up.

    * For smartphones that (currently) only allow one user (or even also for other computers), the company that owns the device should (if they don’t do this already) hold a full deposit from the employee for the full price of the phone, paid back when the phone is returned in good condition. If the phone is locked up or destroyed by an angry employee, they lose their deposit.

    If a company owns any device that it LOANS long-term to an employee, they only have themselves to blame if they don’t cover themselves like this.

    But if the company GAVE the device to the employee as a gift or part of their contract with the company, then the device rightfully belongs to the employee, and the employee would be crazy to lock up their own device. ;-))

  • Harvey Lubin

    Someone I know personally works for a Silicon Valley startup. They recently hired a new employee and bought him a MacBook Pro with Retina. That employee associated the laptop with his own iCloud account (allowing him to do this was a mistake on the part of the company). Anyway, it didn’t work out and the employee was fired. In retaliation, he remotely wiped the MacBook Pro, and put a firmware lock on it.

    My wife received a laptop on loan (it is still owned by the organization) to use for work. She has no admin privileges to do anything… even install software that the organization does not want on it. The computer still belongs to, and is fully controlled by the organization. Any new software or updates can only be installed by admin staff…

    … In other words, your example of an employee locking up a device that doesn’t belong to them, would be totally impossible.

    The fact that your friend’s employer only loaned the device, but gave full control of it over to the employee, is the company’s fault, and was not a very intelligent thing for them to do. Hopefully they have learned their lesson the hard way, and will not do the same thing with future device loans to employees.

    Also, I don’t know if it is commonplace or not, but employers should only loan full time devices to employees with receipt of a full deposit of the replacement price. Worse than just locking up a device, a disgruntled employee could take off with it or destroy it. When that happens, they lose their deposit, and the device is theirs.

  • uclaxray

    I want my 2 minutes back. May be the dumbest article ever on this site.

  • QJeremiah

    What to do?
    Build security stuff that works “just a little”?

  • hypnotoad

    Needlessly dramatic, Mike. If you can’t remember your password, write it down and store it in a completely different place. It’s not hard. As for buying a bricked device – caveat emptor. Buying second-hand always involves some risk.

  • soy

    “But some thefts will now have two victims instead of one.”

    What? Buying stolen goods (knowingly or not) is a crime in quite a few countries.

    • DRam

      I bought my Mac Book Pro 18 months ago from Future Shop. Now it is locked and apparently it is stolen. Future Shop does not take responsibility even though I have a receipt. My 1800 is out the window.

      • Annie Haberman

        Exactly. Totally f’d up.

  • Mike

    Yes, smart people and companies need to do specific things to prevent this, and Apple spells these out in the documentation. However, this feature is being deployed to first dozens then hundreds of millions of users. Stuff is going to happen. It’s going to be a PR nightmare for Apple, because perfectly good devices will be rendered unusable. Apple will be accused of being anti-environmental, and also of profiting from this (because people will need to buy a new iPhone or whatever). Don’t worry, I’ll be back to say I told you so.

  • darren_paxton

    I still can’t believe the sensationalist attitude of this article, I would expect as such from tabloids and scare-mongerers but not a respected apple site. Mike you’ve yet to make a decent new argument in response to the counters pointed out here regarding use-case scenarios.

  • Mike

    hypnotoad I totally agree with that, and that’s the kind of thing I’m advocating here.

  • Mike

    QJeremiah No, as I said, Activation Lock is a great feature. Users need to be very careful. And Apple needs to publicly announce a process for Activation Lock lockouts that happened by mistake or hack attacks. That’s all.

  • Jack Gnasty

    Mike, I appreciate the forward looking mentality but I don’t think this will be a real issue. For one, in order to wipe the device, you need to login with your id and password. As for the problem with disgruntled employees, that’s what the last paycheck is for. Hand in a bricked phone, and they hold onto that last paycheck. Simple. Third, only a mental midget is going to cry about the environment as a priority over safety and crime.

  • Alex_Castro__

    I find a number of the scenarios to not make much sense or be heavily contrived. The firmware lock scenario has nothing to do with Activation Lock. This has been possible for many years on any Intel-based machines. If an employee makes a device useless, then you take it out of their paycheck, or press charges against them. The easy way to avoid this is to not give employees admin rights on the laptop, but only give them a user level account which doesn’t allow them to do this.

    If you forget your Apple ID then you do what you do today when you forget your Apple ID. You reset your password. If I purchase a new machine or device and forget my Apple ID/password, I would loose all my music, videos, apps, etc., that I’ve purchased. This scenario existing before Activation Lock. Not sure what the big deal is here.

    This does seem a bit overly dramatic and certainly mis-informed.

  • CoryCorrupted

    Yeah, I’m not sure some of these are even a valid argument considering one must first know the password to your Apple ID AND submit the lock request prior to being “locked out” by a forgotten password. If you forget your password from the time you submit the lock request to the time you retrieve your phone, you should NOT have a smartphone! And a lot of the other points you brought up can be resolved by resetting the password. I don’t see these being too much of an issue.

  • halimsujanto

    What if, someone died in the family.. Can’t the rest of the family use their electronics?

  • millerxfi

    I for one very much appreciate this article and feel its an absolute deal breaker for many businesses. I wonder how many of those that have commented actually run an IT Department. I do unfortunately and this new security feature may very well spell the end of our usage of any IOS devices company wide, currently about 125.

    Part of the reason we went with Apple is we can allow users to use their own iTunes accounts to download what they wish to the phone. If we start to restrict access to the App Store, or settings and features in the phone, what benefit does the phone have over an Android or Windows device? I’m bracing for the fan boy blow back.

    I received my first $600 paperweight this week because the 4S is locked by a terminated employee. Sure we can send the goons and force them to unlock it, but goons are more expensive than phones.

  • PaulCarmody

    I know this is an old article, but I came here to say that this Activation lock is already a real and serious problem with Enterprise deployment of iOS devices. I work in the IT department of a Fortune 200 company, and we’ve already gotten back several iPhones from terminated employees which were locked by their Apple ID. I don’t really think this was done knowingly by the employees; I think it was just the standard “turn in your company phone” step of a normal termination.

    Anyway, our collection of useless iPhones grows each week, which is a shame, because with Blackberries (and iPhones prior to iOS 7) we were able to keep older ones around to re-deploy and use as spares.

    I think the Activation lock is a great idea to quell the rampant iPhone theft out there. But there needs to be some sort of Enterprise workaround; all I’m asking for is something like a remote wipe through ActiveSync or the like.

    • koruki

      Or the company could get the phone checked upon returning? If an employee returned the phone and the battery from it was missing what happens? It shouldn’t be too hard to add a extra instruction to check if it’s been deactivated?

  • John9870

    The company phone issue can be addressed. Hold all severance or final paychecks until the iphone is unlocked. If they don’t comply, then keep the $600 and send the employee the iphone. Hello!

  • Annie Haberman

    YES. This is messed up. As we speak, I have a coworker that cannot use his phone. He let some random girl use his phone the other day and she must have signed into her icloud account from his phone and reported her phone missing. Well, her apple id synced on his phone and now he can’t access anything on his phone. The activation lock pops up when you turn the phone on. He has been to the phone carrier and to apple multiple times – with the receipt for the phone and all necessary materials. They are still saying there is nothing he can do unless he contacts the girl and has her enter her apple account info to remove his device. That is whacked. At this point, have to either smash the fkn thing or report it missing and get a new phone through insurance.

  • Blaket81

    I am in complete agreement of this article. My company just recently experienced this as well. It is absolutely absurd and ridiculous! All this feature is doing is allowing an exploit in which people can basically take ownership of something that doesn’t belong to them! It is only accomplishing the opposite of what it is supposed to. Who cares if someone steals your iDevice and then can’t use it, it doesn’t do you a hill of beans because it doesn’t bring your device back to you anyway! Personally all i would care about is getting my stolen device back, if i never get it back why would i care what happens to it? As long as i can wipe it remotely so no personal information is on it, but that’s a seperate feature. What gives apple the right to put companies in this position? To those people saying hold back paychecks and severences, just listen to yourselves, why should there even be a scenario where a company is put in this position, to have to appear this petty. This is one of the the most stupid, asanine and dangerous features to ever be invented. Anyone that believes apple isn’t benefitting from this is naive. If you become a victim of this feature what do you do, you go buy another one and apple makes more money. I don’t know about everyone else but i’m tired of apple turning the world into puppets.

    • koruki

      It’s there to deter theft before it happens. How do you become a victim of this? and dangerous? really? Yesterda it was Apple isn’t doing enough to deter theft, tomorrow its Apple wants you to brick your own phone by buying it and giving it to someone and when asking for it back NOT check that its been deactivated.

  • koruki

    7 months later, disaster nowhere to be seen

  • Milchelle Marcano

    Here’s a link to my NIGHTMARE too much to retype;)

    https://discussions.apple.com/message/25685166#25685166

  • Robin Gino

    i say let the courts decide. My iphone is activation locked even though it has not been reported lost or stolen. We need a class action law suit to fight for the iphone users that have a bricked iphone because of this everyone is a thief mentality!!!!

  • Debbie Lewis

    This is a giant pain in the ass for me and my small business. We had to fire an employee. I checked in his iPad and iPhone and went through my normal process to wipe them and reset it. Well this time it didn’t work since he has linked his iPad to his personal iCloud account. Imagine my surprise when I call in for help and am told I need the original proof of purchase and that proving it’s been on my business account for 24 months is not actually proof. I got suggestions like, call the employee and ask for the pass code or you should have made him unlock it while he was there… yeah sure, I’ll call the guy I just fired and he’ll be more than happy to help me. There is no way to disable or turn off this feature and now I need to beg Apple to help me wipe the the iPad we legitimately bought and own.

About the author

Mike ElganMike Elgan writes about technology and culture for a wide variety of publications. Follow Mike on Google+, Facebook and Twitter.

(sorry, you need Javascript to see this e-mail address)| Read more posts by .

Posted in Apple, iOS, iPhone, Opinions, Top stories |