Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

iphonefreak450

macrumors 6502a
Original poster
Dec 14, 2014
809
146
I am running iOS 9.3 now, I was just curious as to why Apple still leaves Erase Data to OFF by default when this can be a great security feature.

I work for a defense contractor and I have some stuff on there that's sensitive.
Would it be wise to turn Erase Data after 10 failed passcode attempts?

Just asking this, because Apple somehow leaves this option disabled by default on each iOS versions for some odd strange reason.

But that's my main question here, why does Apple leave this feature disabled by default?

Thanks in advance
 
So for people like me who are defense contractors or working for a large corporation who have sensitive data, then would it be wise to have Erase Data to be enabled?

The phone that I have is not an issued phone, its my own phone.
 
I am running iOS 9.3 now, I was just curious as to why Apple still leaves Erase Data to OFF by default when this can be a great security feature.

I work for a defense contractor and I have some stuff on there that's sensitive.
Would it be wise to turn Erase Data after 10 failed passcode attempts?

Just asking this, because Apple somehow leaves this option disabled by default on each iOS versions for some odd strange reason.

But that's my main question here, why does Apple leave this feature disabled by default?

Thanks in advance

Although a 10 try failed attempt phone wipe is a great way to protect your data you need to take into consideration:

Some users don't login to iCloud or have backups. An accidental wipe would make them lose all their data.
Many parents have kids who get their hands on their iPhones and pound away on the passcode screen. Another disaster waiting to happen. A family member was locked out of her phone for 24 hours because her kid got a hold of her phone and she didn't know.
 
  • Like
Reactions: NoBoMac
So for people like me who are defense contractors or working for a large corporation who have sensitive data, then would it be wise to have Erase Data to be enabled?

The phone that I have is not an issued phone, its my own phone.
If you have sensitive data on your phone then the answer is an unequivocal YES. I would hate for whatever data you have on your phone falling into the wrong hands.
 
  • Like
Reactions: NoBoMac
Additionally to enabling erase, use something a lot stronger than the 4-digit PIN passcode. Ideally, something long and difficult for a dictionary crack to get. As seen with the FBI and the San Bernadino iPhone, there could be a security weakness that makes guessing simple passcodes, maybe not simple, but doable, even with more recent OS and hardware.
 
Having this feature ON by default...isn't the wisest of moves.

I'm glad Apple doesn't.

If people like you believe differently...I shudder to think what else you would change because you can't _think_.
 
If you have sensitive data on your phone then the answer is an unequivocal YES. I would hate for whatever data you have on your phone falling into the wrong hands.
One can't help but wonder what type of "sensitive data" government Intel would allow on a personal device unless their name is Hillary. That being said maybe a . gov account is in order. Just an observation on this subject.
 
  • Like
Reactions: ABC5S
So for people like me who are defense contractors or working for a large corporation who have sensitive data, then would it be wise to have Erase Data to be enabled?

The phone that I have is not an issued phone, its my own phone.
If it was an issued phone then it would be set up using an exchange account and locked down.

Off by default is the smarter move for the average user.
 
So for people like me who are defense contractors or working for a large corporation who have sensitive data, then would it be wise to have Erase Data to be enabled?

The phone that I have is not an issued phone, its my own phone.

Or just don't carry any data on your phone, which would be embarrassing for you if seen by others.
 
Your company should have an Exchange policy that enforces it really. Mine does and it wipes after just 8 attempts. This is my personal phone not an issued one I'm talking about. If your company haven't set that up its their fault really.
 
So for people like me who are defense contractors or working for a large corporation who have sensitive data, then would it be wise to have Erase Data to be enabled?

The phone that I have is not an issued phone, its my own phone.

well you are asking "why does apple not have this on by default" so you probably answered your own question :p
 
I don't have really sensitive data stored on device other than a few bank card apps. But I turn it on.
Think one day your phone is stolen and you don't turn it on. Some thieves could allegedly guess your passcode for 10-15 attempts in order to see your data. Although, most thieves will just find a way to turn off Find iPhone and DFU it in order to sell with a high price.
 
So suppose if I turn off Erase Data option under the Passcode and Security section, what's the actual default failed passcode attempts for iOS 9?

And what does the phone actually do?
Does it then become disabled after certain amount of minutes?
Does the phone become disabled and unusable but WITHOUT wiping the data contents?
 
Does it then become disabled after certain amount of minutes?
Does the phone become disabled and unusable but WITHOUT wiping the data contents?
For Q1, this is sure. If you attempt wrong passcode combinations too many times, from the 4th times, I think, iPhone will be disabled for a few minutes, or even hours if you still cannot enter correct passcode.
For Q2, uh, maybe, iPhone will be disabled almost indefinitely after too many failed attempts but the data would still be there. I guess.
 
As for "does phone become disabled and unusable", not "maybe", but "sorta".

As Armen pointed out, after 9 attempts entering a passcode, one has to wait one hour before they can try again. Makes it tough to try again, but...

Related, the latest MDM security hole (seen similar ones in the past: one from last year, and there was at least another one I recall where vulnerability along with Apple's debug tools on the device exposed the user's filesystem for dumping meta data related to the filesystem [bad guy/gal gets sync keys from MDM software or target's iTunes and mimics trusted tool]), though not easy to pull off, can be done, especially in light of that even though encryption is set, depending on the app in question and their assigned "security profile" (Data Protection Class" in Apple-ese), the data might be accessible without having to re-enter one's passcode again. One flaw leading to another flaw etc that exposes one's info.

Apple security white paper, for those wanting to get a better idea of how it all works:

https://www.apple.com/business/docs/iOS_Security_Guide.pdf
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.