Erase Data option for Passcode failed attempts is Off by Default? Why?

Discussion in 'iOS 9' started by iphonefreak450, Apr 2, 2016.

  1. iphonefreak450 macrumors regular

    Joined:
    Dec 14, 2014
    #1
    I am running iOS 9.3 now, I was just curious as to why Apple still leaves Erase Data to OFF by default when this can be a great security feature.

    I work for a defense contractor and I have some stuff on there that's sensitive.
    Would it be wise to turn Erase Data after 10 failed passcode attempts?

    Just asking this, because Apple somehow leaves this option disabled by default on each iOS versions for some odd strange reason.

    But that's my main question here, why does Apple leave this feature disabled by default?

    Thanks in advance
     
  2. adamhenry macrumors 65816

    adamhenry

    Joined:
    Jan 1, 2015
    Location:
    On the Beach
    #2
    Some people let their kids play with their phone. That feature would be a disaster waiting to happen for them.
     
  3. iphonefreak450 thread starter macrumors regular

    Joined:
    Dec 14, 2014
    #3
    So for people like me who are defense contractors or working for a large corporation who have sensitive data, then would it be wise to have Erase Data to be enabled?

    The phone that I have is not an issued phone, its my own phone.
     
  4. Armen macrumors 604

    Armen

    Joined:
    Apr 30, 2013
    Location:
    127.0.0.1
    #4
    Although a 10 try failed attempt phone wipe is a great way to protect your data you need to take into consideration:

    Some users don't login to iCloud or have backups. An accidental wipe would make them lose all their data.
    Many parents have kids who get their hands on their iPhones and pound away on the passcode screen. Another disaster waiting to happen. A family member was locked out of her phone for 24 hours because her kid got a hold of her phone and she didn't know.
     
  5. Heat_Fan89 macrumors regular

    Joined:
    Feb 23, 2016
    #5
    If you have sensitive data on your phone then the answer is an unequivocal YES. I would hate for whatever data you have on your phone falling into the wrong hands.
     
  6. NoBoMac macrumors 6502a

    Joined:
    Jul 1, 2014
    #6
    Additionally to enabling erase, use something a lot stronger than the 4-digit PIN passcode. Ideally, something long and difficult for a dictionary crack to get. As seen with the FBI and the San Bernadino iPhone, there could be a security weakness that makes guessing simple passcodes, maybe not simple, but doable, even with more recent OS and hardware.
     
  7. iphonefreak450 thread starter macrumors regular

    Joined:
    Dec 14, 2014
    #7
    iOS 9 has 6 pin requirement now instead of 4
     
  8. bufffilm Suspended

    bufffilm

    Joined:
    May 3, 2011
    #8
    Having this feature ON by default...isn't the wisest of moves.

    I'm glad Apple doesn't.

    If people like you believe differently...I shudder to think what else you would change because you can't _think_.
     
  9. AddisonIII macrumors regular

    Joined:
    May 8, 2013
    #9
    One can't help but wonder what type of "sensitive data" government Intel would allow on a personal device unless their name is Hillary. That being said maybe a . gov account is in order. Just an observation on this subject.
     
  10. Nermal Moderator

    Nermal

    Staff Member

    Joined:
    Dec 7, 2002
    Location:
    New Zealand
    #10
    It's an option, not a requirement.
     
  11. Gav2k macrumors G3

    Gav2k

    Joined:
    Jul 24, 2009
    #11
    If it was an issued phone then it would be set up using an exchange account and locked down.

    Off by default is the smarter move for the average user.
     
  12. electronicsguy macrumors 6502a

    electronicsguy

    Joined:
    Oct 12, 2015
    Location:
    Pune, India
    #12
    Or just don't carry any data on your phone, which would be embarrassing for you if seen by others.
     
  13. GreyOS macrumors 68030

    GreyOS

    Joined:
    Apr 12, 2012
    #13
    Your company should have an Exchange policy that enforces it really. Mine does and it wipes after just 8 attempts. This is my personal phone not an issued one I'm talking about. If your company haven't set that up its their fault really.
     
  14. saudor macrumors 6502

    Joined:
    Jul 18, 2011
    #14
    well you are asking "why does apple not have this on by default" so you probably answered your own question :p
     
  15. Shirasaki macrumors 603

    Shirasaki

    Joined:
    May 16, 2015
    #15
    I don't have really sensitive data stored on device other than a few bank card apps. But I turn it on.
    Think one day your phone is stolen and you don't turn it on. Some thieves could allegedly guess your passcode for 10-15 attempts in order to see your data. Although, most thieves will just find a way to turn off Find iPhone and DFU it in order to sell with a high price.
     
  16. iphonefreak450 thread starter macrumors regular

    Joined:
    Dec 14, 2014
    #16
    So suppose if I turn off Erase Data option under the Passcode and Security section, what's the actual default failed passcode attempts for iOS 9?

    And what does the phone actually do?
    Does it then become disabled after certain amount of minutes?
    Does the phone become disabled and unusable but WITHOUT wiping the data contents?
     
  17. Shirasaki macrumors 603

    Shirasaki

    Joined:
    May 16, 2015
    #17
    For Q1, this is sure. If you attempt wrong passcode combinations too many times, from the 4th times, I think, iPhone will be disabled for a few minutes, or even hours if you still cannot enter correct passcode.
    For Q2, uh, maybe, iPhone will be disabled almost indefinitely after too many failed attempts but the data would still be there. I guess.
     
  18. NoBoMac macrumors 6502a

    Joined:
    Jul 1, 2014
    #18
    As for "does phone become disabled and unusable", not "maybe", but "sorta".

    As Armen pointed out, after 9 attempts entering a passcode, one has to wait one hour before they can try again. Makes it tough to try again, but...

    Related, the latest MDM security hole (seen similar ones in the past: one from last year, and there was at least another one I recall where vulnerability along with Apple's debug tools on the device exposed the user's filesystem for dumping meta data related to the filesystem [bad guy/gal gets sync keys from MDM software or target's iTunes and mimics trusted tool]), though not easy to pull off, can be done, especially in light of that even though encryption is set, depending on the app in question and their assigned "security profile" (Data Protection Class" in Apple-ese), the data might be accessible without having to re-enter one's passcode again. One flaw leading to another flaw etc that exposes one's info.

    Apple security white paper, for those wanting to get a better idea of how it all works:

    https://www.apple.com/business/docs/iOS_Security_Guide.pdf
     

Share This Page