Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Huge design flaws (IMO) with Find My iPhone

J

JulianL

macrumors 68000
Original poster
Feb 2, 2010
1,723
733
London, UK
I just signed up to the free Find My iPhone service and tested it and I've found something that has really surprised me.

I've just successfully enabled Find My iPhone on my iPhone 4 and I immediately logged onto my MobileMe account from my PC to test it. Because I only have the free account it took me straight to the Find My iPhone page where I saw a map of the world with a pop-up dialog box on the middle of the page that said something like "Locating your iPhone...". It stuck at that point for maybe two minutes and then the "Locating your iPhone..." message got relaced by a red "Location services not enabled" message. I then went to my phone and enabled location services and then hit the refresh button at the top of the MobileMe web page on my PC and within seconds the map changed to a zoom in of my local street with a blue dot where I was. I was then able to send a test message to my phone.

The above seems to pretty conclusively prove to me that the service needs to have location services enabled in order to work; I'm pretty staggered by this. This is supposed to be a service to keep one's iPhone or iPad safe but all that is needed for a thief to circumvent it is for them to turn off location services! That's crazy. This service is burried deep within iOS so surely it would be trivial to allow it to access the location services even if the user setting is set to off. I know that Apple are very vocal about how they protect the user's security but they could put a big clear message in the setup procedure so that whenever the Find My iPhone service is enabled in the Settings app it explicitly warns the user "This service will still have access to your location, even if you have location services turned off within Settings. Only proceed if you are happy with this. Apple won't share with anyone else, all other apps subject to normal controls, etc, etc".

Admittedly turning off location services only blocks the feature to locate the phone, I was able to send a message to it even with location services off, but all a thief needs to do to completely disable all the features is to go to the MobileMe account setup in Settings and turn off the entire Find My iPhone service from there. Surely Apple should provide the ability to set a PIN code to protect the enable/disable for this critical security service.

I know that a lot of people will say that people should have a PIN set for the main iPhone lock but some people who use the device a lot for apps, note taking, etc (like me) want instant access to the device and don't want to have to type in a PIN every time. Apple seem to explicitly acknowledge this class of user with the Find My iPhone features because one of the things it can do is remotely set a lock code which is a great feature but if the whole thing can be disabled so easily then it just doesn't seem worth it.

So those are my complaints about the service:

1) It should be possible to password protect the ability to switch off the service.

2) There should be a way for the user to explicitly grant permission for the service to use location services, solely for the purpose of the Find My iPhone service reporting its location, even if the main location services setting within the Settings app is set to off.

I will be emailing my suggestion to Apple but I wonder if people agree with me, or if I've somehow missed the place(s) where I can set up the above in the current (iOS 4.2.1) software.

- Julian
 
Wirelessly posted (iPhone 4: Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_2_1 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8C148 Safari/6533.18.5)

I sort of see your point, but if someone has access to your phone to turn off location services, they can just as easily disable find my iPhone from within the MobileMe setup.

I'm actually happy that Apple don't have a backdoor to location services and that if you turn access to location services off, then nothing has access to your device's location.
 
I think that when using the locate my iPhone feature, the carrier automatically activates the location service through the 3G connection. Makes sense.
 
I am glad to see that you are letting Apple know of your issue with Find My iPhone. So many people come on here with a problem and never let Apple know of it. What are they supposed to do read the entries in every web site forum that may pertain to one of their products?

That being said, I do not believe that there is any sort of HUGE (capitalized for emphasis) Design Flaw. It may not work the way you wish it would but that is all. You could call it a design flaw but certainly not a huge one.

I agree that it would be neat to have the location services on/off protected by a password, but the vast majority of thieves will not know how to turn it off or remember to do it until to late anyway.

I've used MobileMe and the Find My iPhone feature many times since I first got my iPhone 3GS and now with my iPhone 4, and have never had any problems with it. It seems to be even more accurate now with iOS 4.2, as it tries to pinpoint the room in my condo where the phone is.
 
Phil A. said:
I sort of see your point, but if someone has access to your phone to turn off location services, they can just as easily disable find my iPhone from within the MobileMe setup.
Click to expand...
Yeah. I did go on to complain about the ability to switch the whole thing off, as you describe, in my 4th paragraph.

Phil A. said:
I'm actually happy that Apple don't have a backdoor to location services and that if you turn access to location services off, then nothing has access to your device's location.
Click to expand...
I see your point on that one. Maybe in the setup for Find My iPhone there should be two settings, the global On/Off switch but also an "Always allow the Find My iPhone service unconditional access to location services". When the second option is set to "Off" then the service obeys the main Location Services setting (like now) and when its set to "On" the service will ignore the global Location Services setting and grab the data anyway. I could set that second option to "On" and you could set it to "Off" and we'd both be happy.

- Julian
 
Apple never advertised it as a service to find stolen iPhones, they advertised it as a service to find lost iPhones. It doesn't matter how much they protect the settings, all the thief has to do is turn the phone off.
 
JulianL said:
Yeah. I did go on to complain about the ability to switch the whole thing off, as you describe, in my 4th paragraph.


I see your point on that one. Maybe in the setup for Find My iPhone there should be two settings, the global On/Off switch but also an "Always allow the Find My iPhone service unconditional access to location services". When the second option is set to "Off" then the service obeys the main Location Services setting (like now) and when its set to "On" the service will ignore the global Location Services setting and grab the data anyway. I could set that second option to "On" and you could set it to "Off" and we'd both be happy.

- Julian
Click to expand...

But even if you had that thieves could easily just turn the phone off, disconnect it from the internet, restore it, etc.
 
Runt888 said:
Apple never advertised it as a service to find stolen iPhones, they advertised it as a service to find lost iPhones. It doesn't matter how much they protect the settings, all the thief has to do is turn the phone off.
Click to expand...
Good point. My thread title is wrong because I was coming at this based on my assumption that this service was being promoted as helping with a theft but if Apple is being careful to only promote it for lost phones then it was inappropriate of me to claim these are design flaws.

I do still think that my points would be useful enhancements but I accept the collective wisdom coming out here from people like you and Tom G. that these are not design flaws.

- Julian
 
If you dont put password for the sake of fast productivity than protection, then it is the risk you are taking. Geek thieves can turn off the phone and restore at home too.
 
Givmeabrek said:
Just put in a passcode to lock your phone. Good grief..... :eek:
Click to expand...

For reals. The hyperbole of the title is funny. "Huge" design flaw. I think we all have tweaks we would like, but the way you frame it makes a lot of difference.

Edit: I think we were posting at the same time. Just saw your above post. There's also a feature with the lock where u can make ur passcode lock independent of your screen lock so you don't have to enter in ur passcode all the time.
 
I stopped reading here
I know that a lot of people will say that people should have a PIN set for the main iPhone lock but some people who use the device a lot for apps, note taking, etc (like me) want instant access to the device and don't want to have to type in a PIN every time. Apple seem to explicitly acknowledge this class of user with the Find My iPhone features because one of the things it can do is remotely set a lock code which is a great feature but if the whole thing can be disabled so easily then it just doesn't seem worth it.
Click to expand...

you don't deserve to moan about security if you're too lazy to set a phone lock.

You can have the best security system in the world, but you're a dumbass if you leave the front door unlocked
 
ItsJustafnPhone said:
I stopped reading here


you don't deserve to moan about security if you're too lazy to set a phone lock.

You can have the best security system in the world, but you're a dumbass if you leave the front door unlocked
Click to expand...
Actually I do, on the stuff I care about. Any sensitive data on my phone is in AES-256 databases that are password protected and it's a PAYG phone so exposure there is limited to my PAYG balance. I really don't care if someone accesses my music, my ebooks, my games, my maps, my calculator and other utilities, or my non-sensitive notes so why put the global lock in the way of those?

- Julian
 
JulianL said:
I just signed up to the free Find My iPhone service and tested it and I've found something that has really surprised me.

I've just successfully enabled Find My iPhone on my iPhone 4 and I immediately logged onto my MobileMe account from my PC to test it. Because I only have the free account it took me straight to the Find My iPhone page where I saw a map of the world with a pop-up dialog box on the middle of the page that said something like "Locating your iPhone...". It stuck at that point for maybe two minutes and then the "Locating your iPhone..." message got relaced by a red "Location services not enabled" message. I then went to my phone and enabled location services and then hit the refresh button at the top of the MobileMe web page on my PC and within seconds the map changed to a zoom in of my local street with a blue dot where I was. I was then able to send a test message to my phone.

The above seems to pretty conclusively prove to me that the service needs to have location services enabled in order to work; I'm pretty staggered by this. This is supposed to be a service to keep one's iPhone or iPad safe but all that is needed for a thief to circumvent it is for them to turn off location services! That's crazy. This service is burried deep within iOS so surely it would be trivial to allow it to access the location services even if the user setting is set to off. I know that Apple are very vocal about how they protect the user's security but they could put a big clear message in the setup procedure so that whenever the Find My iPhone service is enabled in the Settings app it explicitly warns the user "This service will still have access to your location, even if you have location services turned off within Settings. Only proceed if you are happy with this. Apple won't share with anyone else, all other apps subject to normal controls, etc, etc".

Admittedly turning off location services only blocks the feature to locate the phone, I was able to send a message to it even with location services off, but all a thief needs to do to completely disable all the features is to go to the MobileMe account setup in Settings and turn off the entire Find My iPhone service from there. Surely Apple should provide the ability to set a PIN code to protect the enable/disable for this critical security service.

I know that a lot of people will say that people should have a PIN set for the main iPhone lock but some people who use the device a lot for apps, note taking, etc (like me) want instant access to the device and don't want to have to type in a PIN every time. Apple seem to explicitly acknowledge this class of user with the Find My iPhone features because one of the things it can do is remotely set a lock code which is a great feature but if the whole thing can be disabled so easily then it just doesn't seem worth it.

So those are my complaints about the service:

1) It should be possible to password protect the ability to switch off the service.

2) There should be a way for the user to explicitly grant permission for the service to use location services, solely for the purpose of the Find My iPhone service reporting its location, even if the main location services setting within the Settings app is set to off.

I will be emailing my suggestion to Apple but I wonder if people agree with me, or if I've somehow missed the place(s) where I can set up the above in the current (iOS 4.2.1) software.

- Julian
Click to expand...


DOes the phonelock fix that problem ?
________
Yamaha xs360
 
Last edited:
yea u shouldn't be able to disable it, regardless the tittle was a little misleading but ur point is defiantly a serious problem. regardless it is a defiantly a awesome service. like the other day i went into my parents bedroom and i set my phone down on the black ruffled comforter, i left it there and i couldn't find it when i needed it. so i logged on and sent it a message and the locating noise went off and i found it right away. so as stupid as i was it was very useful.
 
I just went into restrictions and made it so you can't turn off the GPS or delete email accounts. They would need the password to disable it.

Also leaving location services on has no effect on my battery as long as I'm not using it at the time. I have tried it with it turned off and on (without using it) and battery was the same. I think it used to be with the older firmwares that the GPS would drain a bit more battery but now it looks like it's only when something is using it. It shuts down completely in between uses.
 
JulianL said:
1) It should be possible to password protect the ability to switch off the service.

- Julian
Click to expand...

I made this argument months ago that I would like password protection on certain security aspects of the phone like location services and specifically the find my iPhone toggle.

I was basically told to shut up and that the thief could simply remove the SIM (maybe this is why Apple wanted to integrate the SIM in next iPhone?)

Something so integral to security shouldn't be so simple to disable.

Edit:
Ah it seems now that you can password protect you account and GPS (when was that officially introduced?)
 
JulianL said:
Actually I do, on the stuff I care about. Any sensitive data on my phone is in AES-256 databases that are password protected and it's a PAYG phone so exposure there is limited to my PAYG balance. I really don't care if someone accesses my music, my ebooks, my games, my maps, my calculator and other utilities, or my non-sensitive notes so why put the global lock in the way of those?

- Julian
Click to expand...
you're not impressing anyone
you clearly don't work in a very secure environment, otherwise your company would have clear guidelines that state any device that carries/transmits/receives sensitive information Must have a password /keylock
 
JulianL said:
Actually I do, on the stuff I care about. Any sensitive data on my phone is in AES-256 databases that are password protected and it's a PAYG phone so exposure there is limited to my PAYG balance. I really don't care if someone accesses my music, my ebooks, my games, my maps, my calculator and other utilities, or my non-sensitive notes so why put the global lock in the way of those?

- Julian
Click to expand...

Agreed.

I don't need incredible security on my phone, there's simply nothing on it that I care about that much.

It does confuse me why the feature can be turned off so easily.


ItsJustafnPhone said:
you're not impressing anyone
you clearly don't work in a very secure environment, otherwise your company would have clear guidelines that state any device that carries/transmits/receives sensitive information Must have a password /keylock
Click to expand...

...and these people rely on MobileMe!?
 
ItsJustafnPhone said:
I stopped reading here


you don't deserve to moan about security if you're too lazy to set a phone lock.

You can have the best security system in the world, but you're a dumbass if you leave the front door unlocked
Click to expand...

Exactly.
I want alot of security too but I dont feel like locking my car doors or my home door.
You know its too much work, I like to get in and out quick:rolleyes:
 
ItsJustafnPhone said:
you're not impressing anyone
you clearly don't work in a very secure environment, otherwise your company would have clear guidelines that state any device that carries/transmits/receives sensitive information Must have a password /keylock
Click to expand...
I'm not trying to impress anyone but you're certainly confusing me. I found your first post overly aggressive and was close to responding in kind but I thought that I'd look at some of your other posts and see if you were as personally abusive and un-necessarily combatitive with everyone. I then found this post (https://forums.macrumors.com/showthread.php?p=11476545&highlight) and thought it was exactly the sort of thing I would have said (although even that post had an aggressive tone to it). You appear to be a good and honest person with a sound moral code, something that seems to be becoming rarer and rarer nowadays. You talk about "chivalry and kindness to strangers" and yet you seem unable to debate issues without making personal attacks and extreme rhetoric. I'm a stranger and you seem to be treating me with very little civility let alone kindness. I'm confused.

Anyway, just FYI, my phone is entirely for personal use so I have no company policy to adhere to. I also don't have push or fetch email set up; it's personal and I'm not that important. If I'm really expecting an email then it's gmail so I log onto the web interface with a browser, check my email, and then log off again.

- Julian
 
Dr Kevorkian94 said:
... regardless it is a defiantly a awesome service...
Click to expand...
I agree. Regardless of whether I and others think that it could be improved, it's already an awesome feature as it is; a really clever, innovative and useful feature that differentiates the iPhone from the competitors. (Does any other phone have anything similar?)

- Julian
 
you should be able to like brick the phone if its stolen or like completely shut it down and disable itunes from recognizing it so the thief wouldnt be able to use it.

then if they take it to the apple store, unless they have id that matches the info of the phone # its tied to, the store wont fix or will return to rightful owner or let them know
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back