A colleague at work sent me this link back in September:
Why iOS 7’s Activation Lock Is a Disaster Waiting to Happen
Short version: Bad Things can happen if you don’t control the Apple ID used in the iCloud settings on your iPhone.
This relevant to any IT department that issues iPhones to its employees. Consider this scenario:
- employee returns company device to IT
- IT staff prepare to deploy device to new employee
- device prompts for unknown Passcode or Apple ID password
With iOS 6, it was possible to erase and restore an iPhone locked with an unknown Passcode or Apple ID password. Now, the Activation Lock feature forces you to enter the password for the previous user’s Apple ID before you can use the device.
Activation Lock may be a win for security but it’s a potential problem for any IT department that has to manage a fleet of iPhones.
I spoke to Apple support to get more information about Activation Lock. Here are some things I learned:
- Activation Lock is enabled whenever ‘Find My iPhone’ feature is on
- Activation Lock is liked to the Apple ID entered in iCloud settings (i.e. not the Apple ID in App Store and iTunes settings)
- users can have more than one Apple ID set up in App Store and iTunes
- user can disable Activation Lock by turning off ‘Find My iPhone’
- user can disable Activation Lock by logging in to iCloud.com and removing device from ‘Find My iPhone’
- there is no ‘back door’ for IT (or Apple) to disable Activation Lock
Suggestions for IT departments:
- tell Apple why this is a problem for your company
- ensure that users set up iCloud accounts using work email address
- suggest that users reset iPhone or turn off ‘Find My iPhone’ feature before returning to IT
One nightmare scenario for IT: a terminated employee returns his device but refuses to unlock it. The company can’t redeploy without his help. (Of course, there’s no technical solution for disgruntled users. There are easier and less obvious ways to ruin an iPhone before , like immersing in water.)