Apple Makes It More Difficult for Crooks and Cops To Look at Your Phone

A change in the latest iPhone operating system makes it much more difficult for snoops of all sorts—including the snoops in law enforcement—to take a peek at people's phones.

Cops Locked Out

404 Media first reported on this phenomenon last week, in a story headlined "Police Freak Out at iPhones Mysteriously Rebooting Themselves, Locking Cops Out." Reportedly, Detroit police storing iPhones for later forensic examination sent out a memo explaining that the phones were "somehow rebooting themselves, returning the devices to a state that makes them much harder to unlock."

The document says it is meant "to spread awareness of a situation involving iPhones, which is causing iPhones devices to reboot in a short amount of time (obsess rations are possibly within 24 hours) when removed from a cellular network. If the phone was in an After First Unlock (AFU) state, the device returns to a Before First Unlock (BFU) state after the reboot. This can be very detrimental to the acquisition of digital evidence from devices that are not supported in any state outside of AFU."

Matthew Green, who teaches cryptography at Johns Hopkins University, told 404 Media that he would be surprised if this was a deliberate choice by Apple. "The idea that phones should reboot periodically after an extended period with no network is absolutely brilliant and I'm amazed if indeed Apple did it on purpose," Green said.

But Apple did, indeed, introduce this feature on purpose, according to multiple experts. Yet it seems to have nothing to do with whether a phone is connected to a network.

'A Cheap and Great Mitigation'

Jiska Classen, a researcher with Germany's Hasso Plattner Institute for Digital Engineering, looked at the code involved in Apple's new iOS 18.1 operating system, which was rolled out in October. Classen found an "inactivity reboot," which "seems to have nothing to do with phone/wireless network state."

The inactivity reboot code stipulates that iPhones should automatically reboot themselves after a certain amount of inactivity time. "After four days of a device being unused and locked, inactivity reboot kicks in and reboots the iPhone," reports Mashable.

"This is a cheap & great mitigation!" commented Classen. "While most people won't have their phone forensically analyzed, many more will have their devices stolen. It protects user data in both cases."

More secure iphones are of course bad news for would-be spies of all sorts, not just those in law enforcement. There's something delicious about both crooks and cops (but I repeat myself?) discovering that they're automatically locked out of people's devices.

Come Back With a Warrant

Some people have fretted about how this update will impede police investigations. But police should still be able to obtain certain sorts of data—like call logs and cloud-stored images—from other sources, with the proper legwork and warrants involved. And it seems like they should also still be able to obtain data directly from the device if they have the user's passcode, since the inactivity reboot doesn't wipe the device but simply returns it to the "before first unlock" state.

"In a BFU state, information located on the device is securely encrypted and inaccessible," according to the Dakota State University's Digital Forensics Lab blog. "Upon entering the correct passcode of a device in the BFU state, an encryption key is generated to unlock the filesystem and the contents contained within it. This changes a device's lock state from BFU to After First Unlock, or AFU."

So the inactivity reboot feature seems like it will mostly be effective at stopping thieves from accessing iPhone data and stopping police from accessing data without the proper permissions and probable cause—not make it impossible for police to access phone data in any situation. This is a good thing for due process and accountability.

"Police can seize your device before they get a warrant and if they have the passcode nothing stops them from performing an off-the-record search—even if they might be later prevented from introducing that information in court," noted Patrick Eddington and James Craven in a recent Reason piece about police and passcodes. "Once police get warrants to perform specific searches—which courts regularly grant—they often retain smartphones far longer than needed to execute the narrow bounds of the warrant. They may try to introduce the evidence they 'coincidentally' discovered, even if it falls outside the warrant's scope," which "gives police and prosecutors a lot of leverage."

That dynamic changes "when police don't have your password," Eddington and Craven point out. "While law enforcement might eventually succeed in petitioning courts to make you unlock your device, you could thwart their petition by offering to provide your password to a trusted third party instead. This auditor would watch police searches to ensure they stay within a warrant's borders, preventing curious cops from reading the messy details of your last breakup and keeping your password out of police custody."

Some specifics about the inactivity reboot are still unclear, including whether it's applicable only on phones running the new 18.1 operating system. In the memo obtained by 404 Media, "police were specific that the iPhones they had were running iOS 18, not 18.1," notes Forbes tech writer David Phelan.

In any event, the inactivity reboot "is similar to a feature found on Macs," points out Apple Insider. "The Mac version, known as 'hibernation mode,' saves the state of the device to disk when put to sleep, in case the power fails or the battery runs out before the user can return to the machine. By flushing the last state of the device, iPhone users are better protected from forensic searches by law enforcement or other entities. The change also makes it more difficult for anyone to break into the device using brute-force or other methods."

More Sex & Tech News 

• Meta CEO Mark Zuckerberg can't be held personally liable in lawsuits accusing his company of being purposefully "addictive" to children, a U.S. judge has ruled. "The decision dismisses Zuckerberg as an individual defendant without affecting claims against Meta as a company," Bloomberg News reports. "The cases naming Zuckerberg are a small subset of a collection of more than 1,000 suits in state and federal courts in California by families and public school districts against Meta along with Alphabet Inc.'s Google, ByteDance Ltd.'s TikTok, and Snap Inc., owner of the Snapchat platform."

• The Studies Show podcast takes a skeptical look at the idea that smartphones are causing a youth mental health crisis.

• "Australia's states and territories on Friday unanimously backed a national plan to require most forms of social media to bar children younger than 16," according to the Associated Press.

Today's Image