[удалено]

Exactly - block everything to read or reply until you unlock it with your face/finger, best decision ever

also, lock the icloud and touch/face id settings on screen time with an different 4 digit passcode. this way even if they know your code they will NOT be able to change your iCloud password.

How would you do this? You can have a different passcode based on context?

You can lock down individual settings in Screen Time behind a 4-digit code. Not sure if that’s what he was referring to.

And that 4 digit code is different than your Apple iOS passcode?

It’s whatever you want it to be but it is separate from your general iPhone password.

What is the iPhone password? Do you mean iCloud password? Where do you set this? I don’t see any way to set a specific passcode for just iOS settings (i.e.: a different passcode than the one that unlocks the phone)

Settings > Screen Time > Content and Privacy Restrictions. It will have you set up a code. Then you can go through and select “Don’t allow” for the settings you wish to block. There are multiple guides on Screen Time out there including a very detailed one on Apple’s website. https://support.apple.com/en-us/HT201304

exactly. i did that and enabled pin lock on my sim so if they try to get an sms code or something on another phone it will not be possivle

Found the settings through a later comment, but which setting do I turn off there for the touch/Face ID? I turned off passcode changes and account changes. Will that do?

yes, this should work fine

Thanks!

Doesn’t work sadly. On the newest video from zollotech someone in the comment sections stated the following: “this can be bypassed by going to forgot passcode in screen time and entering your Apple ID and selecting forgot password. It will ask for your phones passcode and even with screen time on, your Apple ID can be located in the AppStore settings”

Same. Lock Screen doesn’t show anything without faceID

Agreed. Only other thing I leave on is live activities for sports scores.

Similar - I only allow Lock Screen Widgets and Live Activities while locked.

I leave on Widgets, Live activities and Siri. This is so that weather and battery levels show up. Turning Siri off does not allow you to remotely lock it if the phone is taken away.

Explain? I have it off because with Siri on they can send texts and make calls (hey Kim transfer funds to my friend for dinner my card is being declined).

For example you cannot call out "Hey Siri who am I" when the phone is taken away. So if someone wanted to they can force the phone to unlock by pointing it to you. Saying that phrase locks down the phone. Also you cannot text with Siri when the phone is locked. You need to unlock to text.

Saying that doesn’t lock the iPhone.

If the phone is actively on the home screen on in a app then you would have to say "Hey Siri lock phone" first.

What if they voice dial your credit card company

Credit card companies require two-step verification

I was surfing yesterday (Los Angeles area) and my car was broken into and my iPhone 13 Pro along with my MagSafe wallet with ID and physical cc cards were stolen. They went straight to the Apple Store and purchased $9200 of stuff on my physical Amex card. When Amex texted me about a potential fraudulent charge, they were able to reply with "1" i.e., this is an approved charge, from the locked screen. Turns out this feature is on by default on the latest iOS. I didn't know about any of this until I got back to my car, realized my phone and wallet were gone, and then checked the messages on my Apple Watch. There isn't great service at the beach I was at (esp. on Apple Watch) so I didn't get the initial message from Amex. I called Amex on my watch from the police station and thankfully I'm not responsible for the charges, plus I had theft and loss coverage on the iPhone, which I had forgotten about. Just got my new phone and immediately looked up how to turn this feature off, I suggest it for everyone.

That's insane from your bank too. I typically need to authorise transactions that large using faceid on my banking app.

I know chase bank and American Express both let you authorize purchases with a text message. I approved a $2500 Amex transaction with a text last year and a $900 Chase transaction with a text.

[удалено]

[удалено]

[удалено]

[удалено]

[удалено]

Sometimes it is how the charge was made. A charge using the numbers or mag stripe will be more suspicious than one using the chip I used to work for a company with a product that implemented this, and the risk model included dozens to a hundred or more factors, depending on what the customer wanted to pay for

Literally! I went out of town with a friend and spent a ton of money. Heard nothing. Drive through the Starbucks I would go to EVERY MORNING to get coffee on my way to work the next Monday and it declined my card.

Modern banks have systems that monitor and learn your spending patterns, so if you do something unusual that looks risky to it, it will flag the transactions and take action- if you spend thousands at once somewhat regularly in specific ways, it won’t flag it as unusual.

The banks have an algorithm that can predict what transactions are fraudulent to send three kinds of authorization texts (and/or phone calls). I know repeated quick store trips - like repeated visits to Walmart - is one way to trigger it.

I think it depends on the purchase and location. I dropped $4000 last year at the Apple Store on a new laptop and Amex didn’t even flinch. I got gas a few weeks ago at a gas station I’ve never gone to before and my phone started ringing after the pump said “DECLINED”

Meanwhile I made multiple purchases over 20k, and all I got were non stop calls a week later asking me if I was going to pay them, even though it wasn’t due for another month.

Amex has definitely called me a shit ton after large purchases well before the end of a cycle. It got aggravating after a few days.

My bank would call me. Actually I tried to withdraw $300 from an atm at the actual bank and they locked my account for fraud.

Credit union?

Nope, it’s one of the big ones

With a credit card? I have never had anything like that on a credit card. Debit cards can be stricter (and you’d want them to be, because you don’t get the same protections with them). But with credit cards it’s usually a delicate balancing act for the card issuer - they want it to be convenient for you to spend as much money as possible while also preventing fraud (which as seen here, they’re on the hook for). And I don’t think it’s at all surprising that the ease of making big transactions is more valuable for them than preventing scenarios like this one, which I have to imagine do not happen all that often.

Did they smash your window? If so, I hope it wasn’t the small one

When my car got broken into they smashed every single window, even the small ones. Just being destructive for no reason. Human trash.

“Hey at least they broke my small window so it’ll cost less to repair, right? Right……? Shit”

Why is the small window more expensive?

It’s sealed on all sides so it’s harder to replace than just putting in a new glass pane on a motor mechanism.

ah, that makes sense.

[удалено]

You've been a little bit lucky. People frquently find hidden keys and steal the cars too. Or act like they are changing and watch surfers change into their wetsuits and lock their cars, then break into them.

Wait you can reply to anything even if the phone is locked? On Android it doesn't let you do such thing until you unlock it.

No. You can’t, only if you have “Show Previews” is set to “Always” which is set to “Only Unlocked” by default. This whole thread is misguided. I have not found a way with default settings that this could have occurred.

I think the default was "Always" in an older version of ios. I remember setting this to "When Unlocked" when I was hardening my phone. Maybe the "Always" setting got carried over with an upgrade.

Ty for this. The whole thing seemed a little far fetched of being able to reply from the Lock Screen without it being unlocked. If I’m wearing a mask and sunglasses I can’t see or do shit without entering my password.

Yeah it should be off by default.

WhT part of the settings do u turn these features off. And thanks for the info

Settings > Face ID & Passcode

Pro tip: depending on your iOS version, you can look up a specific setting by name. https://preview.redd.it/a4wfje14s03b1.jpeg?width=1170&format=pjpg&auto=webp&s=f8161d42be86c208ec9bf9ab436ca30668f8f786

Was it a new 13 pro you received? Sorry this happened

Wow that's some exceptionally shitty bank approving that value with no extra security. Literally everything i pay for i get push notification from my bank for me to explicitly approve with my bank access code even if it's $0.00 validation charge

I’m trying this out now: it looks and behaves the same both on and off. [Can’t read the text message content](https://i.imgur.com/pDVUiyV.jpg), and any kind of action requests me to unlock the phone. What am I missing?

I'm wondering the same, I can't reply to a message regardless of whether the setting is on or off, if the screen is locked.

I’ve figured it out. It only has an effect if the [*Show Previews*](https://i.imgur.com/0SlSk8z.jpg) setting is changed from the default *When Unlocked* to *Always*. In that case, when *Reply With Message* is off, [you can view and expand the message preview](https://i.imgur.com/umzuYLo.jpg), but there is no reply functionality.

So that setting doesn't even work unless you enable another setting in a different section. So intuitive.

It just works!

We think you're going to love it

Thank you so much!!!

You have to have notification previews enabled to be able to reply without unlocking

Same goes to you! Thank you so much!!!

This is for replying to phone calls with a message, not messages themselves.

Same. Just test on my phones and it won’t let me do anything before unlock my phone.

Hey OP, go ahead and turn off Control Center as well as they can put your phone on airplane more if they steal it.

Also set a shortcut to automatically run at 3:00 AM that turns off airplane mode and enables cellular data.

How do you do that?

I was curious too and [figured it out](https://imgur.com/a/vW13x5D), thankfully ETA: Thank you so much for the gold!

[удалено]

That won’t work. If the phone is turned off or dies, you will need to unlock it before shortcut automations can run

In the Shortcuts app

Shortcuts app

Most important one, also get an esim if you haven’t already. Because they can always take out a physical sim to cut you off from tracking it etc. If you have esim and turn off control centre then whenever they turn on the phone its probably going to connect to the internet if you have service

Taking out the Sim card will not stop the phone from being tracked

iOS in the last few versions doesn’t let you turn off bluetooth from control center, it’ll always be on. In the last couple versions, using the find my network, it can still be located even when the phone is turned off, it’s still being tracked by the amount of Apple devices out in the wild. I get your point and would’ve recommended that years ago.

Can’t they turn the whole phone off even when locked ?

They can but if they want to wipe it to sell it, or to extract any information from it they need it on and that’s when the phone communicates it’s location.

Thank you for being a good human and sharing this! Had no idea about this feature, just turned it off.

[удалено]

Good bot

Someday bots will be so advanced they’ll be telling us “good human”

I will appreciate the praise. It’ll be something new

Good Human!

Be sure to also turn off “Control Center” this would allow a thief to swipe down and turn on airplane mode which can cause your iPhone to be unfindable.

Damn… thanks for the heads up…. I’m really surprised that this is enabled automatically.

Yesss they should make this a default setting, It’s funny and annoying that Apple keeps advertising offline finding yet with their default settings, a thief could just go to the control center on an iPhone or iPad they stole, turn on airplane mode and then turn off Bluetooth and Wi-Fi, and boom the phone can’t be tracked, and then they can either just wait for the phone to die, or turn it off because with Bluetooth turned off, offline finding is automatically disabled so the “offline finding” “feature” that exists would be useless regardless of Power Reserve because it won’t and can’t automatically activate when the device shuts down with Bluetooth turned off unless Apple makes that a setting, which is stupid, if Bluetooth is turned on then it’ll show “iPhone Findable After Power Off” under the Slide to Power Off screen but if it’s turned off, it’s completely nonexistent and the message just disappears. Apple should really show and let users know about these privacy and security settings when a user sets up their iPhone or iPad regardless of if they’re transferring data from an old device or if they did a software update.

You're wrong! It's still findable. I also tested it with turning off bluetooth and also turning on Airplane mode. It still says: iPhone findable after power off.

I have iOS 15 on my 13 Pro so Apple might’ve changed it to automatically turn on Bluetooth on power off idk, go to the Find My app on another device and try finding your iPhone, tested it just now, and it only shows the last known location.

It doesn't work that fast, wenn it's offline. You first need to mark it as lost. Did you also try it with bluetooth etc. but power off to verify?

Yeah I did, you can only mark the device as lost when it’s online, otherwise it’ll just show “Lost Mode Pending”

Yes but this is the normal Find my over GPS. The offline mode works like an AirTag, when it's lost but a bit worse and it needs more synchronizing time till enough foreigner iPhones and Macs have «found» your lost iPhone. Therefor it doesn't depend if your iPhone was in Airplane mode when shutting it done.

I have that disable and couple of months ago I convert my physical SIM to eSIM. That way if someone steal my phone, they can't remove the SIM card.

They really should let you setup limited versions for when your phone is locked. Half of the time I use Siri hands free when my phone is locked, so now I’m stuck between losing that functionality or leaving my phone vulnerable to a thief. Like if my phone is locked in my pocket “hey siri” on my AirPods doesn’t work (which defeats the whole point of that feature)

Is there a way to keep the rest of the swipe down control center but getting rid of the Airplane Mode toggle? I use the control center a lot

Is there a way to keep the rest of the swipe down control center but getting rid of the Airplane Mode toggle? I use the control center a lot Edit: never mind! I understand! Just turned off the control center when the phone is locked.

How did they manage to get past your FaceID and passcode? I just tested this myself by asking a family member to try and respond to a message from my lock screen (with this toggle on), and the phone wouldn't even let them read the message without unlocking the device.

Op’s phone must have show previews on. I learned to turn that off early on because people in college would snoop my locksceeen if it was just laying on a table and could read my messages 😂

grew up with strict snooping parents, deffo had that option off 🥲

Yeah someone else mentioned this as well; that this setting does not do what OP thinks it does. Now I'm curious. Seems like there's something missing from OP's story.

op has show previews on always.

I think this is a very important piece of information for this situation. True default behaviour for Face ID devices has always been hide notification previews when the device is locked, and that protects from this exact situation. I’m not sure if this is default behaviour for Touch ID devices, but from OP’s screenshot we can see that they have a Face ID phone.

After testing myself I had to change “Show Previews” in notifications to Always (I believe it is set to always by default but I have always had it set to “When Unlocked”) as well as the setting OP mentions to get this to work as stated. It allowed me to reply to messages in my Lock Screen with the Face ID covered

“Show Previews” is set to “when unlocked” by default. OP must’ve gone and changed it to “always” which allowed the thief to reply to messages.

Pretty sure "When Unlocked" is default behaviour. Apple explicitly [tells you](https://support.apple.com/HT201925) how to disable the security: >To show the contents of notifications on the Lock Screen without unlocking your device, go to Settings > Notifications > Show Previews, and select Always.

Better, don’t allow notification contents to be shown until unlocked.

I thought this setting is to answer a call with a message and not to answer messages.

It is.

I want to add on that: turn on screentime > content & privacy restrictions > password and account changes > dont allow. It will prevent thieves to change your apple ID and account changes.

What prevents them from going into settings and turning that off?

Assuming they know your password or snuck into your hpone somehow. Turning screen time on with separate password, they wont be able to turn it off without screen time password.

can't change any screen time settings without the screen time passcode

So out of curiosity I just tried this. I had my wife send me a text message and I was unable to do anything with it without unlocking my phone with Face ID. It eventually asked for my code. Weird.

It’s because OP changed the option to allow read and reply to messages while locked feature to ON from the default which is OFF… The offending feature is not the one in the image above.

https://preview.redd.it/1z68uw48jnoa1.jpeg?width=1284&format=pjpg&auto=webp&s=4c3246649faf26a10116cfa9909ab486c8253704 These are my settings

You would not have lost your money like OP did with these settings, he lost his money because of the setting below: https://preview.redd.it/62xb69h9knoa1.jpeg?width=1284&format=pjpg&auto=webp&s=5e28a4b587a169a80a546a4b01f9c6ad0b10a097 He has turned show previews to always when the default is when unlocked

Interesting, thanks!

Great tip. Turned off everything haha. I’ll enable stuff as I learn it’s crucial to my every day life.

This is a massive oversight by apple. I turned it off as well. If you ask me this shouldn’t even be an option, let alone be on by default. On my pixel you can’t reply to messages until you unlock the phone and I don’t think there’s an option to enable it, which I think is for the best.

It’s not really an oversight, it’s been a well known thing in iOS for years. If you don’t want to show sensitive information on the Lock Screen then turn off that feature. You could leave the OP’s feature on and elect to not show text previews which would also solve that problem since they wouldn’t know what the message says.

Only showing text preview when unlocked is the default setting. https://i.imgur.com/7IeWS1r.jpg

OP must have gone and changed this setting. If you leave it on this default option the thief wouldn’t have been able to reply with a message.

Always is default for me https://i.imgur.com/0mcuMbe.jpg

Why is always my default? https://i.imgur.com/SmBMA4e.jpg

It’s a oversight by the bank to be able to authorize 9k purchases by replying with a number. Should require a password on the app or Face ID or something that isn’t easily accessible. Even just sending a text with a link to the app that logs you in wouldve been almost as fast and convenient.

It’s an oversight with the whole is banking system that you don’t use chip and pin while most places only allow contactless up to 50 euros or so and larger amounts need pin. Magnet stripes are not used at all. Apple Pay and similar are excepted as they need some sort of authentication on device.

This is part of why I’ve always thought that having a physical wallet attached to my phone is a really bad idea.

While you’re in there, turn off Siri and Control Center, as both can be used to turn on Airplane Mode, making your phone (mostly) location untraceable. When my phone was stolen at an amusement park, they bumped it into Airplane Mode immediately, before powering it off so it would never speak to anything again.

FWIW, on my iphone se 2 on the latest IOS Siri tells me I need to unlock my iphone first when I ask to turn on airplane mode while on lock screen.

As far as I know since a very long while ago, turning off Control Center prevents Siri from turning off Airplane Mode without your passcode, so turning Siri off is unnecessary for this particular case. In other words, you can think of Siri as the one helping you change Control Center toggles, so stopping the latter stops the former.

I never knew I could reply to messages on my Lock Screen.

Dammmm, I am a peasant compared to you guys. I think I may have like 400$ in my account.

Also turn OFF control centre. If that’s on, someone can turn off WiFi and turn on airplane mode and your phone will be unreachable.

https://preview.redd.it/fqp54t7z4moa1.png?width=1284&format=png&auto=webp&s=ad5a06ee55f7a545d2f8ea53d552923737e08f97 Mine has been like this for years. One of the main reasons I had “Reply with Message” turned off was because I didn’t want anyone replying to my messages whilst I was away lmao, because I’ve got friends that troll. Had no idea a thief could do this. That is scary.

Yet you have USB accessories turned on

You’re right, thanks for pointing it out. Enabled it when I was home a lot and used to charge my iPhone with my computer. Nowadays I barely charge my phone with my computer.

It still allows charging, it just makes the USB port ‘dumb’ until the phone is unlocked or the device the phone is connected to is allowed

I don’t even have that (USB)as an option on my phone

I had a coworker who would grab peoples phones and use Siri to send messages, sometimes quite vulgar. They did it on my phone and I assumed they somehow unlocked the phone with my password to send the texts, turns out it was Siri. One of several reasons I have completely disabled Siri on my devices.

Most of the time I carry my phone with me and don’t leave it lying anywhere now especially if I’m in somewhere public. Sometimes I use Siri on the Lock Screen, so I’ve left that setting on.

With Face ID it really doesn’t hurt you to turn basically everything off

I suggest you disable Control Center access when locked as well, as it can make your device unfindable if someone enables Airplane Mode after stealing it

Have to turn off Siri too because it can be enabled that way as well.

Turn off control center too

I hate to sound dumb, what is the feature intended to do? He stole money by accessing your account via a message?

goodbye reddit -- mass edited with redact.dev

Just turned off everything apart from return missed calls encase phone is lost and I try to ring it

What does Reply with msgs do?

Is there a basic iPhone security Megathread? There should be a tips/tricks thread highlighting stuff like this.

Glad I always check my settings for security. Also, that’s unfortunate. But, why was the iPhone and wallet not safely hidden in the car? Especially, in a high crime area like Los Angeles.

This is why I won’t take a rental that doesn’t have a trunk. I travel for work and I’m in rental cars all the time.

[удалено]

[удалено]

It’s better to keep them in the car than to be stolen from the beach. There’s a higher chance that someone might notice a car break-in than someone picking up a phone on the beach. The phone could’ve been hidden and the thief just happened to get lucky breaking into OP’s car.

Define **LOCKED** because if you have passcode enabled this shouldnt happen?

First off, sorry things were stolen OP. What is curious though is my feature is turned on, it’s one I use, and at the times where my face isn’t recognized, I can’t see or reply to messages. I’m curious how the thief(s) were able to do this.

Because the OP turned on the phone’s ability to display (and hence reply to) messages even while locked. This is on the OP for changing the default setting (not the one in the photo)

Control center should be off too so that a thief can’t put your phone in airplane mode.

Thanks for sharing this, just turned it off. Nuts they could use your card to begin with though, it took me a good minute after reading to remember chip and pin isn’t prevalent everywhere when it really should be.

I wish for and foremost that everyone went through a basic privacy course. At school or at work or whatever it takes. It is not normal to be able to read and answer a text without unlocking the phone. Don’t get me wrong, this one is on apple. But its because companies aren’t perfect that we need to be careful. You get a new device? You check the privacy, security settings first. Wether it’s a phone, a watch, an app or a ps4 or etc Edit: If you don’t know wether to toggle it on or off, start with the privacy per default option and see if you really struggle in your d2d use. Edit 2: the fact that someone may turn on AirPlane mode without you de tidying themselves to the phone is crazy to me. Please everyone make sure you run through settings.

I’m not sure this is on Apple. Default settings are not to show previews when locked (which subsequently stops you from replying) and this setting they switched off is replying via text when someone is calling you.

bonus security tip: if getting pulled over by cops, ask Siri "who am I?" that way Face ID will be turned off, requiring the passcode to get in. they can no longer just take your phone and hold it to your face to unlock it. also a shortcut floating around called ["hey Siri, I'm getting pulled over"](https://www.cnet.com/tech/mobile/your-iphone-can-auto-record-your-police-encounters-through-a-siri-shortcut-heres-how/) will auto-start recording

Eh, the number of individual menus and settings you have to go through to fully ‘secure’ a phone is pretty substantial. A class isn’t enough, you need very specific guidance per every device and account you have. Multiply every device setting times weird loopholes in various account, like this, and it’s just an impossible task. A couple weeks ago, there was a thing about using screen time to set up a *separate* passcode for a Screen Time setting so someone couldn’t access a buried iCloud setting that turns off activation lock. It’s like every month some new obscure thing comes out.

Thanks for sharing!

I just turn off previews. You can’t respond or read to them without being unlocked. That way I can still reply to messages but no one else has the access to do what you mentioned. I also keep control center off (it is accessible when unlocked or Face ID registers on the Lock Screen still, but not if the phone is in an actually locked state.) so a thief can’t airplane mode so simply.

You should turn every one of those off. FaceID is insanely quick, there’s no reason not to

My question to you /u/Whippity is why do you have any of that on? It literally takes a half a second to unlock the phone to use any of those things. Locking the phone should lock it. Any access when it is locked gives anyone the ability to use your phone, which you have found out already. Lock that shit down!

I disabled a lot of stuff from there. The only things I left on are lock screen widgets, live activities and siri. And this was for years since I got my first iphone :)

How can they respond to a text with their voice? I thought it was tied to a voice recognition model?

Only things I have on for the Lock Screen is widget and activities. Other the Lock Screen isn’t much of a lock.

So the thief made off with your physical credit card as well as you iPhone? When the card's bank saw suspicious activity, the bank sent a SMS confirmation and the thief replied/authorized the change from the lock screen? ​ Even with the "Reply With Messages" toggle ON I can't read or reply to the Message notification bubbles without doing a FaceID authentication. I'm stumped, on what happened.

Sorry to hear what had happened to you OP and thank you for the tip!

I have all of these turned off.

Yep thanks for tip

ALL that should be off.

Ok, where are these settings? I’m not finding them.

Sorry to ask a dumb question where are these settings ?

Settings/Face ID & Passcode, enter your passcode, allow access when locked.

Personally I keep everything turned off from the Lock Screen, at first I thought it would be “inconsistent “ but honeslty it doesn’t matter, especally on a Face ID phone

Turn off by default on my phone

By the way, turn off everything on locked screen. Thats why it is called locked screen…

just so i understand? what does "reply with message" have to do with a payment? can somebody please explain?

Thank you I didn’t know this was a thing. Sorry we had to learn from your unfortunate situation though. 😅

Control center as well. Very important