By Steve Abrahamson
Friday, Apple released the Find My iPhone app (in truth it’ll find your iPad too). In this reviewer’s opinion, this is an app that should have been here a year ago, but I’m just glad it’s finally here.
Having this as an app is a terrific idea. A case study: early last year, before you could even get to Find My iPhone in Mobile Safari, my wife misplaced her phone, and we had to go home to find where she lost it. If we’d had this, I could have found it while we were still out – and it turns out, near where she’d left her iPhone. For families with more than one iDevice, this app makes a great functionality more accessible.
With tools this powerful, however, comes increased risk. Improper access to this functionality in the wrong hands could easily offer the potential for serious stalking, and Apple stands in the way by insisting on login credentials for the device you’re looking for, each time you launch the app.
Unfortunately, it “offers” you the same Login ID you last used to successfully log in – and there does not appear to be any way to clear it, even between sessions. I tried deleting the ID, but the app remembered the last successful login and “offered” it when I re-launched the app; so it doesn’t remember null values. I tried replacing the ID with a random word, but that wouldn’t stick either. Power cycling the iPhone didn’t even clear it.
Not only does the app offer whoever is launching it a user ID, it ignores non-valid ones: anyone launching the app can therefore be assured that any ID they find there is a real, valid ID.
I understand the desire to offer a helping hand to the end user, but this “offering” an email address – one of only two pieces of security info – blindly to whoever is holding the device is exactly the sort of thing AT&T got into mighty hot water for just two weeks ago, exposing millions of email addresses with iPads. This isn’t Facebook. This is an app that will silently give you the accurate location of a person (well, their iPhone, but that’s probably the same thing), or even let you lock them out or destroy their data.
For an app this powerful, with these kinds of security implications, “convenient” should lose to “secure.”
All Apple needs to do to fix this is rev the app to let it forget the login credentials between sessions. This otherwise wonderful little app would be so much the better for it.
–
Steve Abrahamson is a technologist and Certified FileMaker developer in Chicago. He has a small development firm, Ascending Technologies (http://www.asctech.com), and is really just a technofetishist writing software as a cover to buy more toys.
6 replies on “Review: Find My iPhone”
@Ncmike4: that's not really the point – you don't get that phone's credentials from it, you get *another* phone's credentials. So say you lose your phone, and you ask an iPhone user nearby if they have this app on their phone so you can locate yours. They unlock their phone, launch the app and hand the phone to you. You use it. They get your email address.
Anyone you mail with your mobileme account will know your login, so what's the big deal. Find a better password than 12345678 or p@ssword and you'll probably be safe.
I know that this is a new app. but its been available to .mac users for some time and has been worth the price of the annual fee. As lilboxer stated, pass coding the phone will keep people out of you phone if you leave it at a bar or something :-). I put my card with contact info inside the case of the phone so if I do lose it, someone can find me without using the phone.
If you have Passcode Lock activated on your phone, no one can access your data.
Not a review, so much as a complaint about one specific component of the application. Boo.
Actually, if you have a “lost” phone in your hand, you can get the account information easily enough from Settings, so this doesn't expose data that isn't already exposed elsewhere.