New 'Repair State' Keeps Your iPhone Safer When Being Fixed

But maybe not safe enough

  • In iOS 17.5, 'Repair State' will let you leave Find My switched on when your phone is getting fixed.
  • Currently, Apple requires you to turn Find My off before handing it in.
  • The only way to really protect your data is to wipe it beforehand.
A technician repairing a phone on a blue workbench
iOS will soon offer more privacy protection during repairs.

Kilian Seiler / Unsplash

Apple will soon add a "Repair State" mode to iPhones so you can keep them safer during repair.

Repair State, which is currently testing in the iOS 17.5 beta, lets you keep Find My switched on when you take your iPhone in for repair. It seems like a way to deal with the newly-introduced Stolen Device Protection, which won't let you disable Find My unless you're at home, but it also makes repairs more secure. Which makes us wonder—why does Apple make you turn Find My off when it repairs your iPhone? And wouldn't it be best to just wipe your phone entirely before handing it over?

"Find My, along with Activation Lock, serves as a powerful deterrent against theft or unauthorized access to your iPhone. By keeping Find My enabled, even during the repair process, you ensure that your device remains trackable and secure. This not only safeguards your data but also reduces the risk of your device being stolen or misused while it's out of your possession," software company founder Dhanvin Sriram told Lifewire via email.

Repair State

Apple currently requires that you back up your iPhone, turn off Apple Cash, and remove your cards and passes from Apple Wallet before handing your iPhone over, or sending it to Apple, for repair. It also requires that you deactivate Find My, which is the service that lets you track your iPhone on a map and—crucially—lock it onto lost mode or perform a remote wipe so that a hacker cannot access your data no matter how good they are.

An iPhone 4 with a cracked screen, next to some repair tools
Make sure you take precautions before handing your iPhone to a stranger.

 Anton Maksimov 5642.su / Unsplash

Why does Apple require this step? To make sure it's actually the iPhone's owner sending it in for repair.

In January, Apple added Stolen Device Protection, which plugged a big security hole. Prior to SDP, a thief could "shoulder surf" your iPhone passcode, steal your phone, and then use that code to reset your Apple ID password, locking you out of your account. You would lose access to your photos, purchased apps, and anything else, and the thief could use your phone as if they were you—email, apps, everything. Stolen Device Protection puts an end to this by adding a one-hour delay to any Apple ID passcode changes, unless you are at home.

But that handy one-hour delay is not so handy if you are at the Apple Store, waiting to give your device in for repair. So, in the next iOS update, you'll be able to keep Find My enabled, which is frankly essential. You'd have to be nuts to hand your iPhone over to a stranger with this safety feature turned off.

But is this enough?

Nuke it From Orbit

Thanks to Apple's self-designed Apple Silicon systems, the iPhone, the iPad, and the Mac are all extremely resistant to attack, even when the attacker has the device physically in front of them. Gone are the days of removing the hard drive and plugging it into another computer to read the entire, unencrypted contents.

But even the iPhone isn't invulnerable. In 2021, we learned that US police used a device called the GrayKey to unlock phones. In the same year, Apple sued Israeli spyware company the NSO group, which made the Pegasus hacking tool which could be used to target specific iPhone users and infiltrate their devices.

Photo of a phone with a cracked screen, balanced on its corner on a sidewalk, as if it just fell there and broke.
Ouch.

Ali Abdul Rahman / Unsplash

Which is to say, there's only one way to be sure nobody has access to your data when your phone is in somebody else's hands. You have to back it up, then erase it.

"While the new Stolen Device Protection and repair mode enhance security, users should remain cautious. Trusting a repair shop is necessary, but one should also take additional measures such as backing up data and ensuring the shop is reputable. If particularly sensitive information is stored on the device, a full wipe and restore post-repair might be a safer albeit more cumbersome option," mobile software developer Cache Merrill told Lifewire via email.

You probably already have an iCloud backup but check to make sure. You can also back up to a Mac or PC. Then, the actual erasing-everything part is easy. You'll still have to switch off Find My, and sign out of iCloud first (which means you should do it at home, where Stolen Device Protection won't force that one-hour delay), but the actual erasing part is instant.

Yes, you'll have to restore that iPhone, Mac, or iPad once you get it back, but what's a few extra hours of waiting compared to the catastrophic consequences of a phone stolen without any protections enabled but your passcode?

It's the only way to be sure.

Was this page helpful?