Date: Monday, June 21st, 2010, 11:28
Category: iPhone, Review, Software
By Steve Abrahamson
Friday, Apple released the Find My iPhone app (in truth it’ll find your iPad too). In this reviewer’s opinion, this is an app that should have been here a year ago, but I’m just glad it’s finally here.
Having this as an app is a terrific idea. A case study: early last year, before you could even get to Find My iPhone in Mobile Safari, my wife misplaced her phone, and we had to go home to find where she lost it. If we’d had this, I could have found it while we were still out – and it turns out, near where she’d left her iPhone. For families with more than one iDevice, this app makes a great functionality more accessible.
With tools this powerful, however, comes increased risk. Improper access to this functionality in the wrong hands could easily offer the potential for serious stalking, and Apple stands in the way by insisting on login credentials for the device you’re looking for, each time you launch the app.
Unfortunately, it “offers” you the same Login ID you last used to successfully log in – and there does not appear to be any way to clear it, even between sessions. I tried deleting the ID, but the app remembered the last successful login and “offered” it when I re-launched the app; so it doesn’t remember null values. I tried replacing the ID with a random word, but that wouldn’t stick either. Power cycling the iPhone didn’t even clear it.
Not only does the app offer whoever is launching it a user ID, it ignores non-valid ones: anyone launching the app can therefore be assured that any ID they find there is a real, valid ID.
I understand the desire to offer a helping hand to the end user, but this “offering” an email address – one of only two pieces of security info – blindly to whoever is holding the device is exactly the sort of thing AT&T got into mighty hot water for just two weeks ago, exposing millions of email addresses with iPads. This isn’t Facebook. This is an app that will silently give you the accurate location of a person (well, their iPhone, but that’s probably the same thing), or even let you lock them out or destroy their data.
For an app this powerful, with these kinds of security implications, “convenient” should lose to “secure.”
All Apple needs to do to fix this is rev the app to let it forget the login credentials between sessions. This otherwise wonderful little app would be so much the better for it.
Steve Abrahamson is a technologist and Certified FileMaker developer in Chicago. He has a small development firm, Ascending Technologies (http://www.asctech.com), and is really just a technofetishist writing software as a cover to buy more toys.