This thief stole hundreds of iPhones and drained users’ bank accounts — 3 essential tips for staying safe

Image of person holding an iPhone showing the lock screen number pad
(Image credit: Shutterstock)

Hundreds if not thousands of the best iPhones are stolen each day worldwide and while Apple does have a plan to combat this with the release of iOS 17.3 next year, there have been countless victims over the years.

When the next version of iOS comes out, you’re going to want to download and install it right away as it contains a new feature called Stolen Device Protection. However, it won’t be enabled by default, so you are going to need to manually turn it on by opening the Settings app on your iPhone and heading to Face ID & Passcode. 

Once enabled, this new security feature will make it much harder for an iPhone thief to change your Apple ID password, disable Find My or add a new face to Face ID. If you’re wondering why Apple is now making such an abrupt change to how it keeps your iPhone secure, a recent report from The Wall Street Journal explains just how prevalent iPhone theft has become.

I strongly suggest you watch the entire interview embedded above in which the news outlet’s Joanna Stern interviews convicted iPhone thief Aaron Johnson. Over the course of just one year, Johnson and several of his accomplices managed to steal hundreds of iPhones and drain thousands of dollars from their victims’ bank accounts.

Unlike cybercriminals that use malware or malicious apps to attack smartphone users and steal their money, Johnson and other iPhone thieves across the U.S. (and likely worldwide) have been doing things the old-fashioned way. Just by watching an iPhone user input their passcode, these thieves have managed to steal, wipe and then sell off their targets’ smartphones.

Even though Stolen Device Protection will make this particular tactic much more difficult to pull off beginning next year, here are a few of my own personal takeaways and tips on how you can stay safe after watching The Wall Street Journal’s interview with now notorious iPhone thief Aaron Johnson.

Never hand anyone an unlocked phone

A man typing on an iPhone

(Image credit: Shutterstock)

In the interview, Johnson explains that he and his accomplices mainly targeted young, college-age men at bars in Minneapolis between 2021 and 2022. They would cozy up with their targets by saying that they had drugs for sale or that he was a rapper who wanted them to add him on Snapchat. Johnson would then ask his targets to hand him their phones.

With a target’s phone in hand, he would lock the phone, tell them that it was locked or saying something was wrong with the device and that he needed their passcode. As a lot of Johnson’s victims were young and naive or inebriated, they would just give it to him. He and his accomplices also videotaped some of their victims putting in their passcodes so they could replay the footage later if they didn’t already have the passcode.

From here, the stolen iPhone would ‘magically’ disappear from Johnson’s hands and likely end up with one of his accomplices. With a stolen phone and its passcode in hand, he would quickly navigate to the iPhone’s settings menu, turn off Find My and then proceed to change the passcode and add his own face to their Face ID.

Even after Apple beefs up the iPhone’s security with iOS 17.3, there’s a real clear lesson you can learn from all of Johnson’s victims: under no circumstance should you hand your unlocked phone to anyone. Even someone who appears to be a friend or maybe that Tinder date of yours could actually be a criminal that wants to steal your phone and your money. There’s just too much sensitive personal and financial data on our phones these days to trust them with anyone else, so don’t risk it.

Use your fingerprint instead of your face to unlock your phone

Just like with ports on the best MacBooks, Apple loves to get rid of useful features in its devices to make them slimmer and sleeker. This same thing occurred with the launch of the iPhone X when the company abandoned Touch ID in favor of Face ID with the aim of making the screen bigger on future iPhones.

In my opinion, this is a damn shame as plenty of the best Android phones have in-display fingerprint readers that are reliable as well as secure. Forget titanium, the fingerprint reader is a feature that Apple needs to bring back with the iPhone 16. I doubt they will but since privacy has been such a big push of the company’s marketing material over the past few years, Apple absolutely should.

Face ID on iPhone

(Image credit: Future)

Face ID may be convenient but you’re better off using a strong and complex passcode that’s hard to guess. Likewise, when inputting your passcode, you should be aware of your surroundings and look to see if anyone is watching instead of being face down on your phone. Stolen Device Protection will make it harder for potential thieves to take over your iPhone if they do manage to snatch it from your hand or even your bag. Another thing you want to avoid is leaving your phone on a table while out in public. Instead, it should be in your front pants pocket if your pockets are big enough or tucked securely in a bag or purse in a zippered pocket or compartment.

Sensitive apps should be individually locked with a passcode

Finger typing passcode into iPhone screen.

(Image credit: Shutterstock)

Many Android smartphones allow you to lock individual apps, though you can also use one of the best Android antivirus apps like Bitdefender Mobile Security to do so or even a locking app like AppLock from DoMobile Lab on the Google Play Store. However, locking apps on an iPhone is a bit less straightforward.

While you can lock some apps such as WhatsApp which have their own built-in locking mechanisms, Apple doesn’t provide this functionality natively in iOS. There is a workaround though and to use this method, you’re going to want to open the Settings app and head to Accessibility. From here, scroll down to Guided Access under General, tap on it and set the switch to On. Then tap on Passcode Settings followed by Set Guided Access Passcode. This will let you create a new passcode that is different from the one used to unlock your phone.

Once this Guided Access passcode has been created, go to any app you want to lock and hit the side button three times to bring up the Guided Access start screen. This will let you lock your iPhone’s entire screen to lock that particular app. Then, the next time you want to open this app, you’ll need to put in your Guided Access passcode to enable the screen for that app.

During his time stealing iPhones, Johnson noticed that it was incredibly easy to use Face Unlock or a user’s normal passcode to gain access to their banking apps and Apple Wallet. However, if you follow the steps above, an iPhone thief would need to know your separate Guided Access passcode to open any apps you’ve locked this way like your banking apps or even your crypto wallet.

iPhone 15 Pro Max shown in hand

(Image credit: Tom's Guide)

The iPhone vs Android smartphone debate is never-ending and it’s up to you to decide which is best for you. However, even if Apple does decide to eventually bring iMessage to Android or stop showing messages from Android phones using green bubbles, it’s still easy to tell which kind of phone a person is using when out in public.

As for how Johnson and his associates picked out their targets, it was actually quite easy. Unlike the standard iPhone 14, the iPhone 14 Pro Max has a distinct looking, three-camera array on the back. Since they could get more money selling pro model iPhones on the black market, they specifically looked for these when finding their marks at bars throughout Minneapolis. Apple hasn’t changed the design of the iPhone 15 and iPhone 15 Pro Max, so this tactic of specifically looking for iPhones with three cameras still works today.

The downside of Apple rarely changing up the design of its devices is that even if you had an older iPhone 12 Pro Max, an iPhone thief eying you up in a bar at night likely wouldn’t be able to tell at first glance that you didn’t have one of the company’s latest devices. Sure, you could stick to Apple’s non-Pro models to stay safe from potential thieves but you would lose out on that extra camera and a number of other features.

For this reason, you just need to be extremely careful when using your iPhone while out in public until Stolen Device Protection rolls out. However, as Johnson notes at the end of his interview, when he is released from prison years from now, there will be new tricks that make it easier to steal iPhones. 

There was a recent story making the rounds online that claimed that thieves in Washington DC had returned a stolen Android phone after realizing it wasn’t an iPhone according to a report from ABC 7. Switching to an Android smartphone is another option but most Apple users are too heavily invested in the company’s ecosystem to even consider such a thing. Fortunately, the company is taking additional steps to keep both its devices and their users safer with each new version of iOS.

More from Tom's Guide

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

  • timhood
    "Instead, it should be in your front pants pocket if your pockets or pick enough or tucked securely in a bag or purse in a zippered pocket or compartment."

    Should this read "Instead, it should be in your front pants pocket if your pockets are big enough or tucked securely in a bag or purse in a zippered pocket or compartment."?