Thursday, February 08, 2007

The iPod Screen Lock is Almost Perfect!

Fellow iPod Users,

I have conducted a simple experiment to determine the value (or false hope) offered in Apple's "Screen Lock" feature that is included in the new iPod Nanos (2nd gen). Here's the Apple page that explains that feature:


I conducted the experiment because I was concerned about the level of protection that this feature offered to sensitive data that I might load onto my iPod, in the form of Notes (text files) and Contacts (vcard files). I was considering merely transferring all of my contacts from my Palm PDA to my iPod - which I've determined would be very easy. However, some of my contacts in my Palm include sensitive information about customer accounts I have with banks, brokerages, etc., along with all the super-secret challenge/response questions and answers for all those places to prove my identity.


Yes, I do realize this feature is only advertised to lock the screen and prevent others from accessing the contents via the screen interface.

Short answer: yikes! This offers no real protection for my personal data.


1) Place sample data on the ipod, including a text file in the Notes area and vcards in the contacts area. i did this using the procedure that i'd probably use regularly, which is: use iSync to transfer a few contacts from my Address Book on my mac to the iPod and using drag/drop to copy a text file to the Notes folder on the iPod.

2) Turn on the Screen Lock feature.

3) Confirm that the basic lock feature works - it does, indeed, require the code in order to use the iPod directly.

4) Relock the iPod and connect iPod to the mac that it's synced with (it's primary mac). I could directly sync and access the files without any Screen Lock related authentication. OK - this is consistent with Apple documentation.

5) Relock the iPod and connect it to a different mac. I was hoping that it would not allow me to sync or access any files on the iPod, due to the Screen Lock feature. I was disappointed. It allowed all the same access (manual sync via iTunes and direct drag/drop file access to both the Notes and Contacts folders).


1) If my iPod is stolen, or otherwise used by another person, all my contacts and notes files will be immediately accessible by others simply by connecting it to a mac (maybe even to a PC).

2) Sensitive information is NOT adequately protected on a 2nd generation iPod Nano.

3) I will be unable to deprecate my Palm PDA and use my iPod in its place.

4) Apple is sooooo close to having a true locking mechanism - see below for more.

Note to Steve Jobs:

Apple is so very close to having decent protection of personal contacts and notes on the new iPods. Heck they might even be able to do it with a mere firmware upgrade on my model. The iPod already has the firmware code to recognize your primary mac/pc when you connect it by USB - this is evidenced by the dialog that warns you when you connect it to a system that isn't your primary sync system. If Apple were to update the code so that right at that moment, it checks to see if the Screen Lock is active, and if so, then blocks access to everything on the iPod by that system (but allowing battery recharge to occur) - forcing the user to disconnect it and unlock the screen. Voila!


Joe said...

Good idea, however, too many people would forget the lock code and be locked out of their iPods. Then Apple would have a PR nightmare.

michael said...

Well those people are gits!

Plus they can simply reset the iPod and then reload their stuff - which is easy since it's sync'd with iTunes. And then they'd either improve their memory skills, or they'd choose to not set the lock.