Users of any Apple device must have an Apple ID, a sort of digital passport to explore and experience the Apple world. To enter, you need an Apple ID that gives you a variety of rights and, like a real passport, it must not be loaned to anyone or you must not borrow it.
The first point of view is quite intuitive: if you give someone else your Apple ID you would lose access to your devices, data, subscriptions to which you are subscribed etc. Doubt may arise when we advise you against entering someone else’s Apple ID on your iPhone or iPad. Let’s analyze Marcie’s story as a case study.
Selling a used iPhone
After a year of love with her phone, Marcie decides to sell her iPhone X. Marcie simply wants to switch to a newer model, an XS or at least an XR. He initially plans to sell it on eBay, adding an ad on Craigslist for safety.
The next step is about the price. The phone is in good condition, so it decides to aim for a good selling price. In a year he had practically gotten dust, and there was not even a scratch! It will certainly take some time to find a buyer, but Marcie is in no hurry.
To his surprise, someone came forward the next day. A very nice woman writes to her that her husband would really like to buy an iPhone but he is always very busy and has no chance to make an appointment until the end of that week. However, he really appreciates the fact that the device is in perfect condition, for this he would like to pay the phone in advance and then pick it up later. To verify that the phone is fully functional, the woman asks Marcie to enter her husband’s Apple ID on the device. If everything seems okay, the lady would have immediately made the bank transfer to pay the price of the phone.
Marcie is thrilled, she thought it would take at least a couple of weeks to sell it, and instead 24 hours later, it’s all done. The lady sends her husband’s Apple ID email and password and Marcie wonders how some people reveal such important information to a perfect stranger without batting an eye. In any case, it is not his problem, so he enters the data on his smartphone and confirms to the lady that everything is ready to check the functioning of the iPhone.
At this point something happens that Marcie does not expect remotely. A message appears on the screen that the phone has been locked and someone at that certain email address will be contacted to unlock it. And there is no way to go beyond the black screen with this unpleasant message, the phone has been locked, period.
The “kind lady” (or a fake account) no longer responds to Marcie’s messages, who sends an e-mail to the famous address and is told that, in order to get the phone back, she should make a good payment in cryptocurrency.
Marcie stops for a moment to think and realizes that she has no guarantee that she won’t be fooled this time too. His iPhone is there on the table, a useless brick and totally indifferent to Marcie’s tribulations. And although she still has doubts as to whether or not to pay the ransom, she gets angry at herself for being fooled in this way.
Beware of strangers and their Apple IDs
The moment you allow someone to enter their Apple ID on your device, the device is no longer in your possession. And if cybercriminals take possession of it, it will not be easy at all to get him back: after deceiving the victim, the cybercriminals block the device through the iCloud functionality “Find my iPhone”.
This functionality was created to prevent a stranger from peeking at what the found device contains; in any case, the contacts will be displayed on the screen so whoever found the phone can contact the rightful owner.
In this case, of course, the device has not been lost; however, as soon as the victim enters another person’s Apple ID, the phone is immediately added to the list of devices associated with that person’s iCloud, and there is no going back from there. In short, a useful feature turns into something harmful if the purpose changes: cybercriminals use Find my iPhone to block iPhone and iPad and then request a ransom.
If you have to sell a used device, keep your eyes peeled and not just for the case just described. A widely used social engineering technique is to circumvent users of the forums that concern the Apple world, asking them to be able to enter their Apple ID using pretexts such as “my phone is dead, all my contacts are on iCloud, I have to call my boss urgently, please give me a hand “or something.
Thinking about it, if a similar situation were to happen and if you had Apple ID e-mail and password, wouldn’t it be enough just to connect to the web version of iCloud and put everything in place? But no. The cybercriminal account is protected by two-factor authentication so when you log in to iCloud, you must also enter the code sent to one of the devices. And of course, only cybercriminals have access to it, so being aware of Apple ID alone is not enough.
Moral of the story: never enter someone else’s Apple ID on your device. Even if they ask you please.