I've changed my mind about unlocking your iPhone with your Apple Watch — it sucks

A few weeks ago, Apple enabled the ability for your Apple Watch to unlock your iPhone in situations where Face ID can't work — namely when you're wearing a mask. The feature is available in the newest versions of iOS 14 and watchOS 7 and was generally viewed as a positive thing; heck, I rejoiced pretty hard when the feature launched and starting using it right away. After all, when I'm out in a mask with my best iPhone, I want to be able to unlock it quickly.
After about a week or so of using the new feature, something happened that made me realize that using Unlock with Apple Watch can be a pretty big security risk — my partner unlocked my iPhone, and I didn't notice. I haven't used the feature since it dawned on me then that Unlock with Apple Watch is a workaround that undermines the security of Face ID.
The incident
Here's a quick breakdown of how it all happened.
I was in the store with my partner buying groceries, so I was wearing a face mask. I gave my partner my phone to hold as I was buying some items, and she proceeded to stick the phone in front of my face while making a joke about how I always make her hold things (sorry, babe). I didn't think anything of it; I had a mask on, so it's not like Face ID would work, right? Wrong. I had just unlocked my Apple Watch to check a text message, so Unlock with Apple Watch opened my iPhone right away when she stuck it in my face. She then proceeded to text my own number a silly message so I would get the notification on my wrist and see what she had done.
Before you point at the screen and state the obvious, I'll do it for you. Obviously, this incident was very specific, and it's not like I just give my iPhone to just anyone to hold; however, it still made me think about how serious that incident could have been if something nefarious was going on. When I'm out and about, I constantly am unlocking my Apple Watch via my passcode to check messages, check my Activity Rings, or for a plethora of other reasons. It wouldn't be hard for someone who is less than kind to notice that and use it against me.
Unlock with Apple Watch just isn't as secure
Although Apple did put security features into place with the Unlock with Apple Watch feature, it's still more of a security risk than just using Face ID. The whole point of biometric authentication is to authenticate that you are unlocking your iPhone. Unlock with Apple Watch never truly authenticates the user in a foolproof way. Yes, you need a passcode for your Apple Watch, but we all know that numeric passcodes aren't nearly as secure as Face ID, and the average person tends to have very weak passwords and passcodes. When you use Unlock with Apple Watch, Face ID doesn't get to scan your face, it just notices that it's blocked by something. It's entirely plausible that someone could steal your iPhone and Apple Watch, figure out your Apple Watch passcode, and boom, there into your entire phone. Is it highly likely? Perhaps not, but why put yourself at risk.
While I certainly don't blame Apple for making this workaround — people were clamoring for it — and I certainly don't blame people for using it, I just couldn't stomach the idea of my iPhone getting broken into. I want my iPhone to be as secure as it possibly can be, and Unlock with Apple Watch isn't the answer. Honestly, the issue I have with Unlock with Apple Watch is a testament to just how secure Face ID is and how much I have come to rely on it to keep my iPhone safe.
Luckily, there's a pretty easy solution to this mess.
Apple needs to bring back Touch ID
If you're going to use biometric authentication, you can't build in workarounds that almost negate any real authentication at all. Instead, the best way to solve this whole problem is to bring back Touch ID.
Before last year, I would have been shocked to see Touch ID ever make a comeback to the flagship iPhone models. When Apple first introduced Face ID, it was clear that Apple had made its choice and Face ID was the way of the future. In Apple's mind, Face ID was better, and bringing back Touch ID could have been seen as admitting it was not. But now, Apple doesn't have to worry about that. There is a legitimate need for Touch ID to come back to the next iPhone, and Apple wouldn't have to worry about public or investor perception that something is wrong with Face ID.
Of course, I don't think Apple has any plans to bring back the old Touch ID sensor to the flagship iPhones because going back to the design of the iPhone SE (2020) would be a huge step back. The good news is there are other options, and if the iPhone 13 rumors are true, we just might get one of them.
I would expect Apple to put Touch ID either on the side button — much like the power button on the iPad Air 4 — or for them to put it under the front glass. In either case, having Touch ID again would put an end to the need to unlock your iPhone with your Apple Watch and bring back the security we deserve to have on our iPhone.
What do you think?
Are you fine with unlocking your iPhone with your Apple Watch? Or, do you choose not to use the feature? Let us know in the comments down below.
iMore Newsletter
Get the best of iMore in your inbox, every day!
Luke Filipowicz has been a writer at iMore, covering Apple for nearly a decade now. He writes a lot about Apple Watch and iPad but covers the iPhone and Mac as well. He often describes himself as an "Apple user on a budget" and firmly believes that great technology can be affordable if you know where to look. Luke also heads up the iMore Show — a weekly podcast focusing on Apple news, rumors, and products but likes to have some fun along the way.
Luke knows he spends more time on Twitter than he probably should, so feel free to follow him or give him a shout on social media @LukeFilipowicz.
-
Not only was this incident very specific, it's also the exact scenario that Apple explains will happen when you enable the feature. RTFM.
-
Is it less secure? Sure. Would Touch ID be better? Absolutely. But in this face-less world we're living in, given what is available to us for the time being, I find the compromise to be acceptable for the sake of convenience. I use my devices so frequently that I would notice almost immediately if one or both were missing and lock them down in Find My. It would be a truly extraordinary situation for everything to fall in place to take advantage of the security gap. I'm not carrying the nuclear codes, so I'm comfortable with it. That said, when we're finally able to go out into the world bearing our mugs for all (of our devices) to see, I'll be sure to turn it off. (Please get vaccinated, people)
-
You didn't notice the aggressive tapping on your wrist that was your Apple watch telling you someone just unlocked your phone thus letting you relock it.
-
1) Did you not notice the haptic feedback on your wrist when your phone unlocked? You could have locked the phone again from the Watch.
2) How is this any different from your girlfriend holding the phone up to your face when you’re not wearing a mask and FaceID unlocks your phone? No chance to lock your phone without it in your hand. -
Why is your Watch getting locked all the time while on your wrist?
It’s not if someone is gonna do stuff on your Watch on your wrist without you noticing. -
I want it to unlock my iPhone whenever I am wearing the Watch.
-
Hmm.. there are so many things wrong with this article where do i start? One, your partner held the phone to your face and it unlocked. If you were not wearing a mask it still would have unlocked.
Two you constantly unlock your watch throughout the day, why? Are you worried that someone is going to use your watch while it is on your wrist? (It locks as soon as you take it off, which I assume you already know). Three the watch literally taps you to tell you your phone is being unlocked and you can immediately lock it with the watch. Four Face ID is more secure than a password, this one is up for debate, Is it more likely for someone to be able to unlock by holding in front of your face or to brute force or “figure out” your password. As i said no clear winner here. While yes i agree this work around does make Face ID “less secure” but all the stars would have to align for someone who you don’t willingly give your phone to to be able to, against your will unlock your phone, this would be highly unlikely but i guess not impossible. Personally i find the convenience worth it. If my phone ends up in someone else’s hands then i am already in trouble because my phone never leaves my hand or pocket, at least in places where i would be concerned with someone accessing my phone. And like someone else said, I am not carrying nuclear codes and watch unlock does not work for Face ID protected apps like banking. -
Hey McFly. That’s what the Apple Watch vigorously vibrating to alert you that someone unlocked your iPhone is for. And Yeah, this is why it’s turned off by default. I love it!!! Is your next article going to be that you shouldn’t use a Mac because it’s possible to get Malware that doesn’t exist on iOS?
-
I prefer TouchID as well. I never wanted to unlock anything with my face and I'm not sure why Apple thinks that's a better way to go. Apple should make an ultrasonic TouchID and be done with it. The pandemic proved TouchID is much more convenient and better than FaceID.
-
As other reviewers have so accurately pointed out, anyone can grab your phone, hold it up to your face, and unlock it just by swiping up on your iPhone screen. I know because I do that with my parents phones all of the time because well, they often need my help with tech. So in a way, unlocking your iPhone with your Watch is more secure because as mentioned, you can immediately lock your iPhone with your Watch. You do not have this option if you solely rely on Face ID. That being said, I think having at least two or more biometric security measures to get into your iPhone, iPad, Mac, and Watch is definitely more secure than just relying on one. However the most secure thing you can do is to not use any biometric security measures whatsoever. I’m not sure what the laws are in all States but last I knew, in most States you cannot be forced to reveal information that is in your head. However you can be coerced to unlock your devices with your fingerprint in some States I believe. But who wants to have to put in either their six digit+ numeric or alphanumeric passcode in all of the time? Not me. 😊 Thank you for the article Luke and all the work you do! I do not agree with your viewpoint on this issue but, I will say that I do appreciate your perspective and giving me something to think about when it comes to the method I choose to unlock my devices.
-
Sorry, but this is a ridiculous article. This is the same as saying, "I don't like having keys to unlock my house, because hey, someone could steal my keys." What are the chances that someone other than one's partner is going to take your iPhone and, near enough to you for it to work, unlock the phone because you are nearby with an Apple Watch? Absurd. If you're that concerned about it, a) don't use an iPhone, b) don't wear an Apple Watch, or c) best option, just live in a bubble.
-
By the time they've gone through a bunch of attempts to get into my phone by unlocking my watch, I'll have stopped them from doing so by using Find My to disable them both.
-
The ability to unlock my phone with my watch while wearing a mask has been a game changer for me. I was getting tired and frustrated punching my code in all day long often not having all of the touches registering compounded the issue
-
Besides all the other silliness pointed out; same would happen if you weren't wearing a mask. You'd have to hand your phone to someone you don't trust. In fact the watch unlock is more secure in that it gives you the opportunity to re-lock the phone from your watch immediately, and that lock requires re-entering the PIN. That isn't an option for regular face unlock. The statement, "When you use Unlock with Apple Watch, Face ID doesn't get to scan your face, it just notices that it's blocked by something." is wrong. The face unlock feature still scans your face, and uses features above the mask to include. Try it. Hand your phone to someone else wearing a mask and see if they can unlock your phone because they are standing next to you with your watch. So the scenario where they steal your phone and watch, figure out your watch code, and get into your phone wearing a mask, doesn't hold water. Now the scenario wear space aliens do a mind probe and get your PIN, that's plausible.
-
You wore a seat belt but still got in a crash. Cos you had that experience does not mean other people with the feature want touch ID
-
It’s funny how this fanblog was praising Face ID and how people should suck it up cause it’s more Secure than a fingerprint is now saying that the solution to a problem that actually doesn’t exist is Touch ID. This would’ve happened even if you’re not wearing a face mask. Sounds like YOU need to be a bit more careful and cautious, that’s all. This was going to happen regardless. The only solution here is don’t give anyone your smartphone, PERIOD! End. Of. Story. Your partner being your partner isn’t an excuse to just pass your smartphone to.
-
you asked what we thought at the conclusion of the article and i think the other commenters nailed it..... 1) sure touch ID would be better, but hardware upgrades cost money
2) the problem you describe is identical to the one that would happen in the home when not wearing a face mask sans your watch alerting you to the unlock
3) the watch alerts you with haptic feedback to the unlock AND gives you the option to re-lock your iphone which then disables face id until you enter the passcode. specifically for the scenario you described.
4) why on earth are you re-entering your passcode on your apple watch if it has not left your wrist since last you unblocked it? are you afraid somebody is going to access it while on your wrist or remove it while spoofing contact with your wrist so it remains unlocked? seems really paranoid crazy to me. i just wish face ID would ALWAYS provide haptic feedback on my watch to alert me to an unlock. and FYI you can make longer numeric unlock codes for your watch if you are really paranoid. i don’t think this article provided any new information beyond what apple provided when they released the feature and described why the watch gives haptic feedback. -
There is a rather simple solution to this problem which should become common practice among iPhone users. Before handing your device to anybody for safekeeping press and hold the volume down and side button simultaneously. This forces passcode entry for the next unlock.