LiveJournal blogger HappyWaffle (real name Kevin) recently posted a great story about how he purportedly used Apple's MobileMe service to track down his iPhone, which was stolen while he was at a bar. By using a laptop with a wireless data card, he and his friends used the 'Find My iPhone' service to figure out where it was and managed to get it back from the person who had taken it. They even used Google Translate to alert the thief (in multiple languages) that they would call the police if the device was not returned.
As good as the story is, much of it relies on iPhone owners having certain settings flipped on, as well as the person who has the phone not knowing the right ones to turn off. For one, they can disable all of the MobileMe features by simply yanking the SIM card out or deleting the MobileMe account from the phone. They can also perform a software restore, which means your data is safely erased, but you can no longer track where it is without carrier intervention.
This isn't the main thing to worry about, though -- it's that MobileMe's capability to locate your phone hinges on you having the Find My iPhone setting enabled on the phone itself. This lets the device maintain a constant connection with Apple's servers to provide that neat, real-time tracking and instant receipt of messages you send it. With this and push messaging turned off -- both are changes that can be made without any sort of MobileMe or iPhone password check -- the service can no longer locate the phone.
As a side effect of this, both the capability to perform a remote wipe of all your data, and send whoever has your device a message, can be put off indefinitely if push has been turned off. When off, any messages you've sent (which would normally arrive a second or two after being sent from the MobileMe site) get delivered the next time your phone does a fetch for mail from MobileMe. This means that if you've got it set to check mail manually, whoever has your phone would not be alerted with those messages until they opened up the email app. And if you've got a password lock on your phone, it means they'll never arrive.
As a solution, Apple could allow users to remotely change certain phone settings, such as when the device checks for mail, or lock it down to only be able to use certain applications. Also, instead of wiping the phone entirely, it would be useful to enable the password unlock remotely. This would keep users from accessing personal data without the code.
Another key thing that needs to be changed is the way users can interact with incoming messages that are sent to the device. In Kevin's experience, he tried several times to get the thief to call a specific number by sending it in the SMS-like messages that can be sent from the MobileMe site. The problem with these, however, is that as soon as you click on the big OK button to dismiss them, they're gone for good. Unlike SMS messages, which are stored on the device, the only record of these comes as a carbon-copied email to your MobileMe account. They also do not allow you to copy and paste text, or click on a phone number to dial it.
So do these things kill some of the utility of the Find My iPhone feature? Not at all. There's plenty of room to expand on them, and despite these shortcomings, we still think it's one of the most useful features of the service, if not one of the main reasons to invest in it. It just needs a few tweaks to go beyond the all-or-nothing remote wipe solution, and outsmart tech-savvy thieves who know their way around the settings menu.