Working in a mobile forensic company developing tools for iCloud forensics, logical and physical extraction of iPhone devices, we don’t live another day without being asked if (or “how”) we can help remove iCloud lock from a given iPhone. Without throwing a definite “yes” or “no” (or “just buy this tool”), we’ve decided to gather everything we know about bypassing, resetting and disabling iCloud activation lock on recent Apple devices.

What Is Activation Lock (iCloud Lock)?

Activation Lock, or iCloud Lock, is a feature of Find My iPhone, Apple’s proprietary implementation of a much wider protection system generally referred as Factory Reset Protection (FRP). Factory Reset Protection, or “kill switch”, is regulated in the US via the Smartphone Theft Prevention Act of 2015. The Act requires device manufacturers to feature a so-called “kill switch” allowing legitimate users to remotely wipe and lock devices. The purpose of the kill switch was to discourage smartphone theft by dramatically reducing resale value of stolen devices.

According to Apple, “Activation Lock is a feature that’s designed to prevent anyone else from using your iPhone, iPad, iPod touch, or Apple Watch if it’s ever lost or stolen. Activation Lock is enabled automatically when you turn on Find My iPhone. … Even if you erase your device remotely, Activation Lock can continue to deter anyone from reactivating your device without your permission. All you need to do is keep Find My iPhone turned on, and remember your Apple ID and password.”

Update 25.07.2019: new/additional information on that topic is now available in Breaking and Securing Apple iCloud Accounts article.

How Activation Lock Works

When you turn on Find My iPhone on your Apple device, Apple registers your device by linking your your Apple ID to the device ID on its activation servers. From that point on, your device is automatically protected. Even if your device is stolen, the thief will need either your device passcode or your Apple ID password to disable iCloud lock. Even if they reset your device via DFU mode, which can be used to reset the passcode, they still won’t be able to reactivate and use your iPhone without first removing the Activation Lock.

How to Remotely Lock Your Device

The main purpose of iCloud lock is discouraging theft. Locked devices cannot be used or reactivated without entering your passcode or your Apple ID password. This greatly reduces resale value of stolen devices and effectively deters casual theft while making organized crime more difficult.

You can turn the Lost Mode for your device or remotely wipe it from another Apple device or from a Web browser. In order to remotely lock or wipe your iPhone, you will only need your Apple ID and password.

1. Sign in to Find My iPhone (https://www.icloud.com/#find) with your Apple ID (the one you use with iCloud).
2. In the Devices list, tap the device that’s in Lost Mode.
3. Tap Actions, then tap Lost Mode or Erase iPhone.

More information:

• Find My iPhone: Lock and track your device using Lost Mode

Removing iCloud Lock: The Official Way

If you are the first owner of the iPhone and still have your original purchase receipt (or purchased the iPhone in an Apple Store, where the purchase would be registered electronically), you may be able to visit a nearby Apple Store to have iCloud lock removed from your iPhone. If, however, you bought the iPhone second-hand, received it as a gift or no longer have the original purchase receipt, you’d have to resort to other methods for removing iCloud lock.

Removing iCloud Activation Lock: If It’s Your Own Device

If you remotely locked or wiped your device via Find My Phone and then discovered it, you will have several ways to regain access to the device. However, the recovery may be complicated or extremely complicated – even if you are the rightful owner and know your device passcode and your Apple ID password!

If the device is in Lost Mode

If you have the device back, you may turn off Lost Mode by following these instructions:

1. Sign in to Find My iPhone (https://www.icloud.com/#find) with your Apple ID (the one you use with iCloud). Note: even if your account is protected with Two-Factor Authentication, you will only need your Apple ID and password to sign in.
2. In the Devices list, tap the device that’s in Lost Mode.
3. Tap Actions, then tap Lost Mode.
4. Tap Turn Off Lost Mode.

If your device is offline and turning off lost mode does not work, attempt to unlock the device with your passcode. However, this may not always work as your device may be locked because the number of wrong passcode attempts was exceeded. If this is the case, you may see the “iPhone is disabled. Connect to iTunes” message. While the obvious thing to do is connecting the phone to the computer and trying to restore through iTunes, this may not always work. Starting with iOS 11.4.1, Apple introduced USB Restricted Mode, which effectively disables all data communications over the iPhone’s Lightning port after one hour since the device was last unlocked or disconnected from an accessory. If this happens to your iPhone, you may be unable to restore it via regular means. You will have to reset your device (losing all data in the process) by following these instructions:

• If you can’t update or restore your iPhone, iPad, or iPod touch

If the Restore mode does not work, you may attempt to restore the device via DFU mode by following these steps.

• DFU Restore

If you erased the device: If you remotely wiped the device, or if the device was erased via DFU mode, the iPhone will be locked with Activation Lock. If this is the case, start setting up your iPhone as normal. Once you’re prompted to sign in with your Apple account, log in using your Apple ID and password. You will need to enter the same Apple ID and password that were used on the device before it was erased.

Removing Activation Lock: Forgotten Apple ID/iCloud Password

Many users will rarely, if ever, need their Apple ID password after they initially set up their device. Rarely used passwords are easily forgotten. If you forgot your iCloud password, but your iPhone is not protected with a passcode (or you know the passcode), you may be able to reset your iCloud password/Apple ID password and subsequently disable activation lock.

Pre-requisites:

1. You forgot your Apple ID password/iCloud password
2. The iPhone does not have a passcode, or you know the passcode
3. There is no outstanding remote lock or remote erase request

Goals:

1. Change Apple ID password
2. Disable iCloud lock on the iPhone without erasing its content

Steps to disable iCloud activation lock:

1. If there is no passcode on your iPhone, create one
2. Tap Settings > iCloud > Apple ID > Password & Security
3. Tap Change Password
4. Enter device passcode
5. Enter and confirm the new Apple ID password
6. Tap Find My iPhone slider to disable iCloud lock
7. Enter your newly set Apple ID password to confirm

At this point, you have successfully disabled Activation lock/Find My iPhone on the user’s iPhone. With Find My iPhone disabled, this device can no longer be located, placed in Lost Mode, or remotely erased using icloud.com/find or the Find My iPhone iOS app. In addition, the Apple ID and password will no longer be required for someone to erase, reactivate, and use your iPhone.

Summary and Conclusion

So let us sum up the requirements for disabling activation lock in different scenarios. In order to remove iCloud lock, you always need one of the following:

If the iPhone has not (yet) been wiped:

• Passcode
• iCloud password/Apple ID password
• Visit Apple Store with original purchase receipt in your name

If the iPhone has been wiped and prompts for Apple ID password:

• iCloud password/Apple ID password
• Visit Apple Store with original purchase receipt in your name

There are no alternatives or workarounds, tools or services that could remove activation lock from an iPhone without the passcode or the user’s Apple ID/iCloud password.