Over the weekend, Livejournal blogger HappyWaffle (real name Kevin), posted a great story about how he purportedly used Apple's MobileMe service to track down his iPhone, which was stolen while he was at a bar. By using a laptop with a Sprint EVDO wireless data card, he and his friends figured out where it was and managed to get it back from the person who had taken it. They even used Google Translate to alert the thief (in multiple languages) that they would call the police if the device was not returned.
As good as the story is, a lot of it relies on iPhone owners having certain settings flipped on, as well as the person who has the phone not knowing the right ones to turn off. For one, they can disable all of the MobileMe features by simply yanking the SIM card out or deleting the MobileMe account from the phone. They can also perform a software wipe right on the phone, which means your data gets erased, however that means you can no longer track where it is without carrier intervention.
This isn't the main thing to worry about though; it's that MobileMe's capability to locate your phone hinges on you having the 'Find My iPhone' setting enabled on the phone itself. This lets the device maintain a constant connection with Apple's servers to provide that neat-o, real-time tracking and instant receipt of messages you send it. With this and push messaging turned off, (both are changes that can be made without any sort of MobileMe, or iPhone password check) the service can no longer locate the phone.
As a side effect of this, both the capability to perform a remote wipe of all your data, and send whoever has your device a message can be put off indefinitely if push has been turned off. When off, any messages you've sent (which would normally arrive a second or two after being sent from the MobileMe site) get delivered the next time your phone does a fetch for mail from MobileMe. This means that if you've got it set to check mail manually, whoever has your phone would not be alerted with those messages until they opened up the mail application. And if you've got a pass code lock on your phone, it means they'll never arrive.
As a solution, Apple could allow users to remotely change certain phone settings, such as when the device checks for mail, or lock it down to only be able to use certain applications. Also, instead of wiping the phone entirely, it would be fantastic to enable the passcode unlock remotely. This would keep users from accessing personal data without the code.
Another key thing that needs to be changed is the way users can interact with incoming messages that are sent to the device. In Kevin's experience, he tried several times to get the thief to call a specific number by sending it in the SMS-like messages that can be sent from the MobileMe site. The problem with these, however, is that as soon as you click on the big "okay" button to dismiss them, they're gone for good. Unlike SMS messages, which get stored on the device, the only record of these comes as a carbon-copied e-mail to your MobileMe account. They also do not allow you to copy and paste text, or click on a phone number to dial it.
So do these things kill some of the utility of the Find My iPhone feature? No way. There's plenty of room to expand on them, and despite the aforementioned shortcomings, I still think it's one of the most useful features of the service, if not one of the main reasons to invest in it. It just needs a few tweaks to go beyond the all-or-nothing remote wipe solution, and outsmart tech-savvy thieves who know their way around the settings menu.
Note: Updated language on the process of wiping user data from the phone.