2021-11-15
security
software
Recently I upgraded my phone - iPhone 8 to iPhone 13. Even though the experience is not bad, there are some gotchas you sould keep in mind when you prepare for such a thing.
Most of the process was pretty straightforward. I made a backup of th old phone and expected that when I boot up the new one I'll just restore this and be done with the procedure. Not so. During setup the new phone (reasonably) asked if I want to migrate from an old one (both running iOS 15.x by the way). Of course I do! So then there is a song and dance one needs to do - click here, hold the phones like that so the new one can "scan" the old one, hold them close to each other, etc. - and It took about 15 minutes to finish, and I was ready to go.
Almost. Not really.
On the old phone I got a message saying basically "we're done with everything, click here to wipe this phone". Doing so right then is a rookie mistake - one needs to verify the net toy before abandoning the old one. So, let's do that.
First, the fact that an application existed on the old phone is transferred - but the application itself is not. So I had to download all the apps that are no pre-installed, one by one, on the new phone. This is not very difficult - just realise there's a little cloud icon next to the app (like this but different), click, wait for download, easy peasy.
Second, applications also need settings, local data, sessions, passwords, whatnot that are stored in a local database. This is seemingly also migrated, but not in all cases, and not necessarily fully. In reality this means:
The podcast app I use (Overcast, which is by the way awesome) had the metadata about what podcasts I listen to and which episodes were downloaded, migrated over. The previously downloaded podcasts themselves were not copied over. That's not a biggie in itself, except some episodes that were downloaded already on the old device did not exist at their source any more (404). So I needed to listen to those on the old phone first. Oh well.
One of these is Google Authenticator. Back in 2018, the last time I wanted to do such a migration the answer was basically "cannot be done easily". This meant that if you had 10 different 2FA codes, you had to log in to those 10 sites, disable 2FA and re-enable them, this time using your new device. Quite a task; borderline impossible.
According to the discussion things changed around 2020 - for the better. Using Google Authenticator now there's a way to "copy" your 2FA items to a new phone: the old one makes QR codes that you need to scan in with the new one. Mind you, these are not the original QR codes you scanned, rather some kind of encoding of what's on the device at the time of export. If that doesn't fit into one code then you get multiple steps. But It Just Works (TM).
The ING banking app was one that was somewhat more difficult to deal with. The data from the old device is not migrated, and there seems to be no way of explicitly migrate either. Rather, I was asked to log in "as usual" which is weird already since the mobile app uses a different method. So it bounced me to the web login -- which needs the app to confirm the login as a 2FA method. So that was a bit circular.
Coincidentally, the web login form claimed I need to change my password right now, during this migration. Either I'm soooo lucky that I hit login just at the right moment, or this was some form of forced change. In either case it did not help because of the aforementioned circular dependency.
I decide to put this off for a while. The next day I tried again - and got into the procedure that lets me set up a new phone for banking like nothing existed before. This procedure asks for some non-public details so it's kind of okay. I'll never know what happened before and why this procedure kicked in. Ultimately, it worked.
As mentioned above, if by now I already gave in to the suggestion and erased my old phone, I'd have lost quite a bit of info or would have had a really hard time with some apps. I recommend only wiping your old phone when you're really done with the migration. You can also remove apps one by one, when you verified they work on your new device. This way you also have some indication of progress.
So far so good. Almost all of the above works if you're migrating while you still have your old phone in your possession and working. But take a moment and think about what you would do, and what you couldn't do, if you did not have the old one around. Like, it's stolen. Or has water damage. Or anything else that prevents you from using it.
How much of what you need your phone for could you not do any more?
By far the biggest issue is with 2FA codes. If you don't have some kind of recovery then all of a sudden you cannot even log in to those services any more. Going through a 2FA reset is a nightmare, if at all possible, for each service. I imagine it needs extensive conversations with customer call centers, submitting copies of IDs via email (sounds safe, right?), or just giving up.
So I strongly recommend you prepare for this in advance. With 2FA what you can do is to save (back up) the QR codes you are/were presented with when you enabled 2FA in the first place. Make screenshots and make sure you store these safely: either in some kind of encrypted storage (that is backed up properly!) or even print them out and file them. Many services offer you a list of one-off-use security codes; this is an alternative but only if you save them safely like with the QR codes.
For the codes you already use but do not have a backup for: I recommend you go back to the service, turn off 2FA and back on again, this time saving the QR / recovery codes.
Do this now. Future you will thank you.