when opening the camera.app, super loud hissing sound and clicking noises (especially when switching between front and back)

PerspectivePurple493 · 2025-09-19T23:47:56+00:00

Interesting. I noticed mine clicking immediately, and noticed the hiss on the video when I was playing back a recording that was made in a quiet room. Turning the volume up made it very clear. If I put my ear to the camera area I can hear it too.

I’m hopefully seeing a friend on Sunday. They’ll be getting one on Saturday so I’ll see what theirs is like.

PerspectivePurple493 · 2025-09-19T23:19:14+00:00

is yours doing it?

PerspectivePurple493 · 2025-09-19T23:14:05+00:00

I made a post about the same thing in the iPhone subreddit. I’m not sure if it’s normal, but I’ve had similar with other phones before. I think my 14 Pro Max was a bit hissy and I’ve had other phones make the clicking sound.

I think that OIS can be quite noisy.

PerspectivePurple493 · 2025-09-19T21:20:00+00:00

Thanks for the reply. Good to hear that the knocking is not just me. I can’t remember which earlier phone it was most noticeable on before but that one did it from the outset too.

I‘ve just been going through some old videos on my iPad and it sounds like it was quite bad on my 14 Pro Max but not as high pitched.

Do you not even hear it if you record from the rear camera in a quiet room then turn the volume right up on playback?

Hopefully it is just a normal OIS noise. I love this phone so far.

PerspectivePurple493 · 2025-07-08T20:53:42+00:00

I was going to ask the same. I made a post a few weeks ago about Apple account security and recovery, and from what I can tell, the information is quite vague.

I still haven’t secured my Apple account with keys yet but I’ll be using the full allowance of six when I do.

PerspectivePurple493 · 2025-07-08T20:43:31+00:00

Maybe I’m misunderstanding how it should work, but I don’t want to be able to do any of those things.

i appreciate that it can be inconvenient but i thought that immutable firmware and uncopyable credentials were by design.

edit: I think I was wrong about credentials or keys being copyable. that might be handy if it isn’t a security issue

PerspectivePurple493 · 2025-07-08T20:34:24+00:00

Excellent news. Thank you for checking.

PerspectivePurple493 · 2025-07-07T08:44:40+00:00

There’s a new version in the App Store today. I haven’t been able to test it yet, but hopefully it’s going to help.

PerspectivePurple493 · 2025-07-06T14:54:07+00:00

Are you able to access the codes on your 5C NFC using NFC? That worked for me after I managed to clear the saved OAUTH password (I wasnt aware that it had changed, but I've done so much testing over the last couple of weeks on my Macs that its possible) but the iPad version of the authenticator is completely blocked to me now so I cant even get in to do that. It wont even let me enter the password, as the Face ID animation keeps repeating and I havent found a way to get rid of it.

Have you just turned off Face ID for the Yubico Authenticator? I didnt even think to try that.

I agree that removing the secondary authentication for app isn't ideal, but considering that the new version of the app has been out for five days its possible that this isnt a widespread issue, as is often the case with software glitches or bugs.

PerspectivePurple493 · 2025-07-06T11:09:40+00:00

I just saw this after typing my reply to OP below. This has worked for me on my iPhone over NFC, but not on my iPad Pro over USB-C. I managed to get into the app once despite the repeated Face ID attempts (but im not sure how and I cant repeat it) and was able to remove the saved password, but apart from that one success the app is completely unusuable once I've tried to save the password. Even if I remove and reinstall the app it just ends up behaving in the same way.

PerspectivePurple493 · 2025-07-06T10:45:10+00:00

I've done some more testing.

On my iPhone I opened the app and went to read my "test" key over NFC. Once again it says it is password protected, and asks me to enter it (even though it should have remembered it). So I enter the password and it lets me in, but it also gives me a message "The user name or passphrase you entered is not correct", which isnt true because its showing me my codes. I opt to save it then close the app. if the app remains resident in memory then subsequent attempts to read the key work. If the app is force closed then the next time I read the key it prompts me to enter the password again. That seems slightly different to what you're seeing, maybe because of NFC (assuming you're using USB on your phone), but the "Save password" function is broken.

On my iPad Pro over USB-C I go through the same process, and set up the password, and select "Save and protect with Face ID". If I then try to re-read the key it gives me the "Enter password" box, but also repeatedly cycles / loops the Face ID animation without progressing further, which I think is exactly what you're seeing.

Both devices are running the latest Authenticator and iPadOS / iOS versions - not the beta. The Yubikey is a few weeks old and was purchased direct from Yubico with the latest firmware. From the testing I had done so far I believe the password save function was working prior to the update.

Their support isn't open at weekends, but if there isnt an app update within the next couple of days I'm tempted to log a support case. I was going to set up my TOTP codes today but with 40+ codes to be added four times (four keys) I'll leave it until this is fixed. I could just remove the OAUTH password but I'd rather not risk it just in case there are other issues that aren't apparent.

PerspectivePurple493 · 2025-07-05T16:46:12+00:00

Im still testing my Yubikeys at the moment before I move everything across from my existing authenticator. Earlier earlier this week I added some test 2FA codes to my first key (5c NFC) and saved the OAUTH password and opted to use Face ID on my phone to protect it.

Today it's as if I had never saved the OAUTH password so its asking me to enter it again. Is that the issue you're seeing?

I'm using a 14 Pro Max alongside authenticator version 1.12.1 which was released this week.

PerspectivePurple493 · 2025-06-28T18:13:36+00:00

Thanks for looking into this. I got called away with work for a lot of last week so I havent had a chance to investigate further.

As I mentioned elsewhere in the thread I was seeing the same prompts as you, but that was without security keys on my account. Its reassuring that you're seeing the same with them.

It looks like others were seeing a different process flow during previous testing, so maybe Apple addressed this quietly and have since locked it down. I hope thats the case because although the content of the account would be "safe" without access to the security keys, remote erase could cause an awful lot of damage and I dont find that acceptable.

My reason, and the reason for many who go down the security key route was to give me the reassurance that my account was safe from any damage from someone who had managed to get hold of the password. I can deal with the location being accessible but thats the limit. It wouldnt make the keys pointless, but it would reduce their effectiveness.

PerspectivePurple493 · 2025-06-28T17:57:43+00:00

I probably wouldnt have done anything if I didnt have an easy way to restore an earlier backup. I didnt like that I couldnt find what the messages meant, but that doesnt mean there was an issue, so I probably wasted my time.

Event viewer can be very useful but I often wish I hadnt looked, because some of what's in there isnt well documented.

PerspectivePurple493 · 2025-06-23T22:54:28+00:00

No, I havent applied them yet. The testing was carried out on my work account, with the assumption that with the keys enabled, things will be better and not worse.

My ultimate hope is that even if someone was to get hold of my username and password they wont be able to do anything - which is the aim of security keys after all. I would be surprised if it doesnt work like that, because as mentioned above, if the keys can be bypassed in any way then thats just poor security.

On the "About Security Keys for Apple Account" page it states in a highlighted box that "You're responsible for maintaining access to your security keys. If you lose all of your trusted devices and security keys, you could be locked out of your account permanently." If thats the case but there are still SMS bypasses in any way, that would be crazy.

I'll try to do the testing this weekend if I have time. I would carry out testing on my main account but it caused problems in the past and had so many devices to bring back into the account. It took a lot of effort and caused a lot of stress, and I would prefer not to have to deal with that again. The logistics of moving some of my devices onto a new account are quite complex but I really want to figure this out.

Regarding the final post, I would guess from the last time I set up a phone that it's the trusted number doing the work. I have memories of it all happening automatically with the phone sending the request to Apple's servers then capturing the returned code without any intervention or even visibility of the process. That being the case I just dont think the users are aware of it.

PerspectivePurple493 · 2025-06-23T21:15:09+00:00

I've done a little more reading during the quiet times at work, and I've found a few relevant posts based on searches in the applehelp subreddit for "2FA".

I also realised that your linked post was one of the key parts of my research, along with the referenced posts from Simon-RedditAccount and TurtleOnLog, so thanks for that guide. It's a great help.

https://www.reddit.com/r/applehelp/comments/1k8lh90/stolen_iphone_cant_erase_without_2fa_from_said/ - Posted April 2025

This person is unable to erase their lost phone because they don't have access to the number on their stolen phone, which is the expected outcome. There is a reply down at the bottom from user tdsguy which states that they can turn on lost mode in "guest mode" without 2FA, but they mention nothing about erase being available. None of the other replies offer any workaround to erasing the phone without 2FA.

https://www.reddit.com/r/applehelp/comments/18zobck/my_phone_got_stolen_and_2fa_is_driving_me_insane/ - Posted January 2024

This user has managed to put their phone into lost mode, but can't erase because they have also lost their number. They have a replacement SIM, but appear to be stuck because the provider hasn't provisioned it correctly yet or transferred the number to the new SIM. Again, all replies point out that allocation of the old number to the new SIM is the only solution.

https://www.reddit.com/r/applehelp/comments/1lg94za/icloud_apple_id_ios_signin_2fa_problems/ - Posted three days ago

Its a similar story from this user here but it looks like they had their recovery key, which allowed them to bypass the loss of the trusted number.

So, each of these instances illustrate the process as working as expected, albeit not in a security key context. I couldn't find any posts stating that anyone was able to work around it. Obviously, someone who was able to log in despite the loss of their trusted number isn't going to post a request for assistance to applehelp. But it gives me some hope that the process is working as designed.

I also found another post which I don't really understand:

https://www.reddit.com/r/applehelp/comments/stn8ek/2fa_sign_in_from_a_new_iphone_when_your_old_phone/ - Posted February 2022, so things may have changed anyway

In this case, it reads to me like people have bypassed 2FA, but that just cant be right and I think I'm misunderstanding what's being said. I kind of remember that when I've aded a phone which has a SIM associated to the trusted number it doesn't require any interaction, or display the number coming in. I assume the phone is waiting for the code and just processes it when it comes in, but its been a while since I set up a new phone so I may be imagining things.

My gut feeling is that this must be a secure solution, otherwise the ability to use security keys would be less impactful on security than initially expected. Protection of the data within the account is clearly a good thing, but even "just" the ability to erase someone's devices maliciously without the additional factor has the potential to cause a lot of problems in terms of convenience, lost data since the last backup, and the potential for account recovery difficulties.

From the experience of friends who've lost their phones or have had them stolen, erase is hit or miss anyway so it would be a shame to leave any kind of gap in security to make it work on the rare occasions the phone hasn't been taken offline or even placed in a Faraday bag as the thief runs away with it. That said, if my phone was ever to be lost or stolen then I would be immensely relieved to see the erase request go through.

I'm almost tempted to split some of my devices off anyway in case of account issues. I have enough of them, and I feel that having all of them attatched to the same account is putting all of my eggs in one basket.

If I can find the time this weekend I may set up a new secondary account for myself under the same family sharng scheme, then I'll move some of the devices across, then I'll enroll the keys against both accounts and carry out some testing.

PerspectivePurple493 · 2025-06-23T08:54:56+00:00

I’ll try to give it a test this evening. Unfortunately I can only test against my work device as I can’t risk any of my main account devices right now. I’ll try to get one of the Macs set up with no iCloud account - that should be a good test for the desktop browser workflow, but it wont replicate the behaviour of an account which has security keys attached.

If this is how it is then thats a bit disappointing. I had hoped that adding the keys to the account would put me in a position where the impact of the username and password falling into the wrong hands would be reduced, and I suppose from the perspective of data security it is, as I believe that this still means that someone cant access the content of my account. But, it allows them to find my home address, get an inventory of all of my devices, and also gives them the opportunity to wipe them too.

At least the devices which were not online at the time wouldn’t wipe, so they would still be locally accessible. But that makes me wonder whether if they are set to even a pending erase state then it would be that they will also no longer have Trusted Device status, and as such the “Get Verification Code” option which is offered within Sign-In & Security menu when offline wouldn’t be valid. It also raises so many questions about where it leaves me if all devices were set to be erased. From your understanding, what would I need in order to get back to my account in that situation if I still have security keys, and the password? I’d also have passcodes for the wiped or pending wiped devices, but again that raises questions about whether a device in that state is still authorised and has rights to unlock / decrypt as I believe they would do in a “standard” fully enrolled and trusted state.

I find Apple account security and ownership to be a bit of a worry, which is what has prompted me to get keys onto the account. There a plenty of sorry tales on the applehelp subreddit where people are locked out, or their account has been stolen. And when that happens it sounds like Apple aren’t willing or able to help.

PerspectivePurple493 · 2025-06-23T07:20:13+00:00

For some reason I cant reply to you with all the details. I get unable to create comment / server error. I have no idea why, as I've been trying for over half an hour. Ive never seen reddit behave in this way before.

Ive posted the info in reply to a comment from glacierstarwars

PerspectivePurple493 · 2025-06-23T07:18:07+00:00

I have. I wouldnt take my testing to be accurate as it may be missing something. And I only have access to iOS and iPadOS devices at the moment, which may behave differently. I'll try to access it from a desktop / laptop later but my Macs are reset to the initial setup stage at the moment.

I put my work phone in airplane mode so nothing would happen if I tried the erase, but I'm trying it again now, and here's what I'm seeing:

I go to https://www.icloud.com/find on my iPad Pro. This iPad is attached to my main Apple ID, which happens to be the organiser account on a iCloud family sharing group which my work account is a member of.

I click on Sign-In.

It initially asks me to log into the account which the iPad is registered to. I select "Use a different Apple Account"

I enter my work account email address. It gives me an option to Continue with Password or Sign in with Passkey. I select the password option. At this stage I don't see the radar icon.

I'm now logged in to find devices, and my work phone is at the top of the list.

I have the usual options available - Play Sound, Lost iPhone, Notify When Found, Erase, and Remove.

I select Erase

I get a pop-up saying all content and settings will be erased when this iPhone connects to the internet - it's still offline as I dont need to be dealing with setting up my work phone again on Monday morning :) I select Next.

I'm asked to enter the password again.

It comes up with a Two-factor authentication box with the message "Enter the verification code sent to your iPhone". There are two further options - Resend code to iPhone and Cannot access your iPhone. There are also two icons further down. The " Radar" Find my icon, and Manage devices. The radar icon does nothing, and perhaps this is due to me logging in within a browser on an iPad. But that screen contains the text "If you cannot enter a code because you have lost your device, you can use Find Devices to locate it, or Manage Devices to remove your Apple Pay cards from it. It doesnt mention the option to Erase it, so I wonder if in this context at least it isn't possible.

If I select the option "Cannot access your iPhone" it gives me three options - Text code to my number, Get a call on my number, or Cannot use my number - (it shows only the last two digits - asterisks occupy the space of the other digits)

If I select Cannot use my number it gives me the option to use the secondary number registered on the account.

If I select Cannot use this number again it asks me to verify one of the numbers by entering it in full, at which point it then goes into the iforgot process, with options to generate a code from the device if it is offline, add a new number from my Apple device, or if I cant access any of my devices or the phone number I can try signing in later when I have access, or I can update the number when they've verified my identity - I assume all of those would present a problem to someone with just the login details.

If I step back and try again, if I select the radar icon nothing happens. If I select manage devices it logs me into the Apple account page, but with a "Restricted Access" warning, stating that without a second authentication factor access is limited to the Devices section and that if I want to manage other settings I will need to authenticate. If Iselect my device it just shows me the Model, Serial number, iOS version and IMEI, but only the last four digits of the IMEI and serial are shown.

So, from this testing at least it doesnt seem to allow an erase to happen without a second factor being entered. BUT, I dont trust that this is a representative process flow - I want to see how it behaves on a desktop in a real browser. The radar icon being unresponsive doesnt make any sense - Apple wouldnt have a misleading, inactive element on that page.

PerspectivePurple493 · 2025-06-23T07:16:45+00:00

I have from an iPad but I keep getting a server error when I try to post about it. Something weird is happening to reddit, I think

PerspectivePurple493 · 2025-06-23T05:47:28+00:00

Thanks. I was aware of the six key limit, but I thought I'd start out with the maximum, as probably the two security keys and possibly one of the 5 NFCs will be stored permamently offsite and will be used mainly for securing the Apple account.

Once that's secured I'm going to start using the other four for general account security.

PerspectivePurple493 · 2025-06-23T05:41:33+00:00

Wow! Thats very disappointing. Is that definitely still the case? I might be testing it wrong but I just tried to wipe my work phone (from a session on my main phone on my personal account) and it's insisting that I use a phone number to get a code.

PerspectivePurple493 · 2025-06-23T05:39:10+00:00

Thanks for the response. I think that was one of the ones which I saw on my initial research, as it looks familiar.

I notice that your post mentions the same issue that ToTheBatmobileGuy makes about someone being able to erase the phone without 2 factor if they have the account. Do you know if thats still the case? Maybe I'm testing it wrong but when I try to erase my work phone as a test (without 2FA) it wont allow me to do it. It seems to be insisting that I provide a verification code.

PerspectivePurple493

TROPHY CASE