Skip to content

Instantly share code, notes, and snippets.

@pvraj

pvraj/README.md

Last active October 7, 2025 18:28
Show Gist options
  • Save pvraj/777fb6078625a65b0a7f1c46fe891f02 to your computer and use it in GitHub Desktop.
Save pvraj/777fb6078625a65b0a7f1c46fe891f02 to your computer and use it in GitHub Desktop.
Download ZIP
Derisking an unsupported/outdated Apple Watch for offline-only use
Raw
README.md

Derisking an unsupported/outdated Apple Watch for offline-only use

Purpose

An old Apple Watch Series 4 no longer receives security updates; the last I can see here was 10.6.1. Over time this leaves the watch open to more unpatched vulnerabilities that later models are patched for. But we can still make use of the unique hardware (heart rate, EKG) and fitness tracking features to get utility out of the device. This post describes how I reduced security risks on my watch to give it new life.

The TLDR:

  • remove the apple watch from your current/personal Apple ID, unpair it from your personal iPhone, and factory erase it
  • create a dummy Apple ID; use an old throwaway iPhone that has been factory erased; pair it to the watch; do the 1 time setup for EKG
  • Keep wifi/bluetooth/location services off; keep the watch in airplane mode

Examining our options

Repurposing an old computer is simpler than an Apple Watch. The Apple Watch is much more locked down so our options are limited:

  • Install alternative operating system?: For an old intel Mac, you can simply install Linux on a separate partition. Unfortunately (from my quick searches) there doesn't seem to be any alternative operating systems (nor a way to install them) for the watch.
  • Sign out of internet accounts?: Unfortunately, the watch seems to largely mirror the iPhone. You can't (from what I see) sign out of internet accounts in mail, or sign out of your Apple ID at all. The settings for those apps just show the ability to customize or mirror iPhone notficiations.
  • Remove sensitive apps/data?: The ability to delete apps is limited; some apps like Messages and Mail that are built in cannot be deleted at all!

These last 2 points mean you are effectively stuck with data from these apps that may be sensitive

Goal / Constraints

  • No personal data on the Watch.
  • No connection to my real Apple ID or currently used/carried around iPhone.
  • No network connection/turn off radios
  • Still able to use EKG, heart rate, and workout/fitness tracking.

What You Need

  • A factory-reset old iPhone: This is the biggest obstacle, since most people probably don't have a second working iPhone around. Having to have an iPhone to setup a watch is a major limitation
  • A throwaway Apple ID just for this setup: I made a free icloud email address on the reset iPhone
  • one time phone number to receive a code: I prefer not to send out perosnal information to a device that should not need it. However, when setting up the free iCloud email address on the old iPhone, it forced me to have a number for verification purposes. I used a throwaway number from an online phone service

Steps

  1. Erase and unpair the watch from your personal/current iPhone.
  2. Factory reset a seconde (unused) iPhone and create/sign in with a throwaway Apple ID. You can use an iCloud email address
  3. Pair and set up the watch with the old iPhone.
    • You have to use the iPhone to setup the EKG appp for the first time. I don't remember if you also need it for the heart rate app to work.
  4. On the Watch:
    • Turn off Wi-Fi and Bluetooth
    • Turn on Airplane Mode
    • Disable Continuity, Walkie-Talkie, and Location Services to limit radios.
    • Enable Low Power Mode since your battery is probably quite degraded at this point (note: this may affect fitness readings, but I don't remember the details of it)
    • Add a complex long password to the watch
    • Make sure the watch auto-locks when its not on your wrist
  5. Put away the old iPhone.

Output

The watch now works as a standalone, offline fitness/heart monitoring device. It is not connected in any way to the personal/current iPhone you are carrying around; and doesn't have at risk personal data on it if it is compromised, lost, or stolen

Optional: Find My

  • If you're leaving somehwere and want to have some capability to find the watch, you can turn on location services and keep wifi/bluetooth on and enable Find My. Even though ithe watch is not connected to your current iPhone; nor connected to any public wifi networks or paired to devices over bluetooth; it does send out information over the Find My network over bluetooth that can be used to find the device
  • Warning: this reopens the attack surface through wifi/bluetooth, so you have to determine if the tradeoff between convenience/security makes sense for you. I recommend keeping it off.

FAQ

Q: Will the Watch’s clock drift in airplane mode?

  • In my testing, 10+ days in continuous airplane mode showed no noticeable drift. So it seems safe to leave disconnected for long stretches.

Q: Do I ever need to reconnect the old iPhone?

  • Only if you want:
    • To sync EKG/health data into the Health app on the old iPhone (it's also a way to see the data on a larger screen)
    • Some changes may be easier to make in the iOS Watch app

Future

  • I am interested to see if anyone gets some kind of alternative OS like Linux running, but given how locked down the watch is, I wouldn't hold my breadth
  • I am interested in using it in the future to send commands to an old iPhone-based robot. More to come in the future
  • What I would like to see from Apple:
    • Longer support for security updates would be nice to see from Apple. Their history here isn't great; they even sold the Apple Watch 3 for months after giving it its final security update!
    • The ability to use the watch without an iPhone and without an Apple ID. A device like the watch with health related sensors should still be able to be used essentially as an embedded system. Limited ability to re-use the device also just contributes to more electronic waste
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment