I need to disable Find My iPhone function for the period of repair at Apple's authorized repair partner (which will last several days).
Can it impose any security risks to the on-device data and/or the accounts I logged into with the device?
I am not asked to disclose iOS passcode; I will disable FaceID unlock; all lockscreen features (entire Settings > FaceID > Allow Access when Locked section).
What else should I consider configuring? What risks can still remain?
Best Answer
Find My iPhone Activation Lock was introduced in iOS 7 as a way of preventing stolen devices from being reused by later purchasers. But as far as security risks, Apple (let alone anyone else) cannot re-install the iOS operating system with the Find My iPhone Activation Lock enabled. Also even after that, it has to be "Activated". This involves a secure connection to Apple servers to be established which allows Apple to determine the physical device identity, and to see if that device is associated with a certain Apple ID (and such association is applied by enabling Find My iPhone) or not.
If Apple has to replace your device with a different one, it makes good sense to disable Find My iPhone before taking the device from you. This allows them to recycle the device (especially the mainboard) if they replace your device. Also, it allows them to provide that new replacement a similar serial number compared to your current device without Find My iPhone preventing them from inactivating your device from their system. With Find My iPhone enabled your device becomes blocked on the Apple servers and the repair chain that it becomes a part of gets broke. With Find My iPhone off it allows the new device (the replacement) to re-enroll for activation under any account.
As for your data, erasing the iPhone can fix that. If your Apple Account is using two-factor authentification, you should have a list of trusted numbers and trusted devices. As long as you have access to all of those devices and that number, not even Apple or law enforcement can gain access to your account.
Even if they erase your iPhone the system won't allow the device to be used by Apple or another user with the Find My iPhone activation lock enabled. Without the original owner's login details it becomes an expensive brick.
This is why stealing someone's device isn't worth the trouble because unless you know the account login, you can never use the device.
Hope this answers your questions.