Most iPhone users do not think very much about security. The iPhone is part of Apple’s closed ecosystem, helping to prevent viruses and malware from wreaking havoc. As the iPhone has grown in popularity, the smartphone has become more of a target by hackers and criminals. It is important that iPhone users immediately become more vigilant about smartphone security. Our tutorial covers the iPhone, iPhone 3G, iPhone 3GS, iPhone 4, iPhone 4S, and iPhone 5.
1. iPhone Software Updates
Apple upgrades the iOS software for the iPhone from time to time. Updates include additional functionality as well as security bug fixes. It is important that users apply updates immediately. Before iOS 5 users needed to connect their iPhones to a computer in order to update the smartphone’s software. Needless to say, this was inconvenient and led to many iPhones with obsolete software.
iOS 5 allows updates to occur without the iPhone being connected to a computer, allowing users to stay current far easier. We recommend all owners of the iPhone 3GS and the iPhone 4, upgrade to iOS 5 immediately. iOS 5 in fact includes many security fixes.
The original iPhone and the iPhone 3G cannot be upgraded to iOS 5, and should be updated by connecting to a computer as often as possible.
If you Jailbreak your iPhone, you need to be extra careful with regards to security as iOS updates are much more difficult for you. Be careful where you obtain your Jailbroken Apps as malware is much more prevalent.
2. iPhone App Security
Apple’s App Store reviews all submissions before adding them. All iPhone apps must be authenticated and signed which helps to ensure they haven’t been tampered with or altered. This helps prevent malicious apps from infecting the App Store. Apps are prone to security vulnerabilities, that are fixed by updates. Keep apps updated regularly and remove apps that you do not use. Regularly use the App Store app and select Updates. Apple has the ability to remotely remove malicious apps from your iPhone.
When installing new Apps, we suggest you install well known Apps with positive reviews, and avoid brand new Apps from unfamiliar companies. Give new Apps time to build trust and to allow others to help test the App for malware and security risks.
3. Suggested iPhone Settings for Security
Below are several suggestions for iPhone settings to increase security on the smartphone. One in three robberies nationwide involve cell phones, with a ratio estimated as high as one in two within the San Francisco area. Users need to protect their smartphones to prevent a complete disaster.
Enable Passcode, erase iPhone data after ten failed attempts
- Open Settings
- Select General
- Select Passcode Lock
- Select Turn Passcode On
- Enter a Passcode – Do not select an obvious passcode like 1234 or 1111
- Turn Simple Passcode off
- Enter a passcode – Do not select an obvious passcode
- Turn Erase Data on – Erases all data after ten failed passcode attempts
- Turn Siri off – Prevents Siri access when locked (iPhone 4S)
Ensure Encryption is Turned On. After you enable a passcode in iOS version 4 or newer and you have an iPhone 3GS or newer, the phone can use hardware encryption to encrypt the data stored on the phone.
After the passcode is set, scroll down to the bottom of the screen and verify that the text “Data protection is enabled” is shown. If this is not shown, do the following:
- Connect your iPhone to your Computer
- Backup your iPhone in iTunes
- Restore your iPhone in iTunes
- Check the Passcode screen for the “Data protection is enabled“
Prevent cookies from being accepted in Safari. Clear old cookies.
- Open Settings
- Select General
- Select Safari
- Click Accept Cookies
- Check Never
- Click Clear cookies and data
If you are not using any Bluetooth devices, disable Bluetooth to increase battery life and prevent security risks.
- Open Settings
- Select General
- Select Bluetooth
- Set Bluetooth to Off
Backing up your iPhone regularly is an important task. With iOS 4, you need to connect your iPhone to your computer in order to perform back ups. With iOS 5, you can easily back up using iCloud. Enable iCloud by doing the following:
- Open Settings
- Select iCloud
- Select the items that you would like iCloud to back up
4. iPhone Email Security
It is important that email accounts accessed from a smartphone are setup utilizing encryption when available. Many email providers including Google’s Gmail, Microsoft Exchange, MobilMe, AOL Mail and Yahoo Mail support SSL (secure sockets layer) when accessing their mail servers. If SSL is not used, your emails as well as your password can be read by hackers.
To check a Mail Account for secure SSL access, do the following:
- Open Settings
- Select Mail, Contacts, Calendars
- Select a Mail Account
- Click on Account
- Click on Advanced
- Verify Use SSL is set to On
If Use SSL is set to off, check with your email provider to verify their SSL support and enable it if possible.
Also, make sure your email account has been cleansed with a good spam filter. This is a basic requirement of any solid email provider. If your email vendor needs spam filtering assistance, consider accessing the email account via POP inside a Gmail account.
5. Find a Lost iPhone, Erase a Lost iPhone
Apple has an app that helps you find a lost iPhone by showing it on a map and optionally erase it or make the iPhone play a sound. This free service is a life saver and should be one of the first items installed. To enable Find My iPhone, follow these iOS 4 instructions or iOS 5 instructions.
Also consider creating a special graphics file with your emergency contact information that can be used as your lock screen. If you are having a life threatening emergency, people could still access this information. If your iPhone is lost and password protected, people could still contact you.
6. Using WiFi securely
When accessing a wireless network outside the home, exercise caution. Any information sent over an external wireless may be subject to eavesdropping. Unless you know the WiFi network is secure, we would recommend against connecting to it.
If you really want to use an unfamiliar wireless connection, limit usage to non-critical apps, email, and web. Do not e-mail, online shop, online bank, or online trade from public wifi hot spots or cyber cafes. Many of these locations provide little to no security and are prone to snooping or malware.
The iPhone can remember wireless networks by name and automatically log into them. This convenience function turns into a security problem because the iPhone will automatically send the same password to a wireless network of the same name. So if you name your wireless router, Linksys, if you encounter another wireless router with the same name, the iPhone will automatically use the password. A hacker could exploit this to obtain your wireless router’s password. We suggest you do not enable any automatic joining to wireless networks. The iPhone is very good at transparently switching from a cellular data network to a WiFi wireless network.
When accessing the Internet on a smartphone or tablet, using the built in 3G/4G connection is a lot safer than connecting via a local wireless internet hotspot. This warning applies to both apps and mobile internet browsers.
The safest way to use a public wireless network is by employing a VPN (virtual private network) which securely tunnels all of your iPhone’s traffic through a secure server. There are many paid services that sell VPN access.
Disable WiFi when you are not accessing wireless networks. This will extend your battery life and increase security.
7. Secure Browsing with Safari
Force websites to use secure connections – It is important to utilize secure connections or HTTPS whenever possible. Several large websites have configuration options to force these secure connections. Here is more information on configuring HTTPS with: Gmail, Facebook, Twitter, Google. Google.com defaults to HTTPS if you are signed into your Google Account, if you are not, just manually add the s after http to force a secure connection ie - https://www.google.com
Use a password manager to create, use, and store passwords for websites. See our password manager guide for details.
8. Careful Link Clicking and Attachment Opening
As we have learned on computers, clicking on links in email can lead to viruses or malware being installed. We need to take the same precautions and more, on an Apple iPhone. Avoid clicking links in email, text messages, and websites that are unfamiliar to you.
Email attachments require the same amount of caution. Only open attachments when they are expected. Avoid opening your email provider’s spam folder and do not open any attachments in your spam folder.
9. iPhone Anti Virus and Internet Security Software
iPhone anti virus software exists but due to the secure iOS design, cannot scan files automatically or run scheduled scans. Users have to manually tell an anti virus or Internet security App to scan files. Intego makes anti virus software VirusBarrier iOS App ($2.99) for the iPhone, iPad, and iPod Touch.
Symantec makes a free App called ThreatCon which keeps you up-to-date on the threat landscape.
Kapersky Lab makes a free App called Threatpost that quickly displays articles from their security news website.
10. iTunes Password and Payment Option
It is important to select a strong password for iTunes. Read our article How to Create, Store, and Use Secure Passwords.
If a hacker obtained your iTunes password, they could drain your credit card with purchases. We recommend you remove all payment options after having created your iTunes account. iTunes only requires a payment option when creating a new account. We prefer to add iTunes money by purchasing a pre-paid iTunes gift cards.
11. Turn off Diagnostic Log Sending
Apple used to use Carrier IQ before iOS 5, so make sure you turn off this feature. To turn off sending of diagnostics data to Apple do the following:
- Open Settings
- Select General
- Select About
- Select Diagnostics & Usage
- Click on Don’t Send
12. Malicious QR Codes
QR codes are appearing in print and all over the place. Be aware that malicious QR codes that lead the user to download malware have been found. Be sure you check the link the QR code points to before using it.
We have covered many ways to improve your iPhone security. Utilizing our tips will help significantly improve the already good security of the Apple iPhone smartphone.