So you’ve got a new iPhone or iPad, or perhaps even an iPod touch; maybe it’s your first, or maybe it’s an upgrade from an older model. Security and privacy issues on these devices are arguably even more important than they are with Macs, because, especially with iPhones, you take them with you wherever you go. There are many potential threats to your security, your privacy, and your identity, and there are a number of settings you can use to protect yourself when using these devices. Here are 9 settings you should activate on your new iOS or iPadOS device right now.
A secure passcode
When you first set up your iOS device, you are asked to create a PIN. If you’ve upgraded from an older device, you may have only had a four-digit PIN on the previous device, but Apple now prompts you to set up a six-digit passcode. But you’re not limited to digits: you can (and should) set up an alphanumeric passcode, just like any password. It will take a little longer to enter, but if you use Touch ID or Face ID, you won’t need to enter the password very often, and your device will be a lot more secure. This article contains a good explanation of your options with passcodes, and how to set up a more secure one.
Touch ID and Face ID
Depending on which device you have, you may be able to use Touch ID or Face ID. Both of these are very secure methods of authentication, and Face ID is notably a lot easier to use. You don’t need to use them, however; if you prefer only using a passcode—which you are required to set up in all cases—you can do so.
If you use Touch ID, you can set up multiple fingerprints: I have the index fingers of both hands, and both of my thumbs, set up on my iPad that uses Touch ID. (Go to Settings > Touch ID & Passcode to do this.)
With Face ID, you can set an “alternate appearance,” which is good if you often wear sunglasses or other accoutrements that alter your appearance significantly. And you can activate “attention” features, so you have to be looking at your device, and you have to be making small movements; this prevents anyone from unlocking your device when you’re asleep by holding it in front of your face.
With both Touch ID and Face ID, you can choose whether to use these features for such purposes as: unlocking your device, authorizing a purchase in the iTunes Store or App Store, paying using Apple Pay, and autofilling your saved passwords. I leave all of these active, but you may want to turn off some of them. If so, you’ll need to enter your passcode more often.
If you leave your iPhone or iPad on your desk at work, and it doesn’t go to sleep quickly, it may be accessible to others, who can pick it up and view your data (or use your device to impersonate you, among other things). In Settings > Display & Brightness, it’s a good idea to set the auto-lock delay as short as possible, within reason. I have mine set to 1 minute, because 30 seconds is a bit too short. Remember that if you do leave your device unattended, you can always press the power button to lock it before you walk away.
Siri can be very useful, but if Hey Siri voice activation is on, anyone can talk to your phone and potentially glean some information from it. They can make calls, send messages, and more. It’s a good idea to turn off Hey Siri and just use it when pressing the side button on your device. You can do this in Settings > Siri & Search. Similarly, you can choose whether or not you want Siri to be activatable while the device is locked.
A quick fix you should make is to hide notification previews on the lock screen of your device. Go to Settings > Notifications, tap Show Previews, then set it to Never or When Unlocked. If you don’t do this, anyone can see previews of your notifications if they can view your device. For example, they can see text messages, see who’s calling, see calendar event notifications, and more.
If you’re in a crowded place, such as a train or airport, there will be lots of people with iPhones and iPads. And in these locations, sometimes people will try to send files to others using AirDrop. These files can be malicious, and can be dangerous. To prevent this from happening, go to Settings > General > AirDrop, then choose Contacts Only. This allows people in your contacts, but not strangers, to send you files or links. If you’re in a meeting with a group of people, and need to share items, you can temporarily set it to Everyone, but you shouldn’t leave it like this permanently. You can also choose Receiving Off, if you never use AirDrop with friends, colleagues, or family members.
Many apps need your location to work correctly; for example, you can’t get an accurate local forecast if your weather app doesn’t know where you are. In Settings > Privacy > Location Services, you can choose, on a per-app basis, whether you want it to be able to access your location information when using the app or never; for some apps, you can allow location access always, so apps can update according to where you are. This is the case for weather apps.
Some apps will record your location just to share data with advertisers. Go through the list and consider which apps have a logical and legitimate need to know where you are. Most don’t.
In Settings > Privacy, you’ll see a number of entries where you can block or allow access to certain parts of your iOS device to different apps. For example, you can choose which apps can access your contacts, calendars, reminders, photos, and more. And which apps can use hardware such as your microphone or camera. You should go through each of these settings and check that the apps that have these permissions really need them, to prevent apps from collecting personal data, or even listening in on you or filming you.
Bluetooth is a short-range communication protocol that has been exploited many times to deliver malware to devices, or to attempt to block them with denial of service attacks. If you don’t need to use Bluetooth, you should turn it off (Settings > Bluetooth), but you may not be able to do so. If you use an Apple Watch, your phone needs Bluetooth to communicate with the device. AirPods are Bluetooth headphones, and you may have speakers or other headphones that use Bluetooth. But if you don’t use any of these devices, turn it off.
Back up your iPhone and iPad
To protect yourself from data loss, you should back up your iPhone and iPad regularly. We have a detailed article discussing whether you should back up your devices to iCloud, or to your Mac (using iTunes, if you’re running macOS prior to 10.15, or the Finder if you’re running Catalina). In any case, you should have regular backups to ensure that you don’t lose data. See this article for more on backing up your devices.
There are a lot of settings in iOS, and going through these basic settings allows you to make your iPhone or iPad much more secure. Take a few minutes and check that your settings are the way you want to protect your data, your security, and your privacy.
How can I learn more?
To learn more about iOS security features and how to implement them, I recommend the book Take Control of Home Automation, by Josh Centers.
Also subscribe to our e-mail newsletter and keep an eye here on The Mac Security Blog for updates.