Security Involving iOS

Almost every app, including Facebook, Twitter and email apps lets you login once and keep you logged in. These apps that are readily available at your fingertips on a device that has cellular or WiFi network access is what makes iOS and other modern smartphones so good. The convenience comes at a price though. If you aren't careful, terrible things can happen if your phone falls into the wrong hands.

Here's a couple of things that you can do to make your phone more secure, some on your device, some for internet accounts that you own:

Couple of things related to security for your iPhones, iPads and iPod touches:

1. Enable Touch ID

If you use an iPhone 5s, enable Touch ID. If you disabled it previously because it didn't work well enough, try again. A recent update iOS 7.1.1 includes improvements to Touch ID fingerprint recognition. It doesn't work perfectly for everyone, but if it does for you, using it comes at almost zero cost in terms of effort and time.

2. Enable Passcode Lock

If you can't get Touch ID to work or if your device doesn't support Touch ID, the next best option is to enable Passcode Lock (Settings app > Passcode > Turn Passcode On). It's understandably a hassle to have to enter a four digit passcode – if you disable Simple Passcode, you can have a longer passcode, and not limited to digits only – but depending on your usage pattern, it can be well worth the effort.

3. Enable iOS encrypted backup

If you sync with iTunes, enable encrypted backup. Email account passwords, WiFi passwords and passwords you enter into websites and some application passwords will only be backed up if encrypted backup is enabled.

4. Don't worry about viruses and malware

This might sound counter-intuitive in an article talking about security, but the design of iOS (a sandbox security model) as well as its current state (apps are distributed through the app store, tied to developer accounts created with Apple) means that viruses and malware [1] are unlikely and rare, if any.

5. Do not trust any app that claims to remove viruses and malware

Due to the iOS security model, it is not possible to create apps remove malware or virus scanners as we are used to on other computer platforms. Any app that claim to do this is likely to be lying and possibly malware themselves.

6. Be careful with granting permissions for access to address book, your location and photo library

iOS requires apps to prompt for your permission if they want to access certain private information such as your address book, your (or rather your device's) location, and photo library. Once you grant an app access to a certain item, the app will continue to have access until you disable it from within the Settings app > Privacy.

7. Realize the effect on security if you have email set up on your device

When you lose your device which has email set up, a thief can request to reset your password for most internet accounts via email. Which brings us to security questions.

8. Enable security questions

If a service allows you to set up security questions, enable them. Security questions is a feature that forces anyone who tries to reset their password to provide answers to several preset questions. These questions/answers should be personal and only known to you. Apple supports security questions for iCloud ID. Log in to My Apple ID to set them up.

9. Be careful with granting access to your Twitter, Facebook and Google accounts

Instead of requiring you to create a separate account, some services lets you login using your Facebook, Twitter or Google accounts. While this is convenient, it also provides another vector for your internet accounts, i.e. getting access to your Twitter, Facebook or Google accounts could mean possible access to your other internet accounts.

It's good to clean up which apps and services have access to your Facebook, Twitter and Google accounts. Visit these links and revoke access if you don't want those apps/services to be able to access your account anymore:

  • Facebook
  • Twitter
  • Google (if you have more than one Google account logged in, you can switch accounts by clicking at the top right of this screen)

10. Use a different password for each service

One of the best thing you can do security-wise is to use a different password for each service that you sign up. It's improbable to remember so many different passwords so you'll have to use an app like 1Password which also has an OS X version. 1Password also provides a tool for you to generate a long, harder to guess password string. In the event that you are lazy or it's really inconvenient to use a different password, at least make sure you never reuse passwords for critical accounts such as email services.

[1] Note that we are talking only about devices that are not jailbroken.


Want more articles like this in your inbox? Join our newsletter to receive free email updates, tips and tricks related to iOS & OS X.