MACH37 Cybersecurity Guide: iPhone Security

Key Takeaways

  • Mobile devices contain a large amount of personal data and are increasingly becoming the target of cyber attacks.

  • Apple has done a good job securing iPhones, but there are settings you can change to enhance security and even more ways to improve privacy.

  • By changing the way you authenticate, changing app privileges, and limiting ad tracking, you can limit who sees what data.

When people think of cybersecurity they don’t normally think of the iPhone sitting in their pocket. They think of servers, hard drives, PCs, you know, techy stuff. People don’t consider how much personal data is sitting on the device in their pocket and they also don’t know that mobile cyber attacks are increasing in popularity. This post will serve as a guide to secure your personal mobile device. A lot of it is geared towards iPhones, but it should be really easy to google the equivalent process on an Android.

The good news is that Apple built iOS to be as secure as possible. The normal security steps for a PC, like installing antivirus software, is actually not necessary, and you can’t even find such apps in the App Store. This blog will cover all of the setting modifications you can make to increase your security AND privacy when it comes to using a mobile device.

Keep in mind that security decisions (sometimes) are a tradeoff with convenience. Your security / convenience preference is a personal choice. The important thing is to make that choice consciously. Some practices explained in this post should be used by everyone, but you do not need to implement everything mentioned in this blog. The idea of this post is to show you what can be done, and you can decide based on your desired security level what to implement.

Authentication

Let’s start with the first line of defense, unlocking your phone. 

Passcode

  • Turn on your passcode (if you haven’t already) and add a secure password of 6+ characters. Don’t use a repeating code like 111111 or simple incremental code like 123456. 

  • Consider shortening the time for your phone to fall asleep to minimize the amount of time the phone is unlocked after use.

TouchID / FaceID

Many privacy fanatics believe that using TouchID (using your thumbprint to log in) is a bad idea. This is a textbook example of the tradeoff between convenience and security, so make your informed decision.

  • A thumbprint can be compelled by law enforcement as a search in the United States, whereas a passcode is protected by fifth amendment self incrimination protections. If you’re an activist or concerned about US law enforcement search of your phone, disable TouchID.

  • Thumbprints can also be taken while you’re sleeping or otherwise incapacitated, where passcodes cannot.

App security

The main steps for maintaining good security practices for apps on your phone is to make sure they are legit and limit their permissions to only what is needed:

  • Only download apps from trusted sources. Because all apps are checked before they’re allowed into the App Store, there’s almost zero chance of it containing a virus. The Google Play Store (for Androids) has a much less rigorous screening process, so be more careful downloading from there.

  • Check your app permissions and use the “rule of least privilege” to delete what you don’t need or no longer use.

  • Learn to just say “no” to privilege requests that don’t make sense.

  • Enable automatic app updates in your device settings or when they pop up, because having the most up-to-date software doesn’t just make things run smoother—it helps keep you patched and protected against ever-evolving cyber threats.

  • Many apps allow the option to add passcodes or TouchID inside the app. Imagine a situation where you give your phone to someone (like a curious 10-year-old nephew who wants to play a game) — is there any app you wouldn’t want that person to access?

  • Go to Settings -> Privacy -> Contacts to see which apps can access your contacts. This could be more than you want. You can remove their access there too. 

Don’t Jailbreak

Jailbreaking your smartphone means that you have complete control over your smartphone, avoiding the manufacturer’s restrictions. So on an iPhone, for example, that means you’ll be able to use apps from places other than Apple’s official app store, plus make any tweaks to your phone’s iOS. However, with this freedom comes lack of security. In fact, when you jailbreak your phone, you’re basically taking down all of the security measures that the manufacturer has built into their smartphones. Jailbreaking also removes the smartphone’s virus protection, plus, you won’t be able to easily update your software, which could lead to further problems down the line.

More privacy protection

People looking for more privacy should consider these additional steps:

Ad Tracking Settings

  • You can turn off the default ad tracking settings by going to Settings -> Privacy -> Apple Advertising -> Personalized Ads (Turn off)

Location Services

Location services are the systems on your phone which provide GPS location access to the apps on your phone. This can leak more information than we intend (like your home or work address) to tech companies who track our location. Also, publicly sharing your location in real-time through geotagged social media posts can signal to thieves that you are not at home.

  • Manage which applications should have access to your location, and when. Go to Settings -> Privacy -> Location Services to see which apps have location services enabled. It’s very rare that apps really need the “Always” setting, and most can do fine with “While you’re using the app”

Decreasing Data Exposure

One concept in cyber security is minimizing the amount of data that is exposed in the event of a breach. In the case of iMessage, the default is to save your messages forever. 

  • You can set your phone to delete messages after a certain amount of time — You can set it to delete messages after 1 year or 30 days, in Settings -> Messages -> Keep Messages (set to desired time).

Conclusion

Thanks to Apple, the privacy of your iPhone is already pretty state of the art; however, you may not be comfortable with all of the data big tech companies collect about you. Hopefully this blog gave you an idea of the settings that you can personalize to fit your appetite for privacy. Feel free to add comments of other security/privacy steps you like to take to secure your mobile device.