iPhone Owner's Guide

iPhone banner image

iPhone Data Security

Your iPhone offers you the freedom to conduct your life from practically anywhere. Whether you re chatting, working, shopping, or banking online, your iPhone is managing your passwords for email, social networks, and bank accounts, collecting credit card information to process online transactions, storing personal media and tracking your online movements. In the event that your phone is lost or stolen, this sensitive data may be compromised. To improve your digital security, Gazelle recommends the following:

Upgrade to an iPhone 3GS or Beyond for Built-in Hardware Encryption

Apple has added hardware-based disk encryption to the iPhone 3GS. This technology allows you to instantly purge all the personal data on your iPhone. This feature can be activated locally, by enabling the data erase feature, or remotely, using Apple's MobileMe service. iOS version 4 or higher is required. If you have an iPhone 3GS running iOS version 3, you can upgrade your software and automatically enable encryption with these steps:

  • Sync your iPhone with iTunes.
  • Create a backup of your current data (right-click your phone on the left side of the screen, then select the backup option).
  • Click the "Restore" button from the iTunes Summary window.
  • Once the restore process completes, select "Restore from Backup" to reload your previously saved data.
  • Finally, enable hardware-based encryption by setting the passcode on your iPhone as detailed below.

Lock Your iPhone with a Complex Passcode

Your lock screen passcode forms the first and most basic defense against unauthorized access to your applications. To adjust your passcode security settings, navigate through the Settings > General > Passcode Lock menus and select "Turn Passcode On."

When picking a number, you can increase the strength of security by following a few guidelines:

  • Do not choose a code with two or more consecutively ascending or descending numbers, two or more consecutively repeated numbers, or numbers representing important dates, like birthdays or anniversaries. App programmer Daniel Amitay recently collected over 200,000 four-digit passcodes, and found that one in seven users chose 1234, 0000, 2580, 1111, 5555, 5683, 0852, 2222, 1212, or 1998.
  • The brute-force attack a simple method of defeating security by attempting all possible combinations prioritizes high-frequency passcodes to achieve quick access. For additional security against brute force, turn off the Simple Passcode option to enable a full keyboard for password entry, set the lock screen to engage Immediately, and enable the Data Erase feature. The automatic data erase process activates after ten incorrect entries; with a password of even moderate strength, cracking your phone using brute-force methods becomes virtually impossible.

Enable Encrypted iPhone Backups

Once you secure your device with a strong passcode, regularly backup your personal data through iTunes. When you activate data encryption, iTunes copies your iPhone files in a way that makes the data unreadable by users without your password. Here's how:

  • Launch iTunes on your computer and sync your iPhone using the USB cable.
  • Select your iPhone from the left iTunes pane, under the Devices dropdown menu.
  • From the Summary tab, select Encrypt iPhone Backup.
  • When you first enable data encryption, iTunes will prompt you to enter a password. Choose a phrase of suitable strength, and then select Set Password. You'll need this password whenever you want to restore your iPhone with an encrypted backup.
  • Select Sync to finish creating the copy of your iPhone data.

Because your iPhone is highly portable and thus more vulnerable to loss or theft keep your most sensitive data at home. With frequent backups, you can enable the automatic data erase or initiate a remote wipe without the risk of completely losing your data.

iPhone Data Security: Don't Rely on Just Your Password

In February 2011, Germany's Fraunhofer Institute for Secure Information Technology publicized an iPhone hack that bypassed the screen lock, accessed the device's password keychain, and retrieved sensitive data including log-in and password information for Gmail and Exchange mail accounts, Wi-Fi networks and numerous other apps. The entire process required six minutes to complete. Although Fraunhofer Institute's method is not public knowledge, a number of other well-documented and freely available programs like jail-breaking software circumvent the iPhone lock screen. For an additional layer of security beyond passwords and encrypted backups, associate your iPhone with Apple's Find My iPhone service.

Get To Know The Cloud

With iCloud replacing MobileMe last year backing up your data is simpler than ever before. All iOS devices and Macs have iCloud built right into the device. iCloud requires you to have a mobile device running iOS 5 or greater, a mac running OS X Lion 10.72, or a Windows PC running Windows 7 or Vista SP2. iCloud can perform all the following below:

  • Automatic backup of files and apps
  • Access your Calendar, Contacts, iTunes music, photos
  • Sync data between devices
  • Find my iPhone/iPad security feature (see below)

Find Your Lost or Stolen iPhone

Once the Find My iPhone feature has been activated on your Apple computer or other iDevice, you can track the location from any computer by logging in with your Apple ID at www.icloud.com. Alternatively, you can access your data from any other iOS device using the free Find My iPhone app. In the event of loss or theft, you can use these tools to send a message to the device to arrange its return, remotely lock your device with a passcode, or initiate a remote data wipe of your device. Additionally, the GPS data logged by your iOS device may prove invaluable over the course of a police investigation. If your iPhone is stolen, initiate a remote wipe of your device as soon as possible. Connecting a device to a computer to bypass the lock screen takes time. By acting immediately to erase your data, you close the window of opportunity for a thief to collect your personal information.

If your iPhone is stolen, initiate a remote wipe of your device as soon as possible. Connecting a device to a computer to bypass the lock screen takes time. By acting immediately to erase your data, you close the window of opportunity for a thief to collect your personal information.

The Security Benefits of Apple's Walled Garden

Unlike a city park built for free access and recreation for everyone, the walled garden restricts entrance to a few specific points. The owner of a walled garden may want to control the sort of clientele they admit, or enforce proper etiquette of visitors in the garden. In the tech industry, companies such as Apple build metaphorical walled gardens by legislating the permissible use of software, media, and other content. While some users object to Apple's control over App Store content and choose to "jail-break" their iPhones from the walled garden, the casual iPhone owner may be better served by Apple's process of inspecting and approving all software submissions rather than risk installing software from less trustworthy third-party repositories. Before you install new software, consider the reputation of the software publisher, the number of downloads and the frequency of positive reviews of the program.