5 ways to increase security and privacy of your iPhone or iPad

There's NO

5 easy ways to lock down the information on iOS 7 and enhance your security and privacy!

With iOS 7 — see our complete iOS 7 review — Apple has made the iPhone, iPod touch, and iPad more convenient than ever, but also more secure. How is that possible? Well, in most cases you - the owner of the device - have to choose which one is more important to you - the owner of the device. You can set things up so that every major setting and notification is available at the glance of an eye, the swipe of a finger, or the sound of a voice. Or you can make it so that every bit on the box is locked away behind a strong password. There's no "security flaw" that can be taken advantage of, only tools that you can choose to use, or not, to provide the right balance on your device. Now, adding security does require more time and effort than going without, but nowhere nearly as much time and effort as it takes to recover after your stuff is spied, stolen, or otherwise violated. So, weigh the options and make your choice in the eternal battle between security and convenience. Here's what you need know!

1. How to use a strong(er) Passcode lock

How to use a strong(er) Passcode lock

If you have an iPhone 5s you have Touch ID which lets you, if you choose to use it, secure your device with a biometric fingerprint identity sensor that can be used to authenticate you instead of a Passcode lock. Because you no longer have to enter a Passcode as often, you can switch to a stronger, longer, more complex Password lock instead. Sure, once in a while it'll be a pain to enter it, but that's offset by how infrequently you have to do it - only when you reboot, fail Touch ID 5 times, or don't use your phone for 48 hours.

If you're really concerned about security, and are willing to give up on convenience for it, turn Touch ID off and go with a strong, complex password.

If you have any other Apple device, you still have the option of a Passcode lock, and you should absolutely use it. Not only does it protect your iPhone from casual snooping - or from people tweeting "poopin" the minute you leave it unattended - it prevents thieves from getting your data, and enables hardware encryption to make sure all your stuff is safe. While the basic 4-number pin offers basic-level of protection, there just aren't enough 4 number variations to keep your stuff really safe. For that you need a stronger password. If an alphanumeric password is too annoying for you to enter on mobile, you can turn it on anyway, enter a longer (than 4) set of numbers, and get some of the benefits without making it overly arduous to enter.

2. How to keep personal notifications and system toggles off your Lock screen

What good is a super-strong Passcode lock if anyone and everyone can see your messages, Notification Center alerts, access Passbook, or use Siri or Control Center right from your Lock screen? Sure, it's incredibly convenient to be able to glance at incoming messages and quickly add things to Reminders or Notes, but for those times when you don't think you can safely leave your iPhone, iPod touch, or iPad lying around without people snooping, remember you can turn all that Lock screen stuff off.

If you have an iPhone 5s, there's no reason not to turn off Siri access to the Lock Screen. Touch ID will authorize you as part of the long press to launch Siri anyway.

3. Turn on 2-step verification

Turn on 2-step verification

Security works best in layers, and defensive depth means having as many layers are possible. Touch ID now provides biometrics on the iPhone 5s so "something you are", while the password is "something you know", a token is "something you have". It's not full-on multi-factor authentication, at least not yet (because it's still either or, not all), but it is 2-step verification and, when it comes to security, 2 steps really are better than one. You will have to enter an app-specific password, or an additional pincode/password the first time you set up the service on your device, but it'll make it more than twice as strong for only a minimal amount of extra effort. Do it.

4. How to keep your web browsing, location, social and other data private

How to adjust privacy settings in the Facebook app for iPhone and iPad

Let's say you're not looking at porn - we don't judge! - but you still want to make sure cookies, web history, and other information about your browsing doesn't get recorded and tracked across the internet. Safari pioneered private browsing, so that's easy to do. In fact, on iOS 7 Private Browsing can be enabled from the bookmark, tabs, and smart search field screens, so it's even easier and more convenient than ever.

But what about things like location data, contacts, and other sensitive information? What if you, intentionally or simply inattentively, gave access to all off that, and more, to other apps? No worries. Again, iOS makes it easy to review and change your privacy settings. So do many online services as well. Lastly, if you're on a network you don't trust, and have access to a VPN service, that can help keep your data private as well.

5. How to wipe web history and other data from your device

How to clear all website data from Safari on iPhone and iPad

If you didn't initially use Safari's private browsing, or you want to clear other personal, private, potentially embarrassing, compromising, or just plain awkward data on your iPhone, iPad, or iPod touch, including messages, mail, photos, and more, you can. You even have the nuclear option of securely wiping your entire device, and killing old backups, so you can start over fresh, clean, and safe.

6. Bonus tip: Use a password manager

Best password manager apps for iPhone and iPad: 1Password, oneSafe, LastPass, and more!

Security is at constant war with convenience. Fortunately, in order to tip the scales slightly more towards convenience, there are password managers. Due to the lack of browser plugins on iOS, iPhone and iPad password managers aren't as well integrated as they are on Mac or Windows, but there are still many on the App Store to choose from.

Post iOS 7

Every thing is a trade-off, and every choice comes with repercussions. Even if you disable Siri and Control Center on the Lock screen, a thief could still turn off the device and kill your ability to track it. Even if Apple were to force authorization (Passcode or Touch ID) to enable powering off, a thief could put the device in DFU mode. If Apple were to remove DFU mode, then legitimate trouble shooting and fixes wouldn't be possible.

Instead, we have Activation Lock, which requires an Apple ID to circumvent. The idea isn't to make a device so secure even the owner can't get into it, but to make it as unattractive as possible to pranksters, thieves, and other miscreants so they go elsewhere.

Unless you work in Enterprise or Government and have an enforced policy on your device, you probably want some balance between security and convenience.

Your top security tips?

Those are our top 5 tips for taking your iPhone, iPod touch, and iPad security to the next level! If you've got any other tips, or alternate ways to keep stuff safe on iOS 7, let us know!

Have something to say about this story? Leave a comment! Need help with something else? Ask in our forums!

Rene Ritchie

EiC of iMore, EP of Mobile Nations, Apple analyst, co-host of Debug, Iterate, Vector, Review, and MacBreak Weekly podcasts. Cook, grappler, photon wrangler. Follow him on Twitter and Google+.

More Posts



← Previously

Terrible reporting about iPhone security leads to people being less secure. Great job, media!

Next up →

App Picks of the Week: Reaper, 60 Minutes, BillGuard and Gunner Z

Reader comments

5 ways to increase security and privacy of your iPhone or iPad


I honestly find it hard to believe that people use a passcode lock on their iPhone. I know they do & I'm not trolling, I just find it hard to believe. I turn my iPhone on & off all day long, glancing at information here and there. I can't begin to imagine having to enter a code EVERY SINGLE TIME.

I'm lucky though. I don't have friends that will tweet "poopin" if I leave my phone out... although why would I leave my phone out? I don't have any data on my phone that couldn't be looked at by someone else. Any "private browsing" or passwords are held in separate programs, thereby rendering a passcode lock unneeded.

That said, I am looking forward to the iPhone 5S and will use the fingerprint reader... at least if the latency is very similar to what I'm used to now.

I'll admit, whenever I get a new phone and don't immediately set a passcode, it feels so nice to not have to enter a passcode. Unfortunately for me, eventually paranoia takes over and I worry about if I lose my phone. Like you said, a lot of information is locked behind secondary security measures anyway, so most information will still be protected. However, a few years back I lost a phone while hiking and I had recently disabled the passcode on it. I'm pretty sure it fell in a river and nobody picked it up, but I couldn't stop stressing out about what information might be at risk. Ultimately that fear over what information might be accessible to somebody trumped the convenience of not having a passcode. It's easier for me to take 2 seconds to enter my passcode than to have to worry about what will happen if I don't have one set and I misplace my phone.

I'm looking forward to the 5s. So far things seem to point to a very quick response time. If it can be close to the time it takes to swipe to unlock, hopefully the additional security will provide little to no disincentive for users to set a passcode.

I am the same way. I am constantly locking and unlocking. But unlike you, I don't want to sacrifice security, especially at school! Luckily, as I was looking through settings again to see if there were any ways I can optimize usage, I noticed that you can change it so that your iPhone/iPad/iPod doesn't lock immediately after you turn off the screen. I set it so it locks 1 minute after. Very nice.

You can change the passcode timeout.
Settings -> General -> Passcode Lock -> Require Passcode ...

... Immediately
... After 1 minute
... After 15 minutes
... After 1 hour
... After 4 hours

In the industry where I work, security is something that has always been ignored. Fortunately today, there are regulations and policy's that got put in place that the industry has to comply with otherwise a hefty fine is for sure coming. I have been accused myself by many people in the industry that my thinking in security is unreasonable and inconvenience and I always tell people that Security and convenience cannot be used in the same sentence (I know, I am just guilty of it). I always explain to people that no one would appreciate the additional security until its too late. I'll use home security as an example. Most homeowners who don't have home security will not get one until someone breaks into their house and it'll be the same thing for our phones. We always think that there's nothing important stored in our phone or you're not trying to hide something and that's why you don't need to secure your phone even by using a 4-digit passcode until it's too late.

Just remember, you cannot over secure yourself so start securing your phone before it's too late.

I didn't win the iMore iPhone giveaway, so I cannot upgrade to a 5S, however, I am very excited about the new biometric authentication.
I would love to see Apple integrate that into something like a 1Password feature that would allow me to access Apple forums as well.

... I laugh about the fears of the NSA getting our digit-prints... My state government (law enforcement agencies ) have had access to my thumb and index finger prints for the last 20 years! The NSA is too late! xD

Sent from the iMore App

Keep trying. You might with the "6" next year!

Also, it is possible that Apple might expand Touch ID to authenticate more than just 1. unlocking iOS devices and 2. iTunes purchases. Apple seems to like to test future technologies in public, in seemingly unrelated systems, then put them together into a new must-have feature. Remember those odd little Click-Wheel games that could be purchased through iTunes and installed on iPods? That software purchase -> download -> install technology was a proof of concept for the App Store. And Apple tested all of the components in public.

I think the same thing is possible with Touch ID. Apple already has Easy Pay, which lets you buy small items at the Apple Store by scanning the package bar code with the Apple Store app. Just scan, authorize, walk out the door with your item. The credit card attached to your iTunes account is charged. Touch ID could make that process more secure, and the Easy Pay + Touch ID system could, in theory, be expanded to other retailers around the world.

And Apple could, if they felt like it, kill off most or all iOS "password manager" apps. They could call it "Keychain," as on OS X, and it would store all your login passwords etc. Touch the Touch ID button and any app that requires a password, including Safari, could receive an encrypted password from Keychain through some future iOS framework.

Incidentally, the A7 chip's ARMv8 instruction set contains built-in AES encryption. So encoding / decoding passwords and such will be much faster because it's handled at the hardware level instead of as a software application. This may be one reason why Touch ID is instantaneous.

But it involves a 30 hour process of lifting someone's fingerprint, creating a high-resolution copy of it, then placing it over a live finger and tapping the Touch ID button. Much easier to just point a gun at someone and say "Unlock your iPhone and give it to me." Right?

And no, it's not a new technique. It's been done before with other fingerprint sensors.

Updated and reposted in retaliation to the misinformation, misunderstanding, and generally miserable reporting going on about iOS 7, iPhone 5s, and security.

"More secure" can mean several things. When I get a Touch ID-equipped iPhone "6" next year, I'll do just one thing to make it more secure than my current "5": I'll turn off "Simple Passcode" and switch to a much longer, unguessable, alphanumeric passcode. Thanks to Touch ID I'll rarely need to type in the long passcode.

But for many people, "more secure" means using a passcode in the first place. More than half of all iPhone users don't have a passcode at all. If most of them start using Touch ID when they upgrade to their next iOS device, they'll be forced to use a passcode. That's a big security win right there.

Is anyone else finding the biometric scanner slower than they'd like? I like the concept but find the scanner slower than entering the pass code.

i still believe that passcode is robust and much easy reliable than biometric fingerprint identity sensor.

With more maturity in fingerprint sensor and its technology ,i see great opportunity in it

My security tip: Don't let people touch your personal phone. Do all your dirt in face to face conversations like Pauly from Goodfellas.