iOS 7 preview: New security features

iOS 7 preview: New security features

Apple's iOS 7, announced earlier this week, brings a lot of changes to all areas of the operating system, and security is no exception. iOS 7, at least as much of it as has been publicly disclosed by Apple to date, includes a number of security-related enhancements, seeking not just to make your data more secure, but also make security more convenient.

Safari - Do Not Track & Private Browsing

Do Not Track is an optional header that can be sent along in HTTP requests, expressing your preference to not be tracked by websites. Already included in the desktop version of Safari (as well as most other major browsers), the addition to Safari in iOS 7 means people will have the option to opt-out of server-side tracking of their browsing. There is no enforcement of the Do Not Track system, but with a large number of popular websites honoring it, it's certainly a welcome addition to mobile Safari.

iOS 7 has also moved Safari's Private Browsing option to a more accessible place. Enabling Private Browsing means Safari doesn't save your history, record cookies, or sync your browsing data to other devices. Previously this option was hidden away in the Settings app, going unnoticed by most. Now Private Browsing appears in the Safari app itself, allowing you to toggle it on and off quickly from within the browser, rather than having to jump out to Settings every time you want a little privacy.

Per App VPN

VPN (Virtual Private Network) support allows you to create secured connections between your device and VPN provider, offering a layer of network encryption to help keep your traffic secure. iOS 7 will expand iOS's existing VPN functionality to support per app VPN. The details on this are sparse right now, but this will likely give enterprises (and their employees) more granular control over what traffic should be routed over VPN.


Cheaters be on alert, Game Center is also getting some security attention in iOS 7. If you've spent any amount of time viewing Game Center's leader boards, you've probably noticed that many of them are topped by individuals with impossible scores. Two items from Apple's keynote intended to help prevent cheating are "Secure game scores" and "Authenticated Game Center players". It wouldn't be surprising to see cheaters find new ways to top the charts, but it's good to see Apple taking notice and working to curtail those actions.

Activation Lock

Currently if your iPhone is stolen, Find My iPhone can help you track it down, disable it, or erase it, but only if it's on and connected to the Internet. If a thief immediately powers your iPhone off, then restores it to factory defaults, you're out of luck. Activation Lock works by requiring your Apple ID and password to activate an iPhone, even after it has been wiped. This means that even if a criminal completely wipes your devices and reinstalls iOS, the phone can't be activated unless they also have your credentials.

This feature only works if Find My iPhone is enabled on the device. There has been some unwarranted concern on what Activation Lock will mean for users trying to sell their old devices, but iPhone owners need not worry. If you disable Find My iPhone (which will require your Apple ID and password), prior to resetting your iPhone, it will no longer be locked to your Apple ID.

Keychain syncing

The Keychain is where applications can securely store sensitive information like usernames and passwords on your device. Your keychain is one of the only pieces of data that cannot be backed up to or synced through iCloud. If you want to preserve your keychain when restoring a device, you have to use an encrypted backup from iTunes. Also, if you use multiple iOS devices, usernames and passwords will have to be entered manually on each separate device.

Keychain syncing in iOS 7 will allow users to enable syncing of their keychain to iCloud. This means that multiple devices will be able to share the same data and when you restore data from an iCloud backup, iOS will now be able to restore all of your saved passwords. In addition to syncing, the Keychain is also being extended to securely store additional data for users, such as credit card information for making online purchases. Of course users can still use third party apps like 1Password for this, but will now also have the option to make use of native functionality.

Defaulting to secure data

This change will go largely unnoticed by users, but will offer additional protection to their data. On iOS, if you have a passcode set on your device, your data can be encrypted with it. The catch is, developers have to specifically enable data protection in their applications to make use of this encryption. If somebody were to jailbreak your device and bypass the passcode, they could potentially access data in any application where developers had not enabled data protection. Starting with iOS 7, data protection will be enabled by default for all applications.

And more

The above is not a comprehensive list of all security changes in iOS 7, but covers the ones we know about from the keynote. With iOS 7 in beta, and under non-disclosure, details may change before the public release, currently scheduled for this fall.

Have something to say about this story? Leave a comment! Need help with something else? Ask in our forums!

Nick Arnott

Security editor, breaker of things, and caffeine savant. QA at POSSIBLE Mobile. Writes on about QA & security, and as @noir on Twitter about nothing in particular.

More Posts



← Previously

Talk Mobile 2013 Launch Party in NYC - The Video!

Next up →

Microsoft launches Office Mobile, brings subscription Word, PowerPoint, and Excel to iPhone

Reader comments

iOS 7 preview: New security features


One thing that was never covered (and just watched the keynote in full moments ago) is a solution to the rather outdated Address Book. Hopefully some photos in the long list of my contacts would add a bit more color or interest to a often used and overlooked tool (Apple please fix the mess you made of the iPad).

I can't help but notice a few subtle features "paying homage" to many Android based phones with some features but overall the UI elements look great on a white iPhone 5. I bought the black/slate model and have a feeling it's going to look rather odd.

Overall I'm still very excited about this update and hope some new alert sounds come with it to replace the tired ones that have been around for ages.

Will be interesting to see if those of us invested in 1Password will make the switch to the upcoming keychain security features. Given your fondness for 1Password, I trust iMore is planning a review of the strengths and weaknesses of both? (I really like it, too, by the way.) Or maybe I missed it....?

They should make it so you can remit let turn on your device. Someone steals your phone, hop into find my iPhone, turn on your phone to find its location. Also, if you remotely lock your phone, are they still able to reset it back to factory defaults?

How exactly are you supposed to remotely do ANYTHING with a phone that's powered off?
If it's powered off... there's no WiFi.. no Bluetooth. How exactly do you intend to send any sort of instructions to the device hmm?

When you send a command on find my iPhone and the phone it off it will preform the action as soon as the phone is powered up

But if they turn it off right away and connect to iTunes to wipe it, it will not get the command. You won't even be able to find its location once they reset it. Unless you have to turn it on to do that???

From what I've read, once you wipe it you'll then need the Apple ID and password to use the phone again after it's been wiped.

I'm sure it won't be impossible to crack the security but it'll definitely help protect us users.

No, you can't send any commands while it's off. But a phone that is never turned back on offers very little value to anybody. Previously, a stolen phone would be powered off long enough to get the device plugged into a computer to wipe it and reinstall the OS. Now if somebody were to try to do that, the idea is they cannot reactive the phone without entering your Apple ID and password. Technically they could power off the phone and never turn it back on, but then why steal it if you can't do anything with it?

What I mean is, does the phone have to be turned back on when you plug it in to wipe it? If that's the case, you'd be able to lock it remotely and when they turn it on to wipe it, it would lock. Or can you leave it off to wipe it via iTunes. That is of coarse if its connected to cell/wifi as well. I think this will be a good feature, on mine now you can't access FMIP without a password to turn it off so the only way would be to wipe it.

Also, I think carriers need to do more about tracking stolen devices and share info with eachother. That way if someone steals a Sprint phone and puts Verizon sim in they could still track it via serial #.

As mentioned in the article, anything that wasn't in the keynote or has not been publicly announced by Apple still falls under Apple's non-disclosure agreement that all developers have agreed to.

Apps need permission to access the microphone, just like they need permission to access your contact info or photos.

There's a fix to prevent 'juice jacking'; such as this -

When you connect to a new computer, your iPhone will ask if you wish to allow the computer access to your iPhone - therefore creating a 'pairing record'.

Currently in iOS 6 and below, your iPhone automatically creates pairing records with anything you plug in to, if your iPhone was unlocked or has no passcode.

Are you guys sure on that erasing thing? From the wording, it really seems like it is only activation locked if it is erased from iCloud. It says "This iPhone was lost and erased. Sign in with the AppleID that was used to erase this iPhone." Key part there *that was used to erase this iPhone*, as in the one that sent the erase.

I've been concerned that this would make it more difficult for people to buy used, as someone could lock and prevent the phone from re-activating after selling it just to be spiteful.

im sure if you wipe the phone thought the iOS it will no longer allow you do do that with your apple id on find my iPhone

I don't get the point then, as most of the time, a thief can hold the power button and switch it off, then restore it via recovery (holding the home button) before it can be set to lost...

Go to settings - iCloud - and scroll down and there will be a switch for on/off. There is an app also for all Devices.

All will be solved when they implement the fingerprint scanner. I'm sure there will be a way to set it up for a certain few to also be granted access to the phone. Such as wife or children.
I'm sure that will slow down the ever growing rate of stolen iOS devices.

I've always wondered about the fingerprint scanner. What if you are a carpenter or young and wild and hurt,scratch,cut,bruise, etc your finger that was used to unlock your phone. Would the option of a pin still be available or do you have to wait for your finger to heal?