Skip to main content

How Apple keeps your Instant Hotspot connection private and secure

Using hotspot on an iMac
Using hotspot on an iMac (Image credit: iMore)

Continuity was designed to make your iPhone, iPad, and Mac work more easily, quickly, and seamlessly together. Instant Hotspot does just that by making personal tethering even more personal. It's meant for just you, so it requires you to be logged into iCloud on all your devices, and be within Bluetooth Low Energy (BT LE) range. But once you are, sharing your iPhone or cellular iPad's LTE connection is not only simpler and faster than ever, but more secure.

Devices identified

When you log into an iPhone, iPad, or Mac with your Apple ID, iCloud creates and stores a destination signaling identifier (DSID) and rotates it periodically. Any time you go to Wi-Fi settings to look for a network to join, the device begins broadcasting a personal hotspot identifier based on the DSID.

Your other devices, as long as they're logged into the same Apple ID, and are within Wi-Fi range, will respond to that broadcast and, if they have cellular networking enabled, will respond that they're available.

Using BT LE means the devices have to be close by, and using your Apple ID means they have to be your devices, or at least devices you have possession of and are logged into.

So, if you go to Wi-Fi in your Mac menu bar, and your iPhone is close by, it will come back as available.

Making the spot hot

Devices available for Instant Hotspot are listed separately from both standard Wi-Fi access points and traditional Wi-Fi tethering options. They get their own Personal Hotspot sub-menu under available options.

Choose a Personal Hotspot, and your device will send a request to the cellular device to turn on Wi-Fi tethering. The communications is secured using standard Bluetooth encryption and the transmission is encrypted using a method similar to iMessage.

The cellular device then responds with connection information and the hotpot link is established. There's no SSID or password required because both devices are logged into your Apple ID and that serves as authentication and authorization.

At that point your Mac or Wi-Fi iPad will be connected to your iPhone or cellular iPad, and you'll be up and running on the internet.

The bottom line

Instant hotspot is still a Wi-Fi tether, and your internet activity will be transacted using the same level of security, and with the same expectation of privacy as any other wireless internet connection. Since you're not sharing it with everyone else on the coffee shop network, though, the risks of snooping or sniffing your activity are much lower.

That's not unique to instant hotspot, of course. What's unique is achieving that level of security and privacy so quickly and easily.

Rene Ritchie
Rene Ritchie

Rene Ritchie is one of the most respected Apple analysts in the business, reaching a combined audience of over 40 million readers a month. His YouTube channel, Vector, has over 90 thousand subscribers and 14 million views and his podcasts, including Debug, have been downloaded over 20 million times. He also regularly co-hosts MacBreak Weekly for the TWiT network and co-hosted CES Live! and Talk Mobile. Based in Montreal, Rene is a former director of product marketing, web developer, and graphic designer. He's authored several books and appeared on numerous television and radio segments to discuss Apple and the technology industry. When not working, he likes to cook, grapple, and spend time with his friends and family.

  • I personally recommend that people not use any public Wi-Fi... ever. Tech websites need to hammer that home forcefully. Public Wi-Fi (McDonalds, department stores, coffee shops, etc.) expose your data to the world. The lure of free bandwidth must be resisted.
  • I agree. At the very least use a VPN.
  • I avoid them like the plague. Cant tell you how happy I was when Apple added this feature.
  • Most websites these days make use of SSL/HTTPS/TLS encryption meaning that if someone is sniffing traffic via a tool like WireShark for instance it will be encrypted. However, there are ways for people to break that encryption through tools, so it's not 100% bullet-proof. But to novice prying eyes, checking your gmail on a public connection should be relatively safe.
  • Any idea how to make the connection persist?
    I tether my iPad to my iPhone constantly when on job sites, but if I close the cover on my iPad for (seems like) 1 minute, the connection is lost and I have to go back to the Settings app to reconnect.
    It would be great if there was an option to stay connected for X amount of time after last use; up the timeout from 1 minute to 30.
    Or an option to auto-reconnect upon wake-up. (iOS loves to kill comms to save battery)
    I have plenty of data, others don't, so I understand the fail-safe setup, but give us options, please. Sent from the iMore App
  • My connection always persists? That sounds like you have an iOS issue, the hotspot isn't designed to disconnect devices after a certain period of inactivity.
  • DS ID's aren't changed afaik. That's how Apple identifies your AppleID. It's how you can change your primary AppleID Email, but still have the same purchases. The code it broadcasts *based* on the DS ID may be rotated similar to Two-Factor. However, this isn't *that* secure, as someone could in theory, figure theirs out (probably somewhere in iTunes configs), and see how it's changed by the devices they own. They then have the formulas. Then they could use that to reverse engineer anyone nearby's DS ID and trick their device in to connecting. Unless Apple is constantly rotating not only the auth code, but the formulas to make the auth code. I doubt they're doing that, because that would mean that a device that hasn't been online to get the newer formula wouldn't be able to instant hotspot. Kind of targeted, but this is just off the top of my head. Unfortunately, I'm sure anyone else can figure an easier way to do this.