Apple has always been serious about iPhone security and privacy, but in the past couple of keynotes, they’ve really been focusing even more on protecting users’ personal data. At this year’s WWDC, they even announced a new “Sign in with Apple” feature that generates new, random, unique email address whenever you sign in on a website, to reduce spam and having your data collected.
Out-of-the-box, iPhones are solidly encrypted and more secure than many other smartphone brands, but, in an age when cybercrime is an all-time high, taking a few extra precautions isn’t a bad idea either. After all, your entire life is on your smartphone, from private family photos to personal messages and now payment information, and all of this data can cost you dearly if it ends up in the wrong hands.
To tighten the privacy and security on your iPhone even more, follow these simple steps:
Replace your 4-digit passcode with a strong password
By default, you have to use a 4-digit passcode to unlock your iPhone, but if you want to reduce the risk of criminals unlocking your phone to a minimum, you should replace the passcode with a password instead. Using a combination of uppercase and lowercase letters, symbols, and numbers will make the password impossible to guess.
Also, keep in mind that if you unlock your iPhone with a 4-digit code enough times, friends and colleagues will be able to figure out the code, whereas long passwords are much more difficult to guess.
Bonus tip: if you are travelling and fear that your iPhone might be stolen, turn on the “erase data” option from the “Face ID and Passcode” menu (or Touch ID and Passcode, for older versions). This way, if someone enters the wrong passcode 10 times, all your data will be permanently wiped with no possibility of being recovered.
Don’t display lock screen notifications
No matter how long and secure your password may be, if sensitive data shows up on your lock screen, anyone can see it.
To prevent this from happening, go to Settings -> Face ID and Passcode and disable apps from “allow access when locked”. This way, when you get a notification of any kind, you won’t see the preview on the lock screen.
Bonus tip: If you have Face ID turned on, the notification preview will only appear once the camera detects your face.
Protect yourself from spam calls
In January 2019, thousands of iPhone users were affected by a phishing scam where it looked like someone from Apple was calling them directly. This happened because Apple’s helpline is pre-added in the contacts list and hackers managed to fake the call origin. While this kind of advanced attack is harder to avoid and only Apple can take extensive measures, other spam calls are easier to block. All you need to do is go to Settings -> Calls -> Call Blocking & Identification to accept only calls from known numbers. Alternatively, you can also use a call identification app to show you the caller ID or a reverse phone lookup service to find out who is calling you.
Turn off AutoFill in Safari
Safari is one of the safest and most private mobile browsers, but if your phone ends up in the wrong hands, you need to take some measures to make your private data is protected. Case in point: the AutoFill option.
When AutoFill is turned on, your username and password are automatically inserted, which means that anyone who uses your phone can access your credentials. Even if this means remembering more passwords, disable Safari AutoFill settings from the “Passwords & AutoFill” menu.
Bonus Tip: Turning off AutoFill isn’t the only useful privacy setting in Safari. In fact, Apple went the extra mile to put the user in control, so scroll through the settings to personalize your experience. For example, you can prevent websites from tracking you, turn on the fraudulent website warning, and turn off camera and microphone access.
Select which apps can access your data
Strengthening iPhone security doesn’t involve only preventing hackers or criminals from getting a hold of your data. Many smartphone users are actually more concerned about the way that large corporations such as Google and Facebook exploit their data and use it for monetary gain. You may not realize this, but using an innocent little app to apply a goofy photo effect can give the developer access to personal data – if you allow it, that is.
With the latest updates of iOS, you can see the permissions for each app you installed, sorted into categories. For example, if you go to Settings -> Privacy -> Speech Recognition, you will see a list of all the apps that requested access to speech recognition and disable their access if you want.
The best part about this feature is that the list is updated as soon as an app adds new permissions on top of the ones you approved when installing it, so developers can’t trick you.
Bonus tip: If you don’t want apps tracking your behavior to deliver relevant ads, go to Settings -> Privacy -> and enable Limit Ad Tracking.
Turn on two-factor authentication for Apple ID and iCloud
Two-step authentication should be enabled whenever possible, not just on your iPhone because it adds an extra layer of security on top of your usual password and currently it’s the most effective way to protect your accounts from unauthorized parties.
If you have more than one Apple device, make sure you enable two-step authentication from your iCloud account. This way, whenever someone tries to change your iCloud settings, or make a purchase from the App Store or iTunes from a new device, Apple will send a security code to your laptop or tablet.
Great article. It’s worth mentioning that nowadays, mobile security is not only about protecting our devices from hackers.
The closer we move toward using our mobile devises as universal keys (to our bank accounts, credit cards, house and car locks, let alone personal information), the more THE PEOPLE AROUND US start to pose a serious threat.
The malicious observers could easily steal our credentials by glancing at our screens, plus they could gain physical access to our devices themselves. Relying on biometrics isn’t a very viable alternative either, since your biometric data is also readily available to the “bad guys” around you.
This is HITBAD problem (Here Is The Body And Device), which is a relatively new security challenge, and it differs from the rest.
An interesting aspect of HITBAD problem, it is not only about BAD guys who want to steal your money. In many cases, it is about your friends, family members and other “good” people around you, who can challenge the privacy of sensitive data on your device.
What could be a viable solution to HITBAD problem? A quick-game (2-3 seconds long) that works as a login method.
With a login game you have two secrets: the purpose of the game (your passcode) and the rules of the game (the way you interact with your computing device). Since both these secrets are configurable, a malicious observer would not be able to steal your credentials just by looking at your screen when you are unlocking your device. Fortunately, there is a free app (TouchyNotes) on the Apple App Store that utilizes this approach. Thanks!