iPhone Security Apps and Configuration Tips
There are several great iPhone Security Apps and a handful of good and simple configuration changes that you can make to your iPhone to greatly enhance you iPhone security and protect your sensitive information and identity. We have seen security vulnerabilities in iPhone including flaws in pass code access (since fixed), so it makes sense to take proactive measures — especially as attacks on mobile devices are growing rapidly.
Easy Configuration Changes for Security and Privacy
There are several iPhone configuration settings that you should make to start protecting your iPhone. The first thing to do is “Don’t Jailbreak Your iPhone“. Jailbreaking removes much of the security inherent in the iPhone and makes it much easier for malicious software or users to gain access. Furthermore, Apps that you can install on a Jailbroken phone may have not gone though any kind of screening process — you have to “trust” that they are OK.
In the “Settings” under “General”:
- Enable “Aut0-Lock”. This will lock your phone after a period of minutes of non-use so that someone cannot just pickup your phone and start using it.
- Enable “Passcode Lock”. This will set a 4-digit password that will be needed before anyone can gain access to your phone for making [non-emergency] calls and accessing any data or Apps.
- Enable “Ask to Join Networks”. You do not want to join Wifi networks that are not secure (no lock icon). To prevent this from happening automatically, be sure that the iPhone prompts you before you join any new Wifi network.
In the “Settings – Safari” area:
- Enable “Fraud Warnings” to be notified of hazardous web sites that you might accidentally visit.
- Software Updates: Always let iTunes check for new software updates and install them as soon as possible on your phone. This is how Apple pushed out fixes to the various security issues that have arisen in the past. See the “Check for new software updates automatically” setting under the “General” tab of the dialog box that pops up when choosing “Preferences” from the “Edit” menu.
- Encrypt Backups: You should encrypt the backups of your phone. This prevents people with access to your computer from accessing sensitive App data and other things, like a history of everywhere you have been with your phone! To do this:
- Plug in your phone so it connects to iTunes
- Select your iPhon under the “DEVICES” menu on the left side of iTunes
- Check “Encrypt iPhone backup” and set a password for them.
- Secure Your Computer: The computer that runs iTunes also needs to be secured! Be sure that it is password protected, has a screen saver that auto-locks after a period of IDLE time, has a firewall and anti-virus, is “up to date” with operating system updates, etc.
Choice of Email Access Settings
If you configure your iPhone for general access to email (sending or receiving), be sure that your provider supports SSL or TLS for POP/IMAP/SMTP access. Without use of SSL or TLS, your usernames, passwords, and message data are sent “in the clear” and subject to eavesdropping. This is very bad — be sure to use SSL or TLS.
If you access email or other important data via a web site (i.e. using the Safari App), be sure to only do so over an SSL-secured connection. The web address must start with https:// and not http://. This will also ensure that this data cannot be eavesdropped upon.
Use a Service Supporting Remote Wipe
Many Exchange email services and LuxSci’s MobileSync service support the concept of “Remote Wipe”. With this available and enabled, you can send a command to your iPhone to have it delete all data. I.e. if you phone is stolen, you can tell it to “self destruct” — deleting all of your sensitive data. The phone would only be usable once re-synched with iTunes, as if it were a new phone.
The device must be on and connected to the Internet and it must be configured to use Mobile Sync in order for Remote Wipe to succeed. This is because the device is told to initiate the wiping process by means of a pushed command from the service. If the service cannot communicate with your device, then the device will never receive the Wipe command.
iPhone Security Apps
There are very few Apps in the iTunes store for security or anti-Virus. This may be because Apple exerts such strict control over what Apps are available in the store (as opposed to, for example, the Android free-for-all marketplace) — there may be fewer threats to the iPhone.
Big Brother Camera Security
A very cool and FREE iPhone App that takes pictures of anyone trying to login to your iPhone. Two photos are taken whenever someone logs in incorrectly or quits an application. It can email you alerts and make visual and sound alarms. It’s a pretty awesome tool for protecting your phone!
FoneHome: Phone Tracker
This App costs a few bucks but has no recurring fees. It allows you to track the location of your iPhone (or iPad) remotely so you can know where you device is in real time. It runs the background without any user intervention and is power efficient. You can even remotely set off an alarm on your phone or have your iPhone take pictures of where it is!
Paid app that replaces the default Notes program with one that allows you to encrypt your notes with the touch of a button. All secure notes stored encrypted with “blowfish” encryption and a custom App-wide password that you set.
Secure text-messaging between you and your friends. You and your friends all need to be using the service. Once you are, no one can read the texts without entering a special password. Should someone get ahold of your phone … and get logged in, then your texts are safe.
Deeply erase all empty space in your iPhone. Very useful if you want to give your phone away to someone and want to ensure that no data previously saved is possibly recoverable.
Anonymous Web Browser
Browse the web without leaving any trace of where you have been in your Phone. No need or clear cookies, history, or cache before lending your phone to others.