Apple’s iOS has several weak spots that can instill a false sense of security — unless you take these steps to fix them
Apple’s iOS has a lot of great security and user privacy protection capabilities — more than any other competing mobile platform. But it also has flaws that undermine some of those very capabilities. Here are three you should know about, along with my advice on how to take care of them.
1. Getting to the hidden privacy controls
First off is privacy. Apple has long had privacy controls in iOS (and more recently in OS X) that let you decide which apps can access personal information such as your location, contacts, and photos. iOS 6 has expanded those controls to include permissions over which apps can use your Bluetooth radio to share information with other devices. Apple’s privacy controls are great in that apps must ask you for permissions, and if you grant them permission, you can always revoke it on a per-app basis at any time.
You manage the privacy in the Privacy pane of the Settings app, which gives you one location for these controls — except for two items.
The Safari browser has a private browsing mode that stores neither cookies nor a URL trail, so your Internet steps can’t be traced. This control resides not in the Privacy pane but in the Safari pane; just set the Private Browsing switch to On. (You can tell private browsing is enabled because the Safari background changes from light gray to dark gray.) In OS X and Windows, private browsing is an application preference, so it makes sense that in iOS the private browsing control resides with Safari’s settings, not overall privacy settings.
But it doesn’t make sense that Apple has hidden the ad-tracking off switch in the Settings app’s About pane — buried below a bunch of information entries that seem clearly designed to hide this feature from users. Bad Apple! If you want to limit what information in-app ads can track about you, set the Limit Ad Tracking switch to On. To get to that switch, go to the General pane in the Settings app, then tap About. Scroll to the bottom of the About pane and tap Advertising. Only then is the Limit Ad Tracking control visible.
Hidden in the About pane in the Settings app’s General pane is the control to limit ad tracking.
While you’re at it, head over to your carrier’s website and check your account settings to make sure ad tracking and other forms of tracking are turned off — the carriers track you, too.
Here are the instructions for Verizon Wireless; instructions for AT&T; I suspect there is a similar process at every carrier’s website, but if you can’t find them, call customer support and make them spend money on supporting your right to be left in peace.
2. Ensuring Find My iPhone isn’t disabled
iOS has a great capability called Find My iPhone (aka Find My iPad or Find My iPod, depending on what device you have) that broadcasts the device’s location. Consequently, you can see on a map where the device last was, as well as send a tone or message to it, and — if need be — lock or wipe the device’s contents. This feature in Apple’s iCloud works from any browser, as well as from apps you can download for iOS devices.
But Find My iPhone only works if enabled in the Settings app’s iCloud pane, and anyone who has your iOS device can simply turn off the service there. It’s clear that Find My iPhone was designed for finding an iOS device left under a chair or at a friend’s house — not to thwart someone who stole your device.
Fortunately, you can prevent thieves from disabling the Find My iPhone capability in your device. Of course, your first line of defense is to have a password for your iOS device, then set to wipe it after a specified number of failed login attempts. Every company should enable this password and wipe requirement through its Exchange ActiveSync (EAS) policies or via a Mobile Device Management tool, but many do not.
You can do so yourself in the Settings app’s General pane. Tap Passcode Lock, and in the pane that appears, specify your password and the idle time after which the password is required. At the bottom of the pane, set the Erase Data switch to On and specify how many failed attempts will cause your device to be wiped. Remember: If you back up your iOS device via iTunes, you can easily restore its contents after a wipe.
Of course, the idle time still provides a possible window for a thief to disable Find My iPhone. Also, most people will not require passwords for home-oriented iOS devices — many users find entering a password too onerous a task, given the low probability they believe of their device being stolen.
If you believe that, there is a way to keep Find My iPhone from being turned off even on an iOS device with no device password. You need to go to the General pane in the Settings app and tap Restrictions. You’ll be asked to set a four-digit passcode; after you do so, the Restrictions pane appears in which you can specify which controls are disabled until someone enters that passcode. In other words, you can password-protect individual settings on your iOS device.
Scroll down to the bottom of the Restrictions pane and tap Accounts, then tap Don’t Allow Changes in the pane that appears. Doing so prevents anyone from changing your iCloud settings (where Find My iPhone is managed) and your email, contacts and calendar account settings unless they have your password. Even better, the passcode for your restrictions can be different from the password that secures access to your device; if you share your device password with an admin, IT pro, or family member, that person can’t override your restrictions using your device password.
Use the Restrictions pane in the Settings app’s General pane to require a PIN to change account settings or disable Find My iPhone.
3. Separating your iTunes and iCloud passwords
Like most people, I have too many passwords to remember, and the differing rules for what constitutes an acceptable password at every site and service makes it even harder to remember which goes where, especially as I use multiple devices during my day, each of which stores passwords (or not) differently. (I rely on the Forgot My Password feature a lot at sites I visit infrequently.)
Despite the hassle, I strongly recommend you use separate passwords for iCloud and iTunes. By default, Apple has you use your Apple ID — your iTunes password — as your iCloud ID. That makes it easier to remember how to log in to all of Apple’s services: iTunes Store, the App Stores (Mac and iOS), Apple Store (for hardware), iBookstore, Find My Friend, Find My Phone, iCloud email, and so on. It also means if someone discovers your Apple ID and password that all those services are available to that person — a really big deal considering that your credit cards are linked to several services. A thief could quickly spend thousands of dollars on purchases and redirect all your accounts to his or her address. I know — it happened to a friend.
The unified account gets scarier if you share that Apple ID and password with third-party online services, such as with the Android app that lets Android devices participate in iCloud syncing. Those services are handy, but now one of your key access methods is shared with companies you don’t really know.
The solution to the iCloud/iTunes dilemma is to set up separate Apple IDs: one for iCloud and one for iTunes. If you already share an Apple ID across both, create a new Apple ID, and switch your iCloud settings to the new ID. Just be sure to have copied and synced all iCloud-stored data to your local devices so that you can them transfer them to the new iCloud account when you switch to that in your various settings.
Although it’s a pain to have two Apple IDs, the reality is that most services save your credentials once you log in, so you’re not entering them very often. But if one Apple ID is lost or stolen, you have a decent chance of limiting the damage to just iTunes or just iCloud.
Apple could do more in its account approach to give third-party access without requiring you give up all of your credentials, to add second-factor authentication, to allow for mulituser accounts, and to provide subaccounts so that not all services use the same credentials even if linked to the same master user. Until it does, you can minimize the risk by following the steps here.