Since iCloud was released almost a year ago, more people stopped plugging in their iPhones to synchronize their contacts and calendars. This also means that their iPhone wasn’t being fully backed-up as often… What metric hasn’t changed is how often people lose, break, or go swimming with their iPhone.
There’s one thing that we all hate to lose from our phones when this happens – photos… Recently, a few neighbors of mine have lost their iPhone and since they had iCloud enabled for their contacts/calendar – that data was safely restored to their new phone. However, since they didn’t use Photo Stream or store photos on iCloud, they lost tons of their iPhone photos. This is why, it’s still really important to plug your phone into your computer and do the backups. Since you can use the iPhone cable to charge your phone from your computer’s USB, there’s no good excuse to avoid backups on a daily basis!
If you have an iTunes device backup, you can essentially restore ALL of your data – Apps, call logs, txt/sms, photos, contacts, calendars, email, etc… – to a new phone. Else, you will only get bits and pieces.You can compare what is backed up over iCloud vs what is backed up when you use iTunes to see the difference.
This brings me to my next topic:
In addition, most people do not keep a password on their iPhone. If your iPhone is lost or stolen and found by a curious wrongdoer, they will be able to see what you’ve been up to and potentially gain access to all kinds of account info using your email addresses.
This is why I wanted to write about 2 things that iPhone users should be more concerned with than someone who uses Android: Privacy and Backups
But first, 2 quick points makes Android better than iOS in these areas (one of my favorite topics):
- Android supports full Encryption – As of Android 3.0, you can enable data encryption (not enabled by default) which will protect your /data folder on your phone. That being said, at DEFCON 2012 some “researchers” did prove that Android encryption can easily be broken if you have a simple password/pin/pattern for unlocking your phone – since the encryption uses the same password as your unlock code. We expect that in the near future, Android developers will be releasing an update that uses different passwords for decrypting your phone on startup vs unlocking your screen to use it.
- Google+ “instant upload” backs up your photos – If you leave ‘instant upload’ enabled, it will upload your photos to a private, unshared album in your Picasaweb. I know there is a lot of skepticism and shock when people ‘find’ their phone photos on Google+/Picasaweb, but, you can easily disable the instant upload feature in your phone settings.
However, even if you have a password/passcode lock – you are not completely protected. I’m sure this is something that people do worry about, and it’s for a good reason. First off, if anyone has physical access to your phone, they can basically access your entire iPhone’s file system using, say, Ubuntu Linux – there is plenty of info online about how to do this. That being said, if you have a passcode that locks your phone, and you have Apps that support Apple’s Data Protection API, then at least the data in those Apps will be protected. One of those happens to be the built-in iOS email client called ‘Mail’ (I put some links about this at the bottom of this post in case you want some geekier reading on this… )
However, most of your Apps, data, contacts and texts are easily extracted from your iPhone. Even info that you have deleted could possibly be recovered through forensic data scans… So, what can you do to be more secure?
For starters, you can do the 7 basics:
- Set a passcode lock – and not the simple 4-digit one, make it long as you possibly can, every character you add makes your phone more secure. Also, while you are there, make sure that the option to erase the phone after 10 failed attempts to unlock it.
- Disable Siri When Locked ( Settings > General > Passcode Lock > Siri > Off ) – Siri can command your phone without requiring a passcode unlock.
- Auto-Lock – ( Settings > General > Auto-Lock > 2 Minutes ) – setting an auto-lock timeout is necessary to your phone’s security.
- Secure the Home Button – ( Settings > General > Home Button ) – you must change this to anything besides “Phone Favorites” or else it is quick access to your phone list for anyone who picks up your phone.
- Change the default SIM PIN – ( Settings > Phone > SIM PIN > Change PIN ) – This locks your SIM card so that it cannot be used in another phone. If someone were to get your SIM, they could potentially cause you some damage and stress by making calls from your phone number. There is a list of the default SIM PINs for each provider here – if you have AT&T, it will be 1111 by default.
- Encrypt the iTunes Backup file – a mostly overlooked option when you are doing backups of your phone via iTunes. If it isn’t encrypted, anyone who has access to your computer could easily use this file to restore an EXACT copy of your phone’s storage – contacts, email, web history, text messages, phone call logs..
- Disable WiFi – when you aren’t using your WiFi, you should disable it. Anyone who has a special WiFi listening device (for example, the one they sell at DEFCON, the pineapple) could gain some useful info from your phone when it looks for known networks… This is more common than you would like to think.
- Black SMS – If you install this on both ends of a txt/sms message conversation between iPhones, it will encrypt and decrypt the messages based on a password between you and your recipient only. Now, those messages will not be readable by anyone other than the intended recipient – also, if that person were to lose their iPhone or have it stolen, the data would still be protected and encrypted by their password.
- MEO Contacts – This application allows you to create a private and encrypted contact list, separate from your iOS contacts.
iOS DATA PROTECTION LINKS: