iPhone Security, How to securely use your iPhone

Last Update: 3/1/2016

Apple iPhone 3GS

Most iPhone users do not think very much about security. The iPhone is part of Apple’s closed ecosystem, helping to prevent viruses and malware from wreaking havoc. As the iPhone has grown in popularity, the smartphone has become more of a target by hackers and criminals. It is important that iPhone users immediately become more vigilant about smartphone security.  Our tutorial covers the iPhone through iPhone 6S Plus and iOS through iOS 9.

1. iPhone Software Updates

Apple upgrades the iOS software for the iPhone from time to time. Updates include additional functionality as well as security bug fixes. It is important that users apply updates immediately. Before iOS 5 users needed to connect their iPhones to a computer in order to update the smartphone’s software. Needless to say, this was inconvenient and led to many iPhones with obsolete software.

iOS 5 allows updates to occur without the iPhone being connected to a computer, allowing users to stay current far easier. We recommend all owners of the iPhone 3GS and the iPhone 4, upgrade to iOS 5 immediately. iOS 5 in fact includes many security fixes.

The original iPhone and the iPhone 3G cannot be upgraded to iOS 5, and should be updated by connecting to a computer as often as possible.

If you Jailbreak your iPhone, you need to be extra careful with regards to security as iOS updates are much more difficult for you. Be careful where you obtain your Jailbroken Apps as malware is much more prevalent.

2. iPhone App Security

Apple’s App Store reviews all submissions before adding them. All iPhone apps must be authenticated and signed which helps to ensure they haven’t been tampered with or altered. This helps prevent malicious apps from infecting the App Store. Apps are prone to security vulnerabilities, that are fixed by updates. Keep apps updated regularly and remove apps that you do not use. Regularly use the App Store app and select Updates. iOS 7 adds the capability to auto update your apps. Be sure to use this function. Apple has the ability to remotely remove malicious apps from your iPhone.

When installing new Apps, we suggest you install well known Apps with positive reviews, and avoid brand new Apps from unfamiliar companies.  Give new Apps time to build trust and to allow others to help test the App for malware and security risks.

3. Suggested iPhone Settings for Security

Below are several suggestions for iPhone settings to increase security on the smartphone. One in three robberies nationwide involve cell phones, with a ratio estimated as high as one in two within the San Francisco area. Users need to protect their smartphones to prevent a complete disaster.


A passcode is required before you perform these tasks:

  • Turn on or restart your device
  • Slide to unlock your screen (you can change this)
  • Update your software
  • Erase your device

Apple iPhone 4S Smartphone

Enable Passcode, erase iPhone data after ten failed attempts. Starting with iOS 9 the default passcode length is 6 digits instead of 4.

  • Open Settings
  • Select General
  • Select Passcode Lock
  • Select Turn Passcode On
  • Enter a Passcode – Do not select an obvious passcode like 1234 or 1111
  • Turn Simple Passcode off
  • Enter a passcode – Do not select an obvious passcode
  • Turn Erase Data on – Erases all data after ten failed passcode attempts
  • Turn Siri off – Prevents Siri access when locked (iPhone 4S)
  • Turn Passbook off – Prevents Passbook access when locked (iOS 6)
  • Turn Reply with Message off –  Prevents Reply with Message access when locked (iOS 6)

Data Encryption

Encryption prevents the data stored on your iPhone from being read, if you do not have the passcode. The passcode provides entropy for certain encryption keys. A 256-bit AES key is used to encrypt every new file created.

Starting with iOS 8, encryption is turned on by default.

Ensure Encryption is Turned On. After you enable a passcode in iOS version 4 or newer and you have an iPhone 3GS or newer, the phone can use hardware encryption to encrypt the data stored on the phone. Text messages, photos, emails, contacts, and call history were all encrypted.

  • Open Settings
  • Select General
  • Select Passcode Lock

After the Setting up a Passcode, scroll down to the bottom of the Passcode Lock Screen and verify that the text “Data protection is enabled” is shown.

If this is the phrase is not shown, do the following:

  • Connect your iPhone to your Computer
  • Backup your iPhone in iTunes
  • Restore your iPhone in iTunes
  • Check the Passcode screen again for the phrase “Data protection is enabled

iCloud Security

As of March 2016, iCloud, the Internet cloud syncing and storage service, current gives Apple the capability to unlock key data like backups, documents, contacts, and calendar information.  Someday this will change.

Apple encrypts your iCloud data in storage, but they encrypt it with their own key, not with your passcode key, which means that they are able to decrypt it to comply with government requests.

Turn iCloud OFF if you value security.

Safari Cookies

Prevent cookies from being accepted in Safari. Clear old cookies.

  • Open Settings
  • Select Privacy
  • Select Safari
  • Click Accept Cookies
  • Check Never
  • Click Clear cookies and data

If you are not using any Bluetooth devices, disable Bluetooth to increase battery life and prevent security risks.

  • Open Settings
  • Select Bluetooth
  • Set Bluetooth to Off

Backing up your iPhone regularly is an important task. With iOS 4, you need to connect your iPhone to your computer in order to perform back ups. With iOS 5, you can easily back up using iCloud. Enable iCloud by doing the following:

  • Open Settings
  • Select iCloud
  • Select the items that you would like iCloud to back up

4. iPhone Email Security

It is important that email accounts accessed from a smartphone are setup utilizing encryption when available. Many email providers including Google’s Gmail, Microsoft Exchange, MobilMe, AOL Mail and Yahoo Mail support SSL (secure sockets layer) when accessing their mail servers. If SSL is not used, your emails as well as your password can be read by hackers.

To check a Mail Account for secure SSL access, do the following:

  • Open Settings
  • Select Mail, Contacts, Calendars
  • Select a Mail Account
  • Click on an Email Account
  • Click on Account
  • Verify Use SSL is set to On

If Use SSL is set to off, check with your email provider to verify their SSL support and enable it if possible.

Also, make sure your email account has been cleansed with a good spam filter. This is a basic requirement of any solid email provider. If your email vendor needs spam filtering assistance, consider accessing the email account via POP inside a Gmail account.

5. Find a Lost iPhone, Erase a Lost iPhone

Apple has an app that helps you find a lost iPhone by showing it on a map and optionally erase it or make the iPhone play a sound. This free service is a life saver and should be one of the first items installed. To enable Find My iPhone, follow these iOS 5 & 6 instructions.

Also consider creating a special graphics file with your emergency contact information that can be used as your lock screen. If you are having a life threatening emergency, people could still access this information. If your iPhone is lost and password protected, people could still contact you.

McDonalds Free Wi-Fi

6. Using WiFi securely

When accessing a wireless network outside the home, exercise caution. Any information sent over an external wireless may be subject to eavesdropping. Unless you know the WiFi network is secure, we would recommend against  connecting to it.

If you really want to use an unfamiliar wireless connection, limit usage to non-critical apps, email, and web. Do not e-mail, online shop, online bank, or online trade from public wifi hot spots or cyber cafes. Many of these locations provide little to no security and are prone to snooping or malware.

The iPhone can remember wireless networks by name and automatically log into them. This convenience function turns into a security problem because the iPhone will automatically send the same password to a wireless network of the same name. So if you name your wireless router, Linksys, if you encounter another wireless router with the same name, the iPhone will automatically use the password. A hacker could exploit this to obtain your wireless router’s password. We suggest you do not enable any automatic joining to wireless networks. The iPhone is very good at transparently switching from a cellular data network to a WiFi wireless network.

When accessing the Internet on a smartphone or tablet, using the built in 3G/4G connection is a lot safer than connecting via a local wireless internet hotspot. This warning applies to both apps and mobile internet browsers.

The safest way to use a public wireless network is by employing a VPN (virtual private network) which securely tunnels all of your iPhone’s traffic through a secure server. There are many paid services that sell VPN access.

iOS 8 includes an “Always-on VPN” feature, which eliminates the need for users to turn on VPN to enable protection when connecting to Wi-Fi networks. The iPhone’s MAC address now changes when it’s not connected to a Wi-Fi network, so it can’t be used to persistently track a device by passive observers of Wi-Fi traffic.

Disable WiFi when you are not accessing wireless networks. This will extend your battery life and increase security.

7. Secure Browsing with Safari

Force websites to use secure connections – It is important to utilize secure connections or HTTPS whenever possible. Several large websites have configuration options to force these secure connections. Here is more information on configuring HTTPS with: Gmail, Facebook, Twitter, Google. Google.com defaults to HTTPS if you are signed into your Google Account, if you are not, just manually add the s after http to force a secure connection ie –  https://www.google.com

Use a password manager to create, use, and store passwords for websites. See our password manager guide for details.

8. Careful Link Clicking and Attachment Opening

As we have learned on computers, clicking on links in email can lead to viruses or malware being installed. We need to take the same precautions and more, on an Apple iPhone. Avoid clicking links in email, text messages, and websites that are unfamiliar to you.

Email attachments require the same amount of caution. Only open attachments when they are expected. Avoid opening your email provider’s spam folder and do not open any attachments in your spam folder.

9. iPhone Anti Virus and Internet Security Software

iPhone anti virus software exists but due to the secure iOS design, cannot scan files automatically or run scheduled scans. Users have to manually tell an anti virus or Internet security App to scan files. Intego makes anti virus software VirusBarrier iOS App ($2.99) for the iPhone, iPad, and iPod Touch.

Symantec makes a free App called ThreatCon which keeps you up-to-date on the threat landscape.

Kapersky Lab makes a free App called Threatpost that quickly displays articles from their security news website.

10. iTunes Password and Payment Option

It is important to select a strong password for iTunes. Read our article How to Create, Store, and Use Secure Passwords.

If a hacker obtained your iTunes password, they could drain your credit card with purchases. We recommend you remove all payment options after having created your iTunes account. iTunes only requires a payment option when creating a new account. We prefer to add iTunes money by purchasing a pre-paid iTunes gift cards.

11. Turn off Diagnostic Log Sending

Apple used to use Carrier IQ before iOS 5, so make sure you turn off this feature. To turn off sending of diagnostics data to Apple do the following:

  • Open Settings
  • Select General
  • Select About
  • Select Diagnostics & Usage
  • Click on Don’t Send

12. Malicious QR Codes

QR codes are appearing in print and all over the place. Be aware that malicious QR codes that lead the user to download malware have been found. Be sure you check the link the QR code points to before using it.

13. Enable Two-Step Verification for Apple ID

Apple introduced two-step verification for Apple IDs.  You need 2 forms of proof to access your account.

We have covered many ways to improve your iPhone security. Utilizing our tips will help significantly improve the already good security of the Apple iPhone smartphone.

Do you have more iPhone security tips?

14. Secure Messaging

Law enforcement and probably the NSA use cell phone tower simulators called Stingrays, IMSI catchers, or dirtbox made by Harris. These fake cell phone towers slurp handset identification information and can snoop on data. They deploy these in small planes to net a ton of intercepts, without getting a warrant. Cell phone users have no right to privacy in public areas.

You can fight back by using secure messaging clients like Signal or Text Secure. Older Stingrays only support 2G, not 3G/4G, so turning off 2G will help here.

Author: SafeGadget

Teaching users on how to secure their computers and gadgets.

28 thoughts on “iPhone Security, How to securely use your iPhone”

  1. My iphone keep heating up everytime i use any apps and also when i connected it to itunes, and sometime when i open app it brings me back to the home screen before i finish, do u know how to solve it? but when i took out the sim card it much better bit still haveing that problem.

    Please help

Leave a Reply