Most iPad users do not think very much about security. The iPad is part of Apple’s closed ecosystem, helping to prevent viruses and malware from wreaking havoc. As the iPad has grown in popularity, the tablet has become more of a target by hackers and criminals. It is important that iPad users immediately become more vigilant about tablet security. Our tutorial covers the iPad, and iPad 2.
1. iPad Software Updates
Apple upgrades the iOS software for the iPad from time to time. Updates include additional functionality as well as security bug fixes. It is important that users apply updates immediately. Before iOS 5 users needed to connect their iPads to a computer in order to update the tablet’s software. Needless to say, this was inconvenient and led to many iPads with obsolete software.
iOS 5 allows updates to occur without the iPad being connected to a computer, allowing users to stay current far easier. We recommend all owners of the iPad and the iPad 2, upgrade to iOS 5 immediately. iOS 5 in fact includes many security fixes.
If you Jailbreak your iPad, you need to be extra careful with regards to security as iOS updates are much more difficult for you. Be careful where you obtain your Jailbroken Apps as malware is much more prevalent.
2. iPad App Security
Apple’s App Store reviews all submissions before adding them. All iPad apps must be authenticated and signed which helps to ensure they haven’t been tampered with or altered. This helps prevent malicious apps from infecting the App Store. Apps are prone to security vulnerabilities, that are fixed by updates. Keep apps updated regularly and remove apps that you do not use. Regularly use the App Store app and select Updates. iOS 7 adds the capability to auto update your apps. Be sure to use this function. Apple has the ability to remotely remove malicious apps from your iPad.
When installing new Apps, we suggest you install well known Apps with positive reviews, and avoid brand new Apps from unfamiliar companies. Give new Apps time to build trust and to allow others to help test the App for malware and security risks.
3. Suggested iPad Settings for Security
Below are several suggestions for iPad settings to increase security on the tablet.
Enable Passcode, erase iPad data after ten failed attempts
- Open Settings
- Select General
- Select Passcode Lock
- Select Turn Passcode On
- Enter a Passcode – Do not select an obvious passcode like 1234 or 1111
- Turn Simple Passcode off
- Enter a passcode – Do not select an obvious passcode
- Turn Erase Data on – Erases all data after ten failed passcode attempts
Ensure Encryption is Turned On. After you enable a passcode in iOS version 4 or newer on every iPad tablet, the tablet can use hardware encryption to encrypt the data stored on the tablet.
After the passcode is set, scroll down to the bottom of the screen and verify that the text “Data protection is enabled” is shown. If this is not shown, do the following:
- Connect your iPad to your Computer
- Backup your iPad in iTunes
- Restore your iPad in iTunes
- Check the Passcode screen for the “Data protection is enabled“
Prevent cookies from being accepted in Safari. Clear old cookies.
- Open Settings
- Select General
- Select Safari
- Click Accept Cookies
- Check Never
- Click Clear cookies and data
If you are not using any Bluetooth devices, disable Bluetooth to increase battery life and prevent security risks.
- Open Settings
- Select General
- Select Bluetooth
- Set Bluetooth to Off
Backing up your iPad regularly is an important task. With iOS 4, you need to connect your iPad to your computer in order to perform back ups. With iOS 5, you can easily back up using iCloud. Enable iCloud by doing the following:
- Open Settings
- Select iCloud
- Select the items that you would like iCloud to back up
4. iPad Email Security
It is important that email accounts accessed from a tablet are setup utilizing encryption when available. Many email providers including Google’s Gmail, Microsoft Exchange, MobilMe, AOL Mail and Yahoo Mail support SSL (secure sockets layer) when accessing their mail servers. If SSL is not used, your emails as well as your password can be read by hackers.
To check a Mail Account for secure SSL access, do the following:
- Open Settings
- Select Mail, Contacts, Calendars
- Select a Mail Account
- Click on Account
- Click on Advanced
- Verify Use SSL is set to On
If Use SSL is set to off, check with your email provider to verify their SSL support and enable it if possible.
Also, make sure your email account has been cleansed with a good spam filter. This is a basic requirement of any solid email provider. If your email vendor needs spam filtering assistance, consider accessing the email account via POP inside a Gmail account.
5. Find a Lost iPad, Erase a Lost iPad
Apple has an app that helps you find a lost iPad by showing it on a map and optionally erase it or make the iPad play a sound. This free service is a life saver and should be one of the first items installed. To enable Find My iPhone, follow these iOS 4 instructions or iOS 5 instructions.
Also consider creating a special graphics file with your emergency contact information that can be used as your lock screen. If you are having a life threatening emergency, people could still access this information. If your iPad is lost and password protected, people could still contact you.
6. Using WiFi securely
When accessing a wireless network outside the home, exercise caution. Any information sent over an external wireless may be subject to eavesdropping. Unless you know the WiFi network is secure, we would recommend against connecting to it.
If you really want to use an unfamiliar wireless connection, limit usage to non-critical apps, email, and web. Do not e-mail, online shop, online bank, or online trade from public wifi hot spots or cyber cafes. Many of these locations provide little to no security and are prone to snooping or malware.
The iPad can remember wireless networks by name and automatically log into them. This convenience function turns into a security problem because the iPad will automatically send the same password to a wireless network of the same name. So if you name your wireless router, Linksys, if you encounter another wireless router with the same name, the iPad will automatically use the password. A hacker could exploit this to obtain your wireless router’s password. We suggest you do not enable any automatic joining to wireless networks. The iPad is very good at transparently switching from a cellular data network to a WiFi wireless network.
When accessing the Internet on a tablet, using the built in 3G/4G connection is a lot safer than connecting via a local wireless internet hotspot. This warning applies to both apps and mobile internet browsers.
The safest way to use a public wireless network is by employing a VPN (virtual private network) which securely tunnels all of your iPad’s traffic through a secure server. There are many paid services that sell VPN access.
Disable WiFi when you are not accessing wireless networks. This will extend your battery life and increase security.
7. Secure Browsing with Safari
Force websites to use secure connections – It is important to utilize secure connections or HTTPS whenever possible. Several large websites have configuration options to force these secure connections. Here is more information on configuring HTTPS with: Gmail, Facebook, Twitter, Google. Google.com defaults to HTTPS if you are signed into your Google Account, if you are not, just manually add the s after http to force a secure connection ie – https://www.google.com
Use a password manager to create, use, and store passwords for websites. See our password manager guide for details.
8. Careful Link Clicking and Attachment Opening
As we have learned on computers, clicking on links in email can lead to viruses or malware being installed. We need to take the same precautions and more, on an Apple iPad. Avoid clicking links in email, text messages, and websites that are unfamiliar to you.
Email attachments require the same amount of caution. Only open attachments when they are expected. Avoid opening your email provider’s spam folder and do not open any attachments in your spam folder.
9. iPad Anti Virus and Internet Security Software
iPad anti virus software exists but due to the secure iOS design, cannot scan files automatically or run scheduled scans. Users have to manually tell an anti virus or Internet security App to scan files. Intego makes anti virus software VirusBarrier iOS App ($2.99) for the iPhone, iPad, and iPod Touch.
Symantec makes a free App called ThreatCon which keeps you up-to-date on the threat landscape.
Kapersky Lab makes a free App called Threatpost that quickly displays articles from their security news website.
10. iTunes Password and Payment Option
It is important to select a strong password for iTunes. Read our article How to Create, Store, and Use Secure Passwords.
If a hacker obtained your iTunes password, they could drain your credit card with purchases. We recommend you remove all payment options after having created your iTunes account. iTunes only requires a payment option when creating a new account. We prefer to add iTunes money by purchasing a pre-paid iTunes gift cards.
11. Enable Two-Step Verification for Apple ID
Apple introduced two-step verification for Apple IDs. You need 2 forms of proof to access your account.
We have covered many ways to improve your iPad security. Utilizing our tips will help significantly improve the already good security of the Apple iPad tablet.