Automatic iOS and app updates
In addition to bug fixes and new features, new updates often address security vulnerabilities. Make sure to enable automatic updates or to regularly update not only the operating system of your Apple mobile device but also all the apps that you installed. An unpatched security vulnerability can lead to data theft.
Keep in mind that older device models might not support the latest iOS or app versions. In your device’s settings menu, you can also check the permissions of every app installed on your device and decide if you really want to allow each permission – for instance, access to your contacts, pictures, or location.
You can also regularly delete any apps that you no longer use. Less clutter = better security.
Avoid jailbreaking
On a jailbroken iOS device an app might not be able to read only its own data but also access the data of other apps. This might lead to theft of data and personal information.
A jailbreak is a modification of your Apple operating system that, on one hand gives you superuser permissions and on the other, it makes your device more susceptible to malicious attacks. It enables you to install apps that are not available through the iOS App Store, which means they might be less secure. A jailbreak unlocks access to sensitive areas of your device.
Apple considers jailbreaking as a violation of its end-user subscription agreement. If you did not purchase your device yourself or if it was not purchased from an official reseller, you should check, that it’s not already jailbroken.
Set a passcode/Face ID and Auto-Lock timeout
Protect data that is stored on your iOS device and in your apps with a strong key in the form of a passcode, Face ID, or Touch ID on older products.
When setting up your passcode, avoid using simple number chains, birthdates, or other easily guessable personal numbers. Based on what is stored on your iPhone or iPad, your passcode should be at least 6-digits long.
You can however go the extra mile and switch to a longer alphanumeric version. As natural oils on your fingers might unveil your passcode, it is advisable to avoid creating passcodes that have the shape of a pattern or an object.
After that, choose a reasonable Auto-Lock timeout, such as one or two minutes, which will lock your device after it has been inactive for the specified amount of time. This helps to protect your data in case your device is lost or stolen, or even just left unattended for a short time.
Secure your Apple ID and back up your data
Apple ID is the account that you use to access various Apple services on your iOS device. It is protected by a password (or ideally a passphrase) that you create, so it should be strong, unique, and hard to guess. We strongly advise you to also enable multifactor authentication that Apple provides for Apple ID.
Be cautious when receiving emails or opening websites that ask for your Apple ID credentials.
If you use iCloud for data backup, it is also accessible with your Apple ID. A backup is reliable insurance in case something happens to data on your iOS device. It might be stolen or damaged not only because of some security issues but also due to hardware failure or an accident. If a cloud solution is not something you’re interested in, you can use iTunes.
Consider setting up the "self-destruct" option
When setting up your passcode and Face ID, you can enable the Erase Data function. It can be safely assumed that if your device has recorded a high number of unsuccessful passcode entries, it is no longer in your possession and somebody else is trying to access its contents.
Reconsider this in case children tend to fiddle with your locked device. If you enable this option, after a certain number of unsuccessful passcode entries, all the data on your iPhone or iPad will be erased. That is why you should regularly or automatically back up your device; you will be able to recover the data to a replacement device using your iTunes or iCloud backup.
Make sure Find My iPhone is enabled
This app makes it easy to locate your Apple device in case it is lost or stolen. If it carries sensitive information or you think it will never be retrieved, you can use Find My iPhone to remotely erase it.
Compared to the Erase Data function, you have to first figure out that your iPhone or iPad is missing and then type your Apple ID into the icloud.com/find website.
Besides the remote wipe function, it helps you to locate your missing device using sounds, show it on a map, or display a message on its lock screen for a potential finder.
Secure your internet browsing
If you are using Safari as your internet browser, check if the Fraudulent Website Warning is enabled in the Safari settings. If you end up on a known fraudulent site, it will show you a warning.
It is highly probable that Safari's AutoFill option is enabled on your device; it automatically fills out web forms using your contact or payment card info. While it is handy, it might disclose your data to unauthorized people. You can choose to disable this option or to at least disable the storage of your credit card details in this browser.
If you don’t want Safari to remember the pages you visited, your search history or your AutoFill information after you close a tab, use the Private Browsing Mode. This mode is useful for protecting your privacy and you can enable it for a Safari session by opening Safari, then tapping the Safari button at the lower right of the screen and then tapping Private.
As for any device, using a reliable and trustworthy VPN provides you with an additional layer of protection.
Control connections to your iPhone or iPad
Your device can communicate with other nearby gadgets in various ways. For instance, by using AirDrop, you can share and receive photos, documents, and other data with other nearby Apple devices. As this provides a two-way communication channel, enable it only when it is actively being used.
The same goes for Bluetooth which should also be enabled only when used. To reduce the remote attack surface of your device, your Personal Hotspot that is sharing your iPhone’s or iPad’s network connectivity, should be disabled when not in use.
Keep the Wi-Fi settings of your iOS device in a state where the device asks you, in case it wants to connect itself to a Wi-Fi network, so it doesn’t connect to a rogue hotspot. Reducing the number of unnecessary connections to your iOS device protects you from unsolicited content or other potentially malicious objects.
We also advise you not to use any personal information in the name of your device, for instance Peter Jackson’s iPhone.