Welcome to our complete guide to iPhone security, where you'll find essential tips to protect the sensitive data on your iPhone from the prying eyes of hackers.
If you have concerns about the safety of your private data on your iPhone, sensitive information including website logins, email addresses, text messages and even photos and videos, we have some tips to help you protect it.
While Apple's iOS system is pretty secure, there are ways to make sure that your iPhone is as secure from hackers as it can be - and here is where we show you how.
Keep iOS up to date
Our first tip on securing your iPhone against potential hackers is a fairly simple one - make sure that you're always running the most recent iteration of iOS, including smaller 'dot' updates.
Hackers occasionally find flaws in Apple's coding which they can exploit, potentially giving them access to your personal data. New iOS updates are Apple’s way of combatting the exploits by patching any holes in the OS while implementing better stability enhancements.
To update to the latest version of iOS, open the Settings app and tap General > Software update. You'll either be welcomed by a note letting you know you're already running the most up to date version of iOS, or be prompted to download and install the latest update.
The latest version of iOS is iOS 12, but point updates for iOS 12 are regularly released so it's important to keep an eye out for those. We track the latest updates to iOS 12 here, so you can be sure if there are any issues before updating.
For example, on 22 January 2019 Apple issued an important security update that addressed a number of vulnerabilities that could lead to iPhones and iPad being hacked, more information here: Apple updates Mac, iPhone and iPad due to security fears.
Activate Find my iPhone
Another step you can take in the war against hackers attacking your iPhone is to activate 'Find my iPhone'.
If you lose your iPhone then you can log onto Find My iPhone from another iOS device or via the web and remotely wipe your device, taking your personal data with it.
This means that even if the hacker did manage to gain access to your lost/stolen device, they'd find nothing. To remotely wipe your iPhone, log in to the Find my iPhone app (or iCloud website), select your iPhone, tap 'Erase iPhone' and confirm the action. The next time it has an internet connection (if it doesn't already) it'll automatically wipe itself.
Create a longer passcode
There’s a hacking tool called GrayKey that can crack iPhone and iPad passwords and its being used by law-enforcement agencies.
Apparently the tool can crack a four-digit pinched in a couple of hours. A six-digit code can be cracked in a few days.
The device, which plugs into an iOS device, disables the usual passcode-retry and re-entry delay strategies that would normally stop anyone from accessing a phone after a number of incorrect passcode entries.
While you probably don’t have any reason to not want the police or government agencies to hack into your phone, the real concern here is that if it’s possible for the GrayKey device to hack into your phone this way, it’s highly likely that there will be similar devices and hacks available to criminals.
So, until Apple fixes the vulnerability that GrayKey is exploiting to run it’s passcode hack, what can you do to protect your phone?
- Choose a long passcode: one that’s longer than six-digits. It could take a few months to hack an eight-digit pin, and a ten-digit pin could take a decade to crack!
- Use a passphrase containing words, rather than numbers. But use random worlds that wouldn’t normally appear together.
While passcodes only use numbers 0-9, a passphrase includes numbers, letters, symbols and case-sensitivity which should make your iPhone a lot harder to break into - although it may take a little longer to unlock your iPhone when you want to use it.
Here's how to set up a new passcode for iOS
- Open Settings.
- Tap Touch ID & Passcode (or Face ID & Passcode if you have an iPhone X).
- Enter your Passcode.
- Cap on Change Passcode.
- Enter your Passcode.
- Tap Passcode Options.
- From the options, choose either Custom Numeric Code or Custom Alphanumeric Code.
- Now enter your new code and verify it.
While if you use Touch ID or Face ID to unlock your phone you won’t normally need to use your passcode to unlock it, you may still need it if you haven’t used your phone for more than six days, or if you restart your device, for example.
(On the subject of passwords, you can significantly improve your security by using a password manager.)
Auto-wipe iPhone content
Our next suggestion may be a little unnerving for some people, but is a great option if you feel like someone is trying to guess your iPhone passcode. The idea is that after ten incorrect passcode guesses, the iPhone will automatically wipe all content and thus make the smartphone useless to the hacker.
It's slightly worrying as we've known people to accidentally activate the feature (usually when under the influence of alcohol!) and delete all their personal information.
These are usually the same people that tend not to use automatic iCloud backup, so if you do enable the option we'd advise also turning on automatic iCloud backup so if your data is wiped (due to an accident or someone trying to hack you) you'll have everything saved in the cloud.
To enable the rather nuclear option, simply head to Settings > Touch ID & Passcode, scroll to the bottom of the page and toggle on 'Erase Data'.
Avoid opening unknown links
This one is fairly self-explanatory - if you receive an unknown link via text, email or randomly on the web, don't click on it.
This could potentially pose a threat to your device and even though it may not be able to hack your iPhone directly, some pose as popular email clients like Gmail to gain access to your email account.
The pages usually look pretty close to the real thing, so this type of scam is fairly common and it always pays to keep your wits about you.
The general rule is that if you don't trust the look of the email/message then just don't bother opening it. The same goes for email attachments too, although there aren't many (if any at all) cases where hackers have been able to gain access to an iPhone via this method, and this is more of a general tip.
Revoke app permissions
The next step to take in the war against hackers is to revoke access to apps. When you use iOS apps you'll often be prompted to allow the app to access things like the camera, microphone, contacts, etc to use the app to the fullest extent.
Even though allowing access means you can use every feature of the app, the app may also be able to access your private information.
Either way, if you feel like you've installed a less-than-reputable app on your iPhone, you can either delete it or head to Settings > Privacy, select the permission you'd like to revoke and toggle the application off - sadly this has to be done on a per-permission basis as there's no way to toggle permissions off all at once.
Turn off Siri
Apple’s personal assistant, Siri, is a great feature of iOS and provides users with a way of using their smartphone hands-free.
However, no matter how helpful Siri may be to users, it can also provide hackers with personal data. Siri will often ask for some kind of verification before allowing access to contacts, photos and other types of sensitive information, but there have been multiple occasions where people have found workarounds completely bypassing the iPhone passcode and providing easy access to the device.
To disable access to Siri on the lock screen, simply head to Settings > Touch ID and Passcode and toggle the "allow access when locked" option off.
Read more: Siri troubleshooting guide
Turn off auto-fill
The same can be said about Apple's auto-fill feature in Safari. Apple's Keychain stores website logins, prompting users to save the information after successfully logging into their account.
It's a hugely handy feature as it means we don't have to remember the login information for the myriad of websites we browse - and the same goes for credit/debit card information. Simply tap a button and Apple will fill out all your credit/debit card information, apart from your security code.
However, if a hacker does manage to gain access to your iPhone, it provides them with access to all your online logins. To disable keychain and auto-fill, simply go to Settings > Safari > AutoFill and toggle off each option.
How to avoid iCloud photo leaks & hacks
The past couple of years have seen a swathe of celebrity photo leaks. As usual on the web, famous women get the worst treatment - which in this case means the widespread posting of nude photos. And in a lot of cases an iPhone, or an iCloud account, has been involved.
That doesn't mean that Apple hardware and software services are fundamentally insecure. In fact, we feel confident in saying that the iPhone is the most secure mainstream smartphone on the market right now. But it does show that nobody can be complacent about the security of their most personal data and photos.
There are various ways to ensure that your intimate photos aren't stolen and posted online by hackers: two-step authentication and an audit of your secure questions are both a good idea. But we look at this in far more detail in this article: How to keep your iPhone photos safe.