Welcome to our complete guide to iPhone security, where you'll find essential tips to protect the sensitive data on your phone from the prying eyes of snoops and hackers.
While Apple's iOS system is pretty secure, there are ways to make sure that your iPhone is as secure from hackers as it can be. If you have concerns about the safety of your private data, sensitive information including website logins, email addresses, text messages and even photos and videos, we have tips to help.
Keep iOS up to date
Make sure you're always running the most recent iteration of iOS, including smaller 'dot' or point updates.
Hackers occasionally find flaws in Apple's coding which they can exploit, potentially giving them access to your personal data. iOS updates are Apple's way of combatting the exploits by patching holes and implementing better stability enhancements. For example, on 22 January 2019 Apple issued a security update that addressed vulnerabilities that could lead to iPhones and iPad being hacked.
To update to the latest version of iOS, open the Settings app and tap General > Software Update. You'll either be assured that you're already running the latest version, or prompted to download and install something newer.
Activate Find My iPhone
Another step you can take in the war against hackers attacking your iPhone is to activate Find my iPhone.
If you lose your device you can log on to Find My iPhone from another iOS device (or via the web on a Mac or PC) and remotely wipe your personal data from the lost phone. This means that even if the hacker does manage to gain access to your lost/stolen device, they'll find nothing.
To turn on this feature, open Settings and tap your name/picture at the top of the screen. Now tap iCloud, scroll down and tap Find My iPhone. Make sure the toggle by Find My iPhone is green; if it's white, tap to turn it on.
To remotely wipe an iPhone with this feature activated, log in to the Find my iPhone app (or iCloud website), select your iPhone, tap Erase iPhone and confirm the action. The next time it has an internet connection (if it doesn't already) it'll automatically wipe itself.
Create a longer passcode
You may have heard of a hacking tool called GrayKey that can crack iPhone and iPad passwords. It's understood that the tool is currently being used by law-enforcement agencies, and can crack a four-digit passcode in a couple of hours. A six-digit code can be cracked in a few days.
The device, which plugs into an iOS device, disables the usual delays and locks (one minute after six incorrect guesses, five minutes after seven and so on) that would normally stop anyone from brute-forcing their way past a passcode.
While you probably don't have any reason to not want the police or government agencies to hack into your phone, the real concern here is that if it's possible for the GrayKey device to hack into your phone this way, it's highly likely that there will be similar devices and hacks available to criminals.
So, until Apple fixes the vulnerability that GrayKey is exploiting to run its passcode hack, what can you do to protect your phone?
- Choose a long passcode: one that's longer than six digits. It could take a few months to hack an eight-digit pin, and a ten-digit pin could take a decade to crack!
- Use a passphrase containing words, rather than numbers. But use random words that wouldn’t normally appear together.
While passcodes only use numbers 0-9, a passphrase includes numbers, letters, symbols and case-sensitivity which should make your iPhone a lot harder to break into - although it may take a little longer to unlock your iPhone when you want to use it.
How to set up a new passcode for iOS
- Open Settings.
- Tap Touch ID & Passcode (or Face ID & Passcode if you have an X-series iPhone).
- Enter your Passcode.
- Tap on Change Passcode.
- Enter your Passcode.
- Tap Passcode Options.
- From the options, choose either Custom Numeric Code or Custom Alphanumeric Code.
- Enter your new code and verify it.
If you use Touch ID or Face ID to unlock your phone you won't normally need to use your passcode to unlock it, but there are exceptions: the passcode will be required when you haven't used your phone for more than six days, for instance, or when you restart your device.
(On the subject of passwords, you can significantly improve your security by using a password manager.)
Auto-wipe iPhone content
Our next suggestion may sound a little unnerving, but it's a great option if you're worried about people trying to guess your passcode. The idea is that after 10 incorrect guesses, the iPhone will automatically wipe all content and thus make the smartphone useless to the hacker (or at least put your personal.
It's slightly worrying as we've known people to accidentally activate the feature (usually when under the influence of alcohol!) and delete all their personal information. These are usually the same people who tend not to back up regularly... so if you do enable the option we'd advise also turning on automatic iCloud backup so if your data is wiped (due to an accident or someone trying to hack you) you'll have everything saved in the cloud.
To enable the nuclear option, simply head to Settings > Touch ID & Passcode (or Face ID & Passcode), enter your passcode, scroll to the bottom of the page and toggle on Erase Data.
Avoid opening unknown links
This one is fairly self-explanatory - if you receive an unknown link via text, email or randomly on the web, don't click on it. This could potentially pose a threat to your device and even though it may not be able to hack your iPhone directly; some pose as popular email clients like Gmail to gain access to your email account.
The pages usually look pretty close to the real thing, so this type of scam is fairly common and it always pays to keep your wits about you.
The general rule is that if you don't trust the look of the email/message then just don't bother opening it. The same goes for email attachments too, although there aren't many cases (if there are any) where hackers have been able to gain access to an iPhone via this method, and this is more of a general tip.
Revoke app permissions
The next step to take in the war against hackers is to revoke access to apps. When you use iOS apps you'll often be prompted to allow the app to access things like the camera, microphone, contacts, etc to use the app to the fullest extent.
Even though allowing access means you can use every feature of the app, the app may also be able to access your private information.
Either way, if you feel like you've installed a less-than-reputable app on your iPhone, you can either delete it or head to Settings > Privacy, select the permission you'd like to revoke and toggle the application off - sadly this has to be done on a per-permission basis as there's no way to toggle permissions off all at once.
Turn off Siri
Apple's personal assistant, Siri, is a great feature of iOS and provides users with a way of using their smartphone hands-free.
However, no matter how helpful Siri may be to users, it can also provide hackers with personal data. Siri will often ask for some kind of verification before allowing access to contacts, photos and other types of sensitive information, but there have been multiple occasions where people have found workarounds completely bypassing the iPhone passcode and providing easy access to the device.
To disable access to Siri on the lock screen, simply head to Settings > Touch ID & Passcode (or Face ID & Passcode) and toggle the "allow access when locked" option off.
Read more advice in our Siri troubleshooting guide.
Turn off auto-fill
The same can be said about Apple's auto-fill feature in Safari. Apple's Keychain stores website logins, prompting users to save the information after successfully logging into their account.
It's a hugely handy feature as it means we don't have to remember the login information for the myriad of websites we browse - and the same goes for credit/debit card information. Simply tap a button and Apple will fill out all your card information, apart from your security code.
However, if a hacker does manage to gain access to your iPhone, it provides them with access to all your online logins. To disable keychain and auto-fill, simply go to Settings > Safari > AutoFill and toggle off each option.
How to avoid iCloud photo leaks & hacks
The past couple of years have seen a swathe of celebrity photo leaks. As usual on the web, famous women get the worst treatment - which in this case means the widespread posting of nude photos. And in a lot of cases an iPhone, or an iCloud account, has been involved.
That doesn't mean that Apple hardware and software services are fundamentally insecure. In fact, we feel confident in saying that the iPhone is the most secure mainstream smartphone on the market right now. But it does show that nobody can be complacent about the security of their most personal data and photos.
There are various ways to ensure that your intimate photos aren't stolen and posted online by hackers: two-step authentication and an audit of your secure questions are both a good idea. But we look at this in far more detail in this article: How to keep your iPhone photos safe.