A lot has changed in iPhone and iPad security and privacy in just a few short years. As security threats have evolved, so have the security features and privacy protections built into your iPhone and iPad.
Some of the basics you will know already. Updating your devices to the most recent software is a major part of staying secure, and should automatically update overnight when you’re less likely to use them. iOS and iPadOS software also comes with a password manager to store your online account credentials. And, don’t forget to protect your Apple account with two-factor authentication to protect your Apple and iCloud account data.
Luckily for most of the other security settings and features, they’re already on by default. That means you’re protected from malicious data-stealing cables or forensic devices copying data from your phone thanks to Apple’s USB restrictions. It also means your phone will sniff out breached passwords, and will automatically encrypt your connections to websites wherever possible.
Top four things to know for optimal iPhone security:
1. Set a longer lock-screen passcode
A lot of people still use the same lock-screen passcode for years, so much so that many still use the legacy four-digits to secure their phone. Even if you use your fingerprint or your face to unlock your phone or tablet, your device is only as secure as the passcode that protects it. Simply adding a couple more digits to your passcode will make it significantly more challenging for a thief or attacker to break into your phone or tablet and steal your data.
Go to Settings then Touch ID & Passcode and type in your current passcode. When you go to Change passcode, you can set a longer passcode of six-digits — or even longer. Just hit Passcode options, and hit Custom numeric code if you just want to keep the number pad on the lock screen, or Custom alphanumeric code if you want the full keyboard.
2. Block apps from needlessly tracking you
Apps are often packed with ads and trackers that collect your location data and other device data. The apps oftendo this as a way to make money. The data they collect can be used to target you with ads, or more recently, it’s been found to be used by law enforcement and immigration agencies to track people without having to get a warrant. In 2021, Apple introduced App Tracking Transparency, a feature that gives iPhone and iPad users the option to allow ad and location tracking — or to switch it off entirely.
App Tracking Transparency is on by default, but you can always check by going to Settings, then Privacy, then Tracking and making sure that Allow Apps to Request to Track is switched off.
3. Share photos without locations
Photos taken on your iPhone or iPad also include information about the photo, called metadata, such as the time and date the photo was taken and also the precise location from which the photo was taken. That location data helps online services tag your photos with a nearby location or landmark. But sharing photos with the associated location data can reveal private locations, such as homes and workplaces, to others whom you might not want to share that information with. Fortunately, iOS makes it easy to share a photo you took without any location data.
Just head to the photo you want to share in your Photos app, tap the Share icon. If the photo has embedded location data, it will say Location Included. To share the photo without the location data, hit Options and then switch the Location toggle to off.
4. Restart your phone once a day
iPhones have a reputation for strong security, and if targeted state-backed hacks against iPhone owners are anything to go by, no device is perfectly secure. Spyware like Pegasus, which can silently steal data from an iPhone without the user having ever tapped on a link, and other vulnerabilities can be exploited by previously-undiscovered security flaws in the iPhone’s software.
Though it’s unlikely the average person will be targeted by some of these powerful hacking tools, restarting your phone can be a simple but effective way of combating even the most advanced threats. It’s because if malicious code does get through an iPhone’s defenses, it often cannot survive a reboot, which clears its memory when the phone is powered off. Rebooting your phone just once a week is even recommended by the National Security Agency.