There is a considerable amount of attention geared towards traditional computer security, especially for Windows PCs. As Mac’s have been a small portion of the total active users it makes sense that attackers have focused their effort on Windows operating systems. Therefore, Windows exploits tend be pervasive in the news leaving some to believe Mac’s “don’t get viruses”. That is not true.
A similar balance is seen with the market share of Android vs iOS users. Many tend to see iOS as a safer choice among the two operating systems. That comes from Apple’s tight grip on the App marketplace and the lack of customization compared to Android. This is not to say that iOS is immune to exploitation, but it may lack a sizeable user base that attracts attackers.
In addition to worrying about malware, there is the basic expectation on how the data on your phone is handled, and which Apps have access to it. Many users will buy a new iPhone and it will work as expected out-of-the-box. But there are some settings and options that should be considered to maximize your privacy and minimize potential risks.
*This information is referring to iOS 14. Your iOS version may not have the same options or layout if it is a prior version.
Limiting Ad tracking is a good first step.
Settings → Privacy → Apple Advertising → Turn off Personalized Ads
An additional step can be to remove a few location-based tracking options.
Settings → Privacy → Location Services → System Service
→ Turn off Location-Based Alert
→ Turn off Location-Based Suggestions
→ Significant Locations set to Off
→ Turn off Popular Near Me
While you are on the location service’s page go ahead and review what other settings are available. Many of them are harmless to keep enabled but can also be considered unnecessary. It is truly a matter of convenience versus privacy preference.
For those who want to have the most restrictive location settings will only need 2-3 options enabled. This includes the Status Bar Icon so that you can visibly see when your location is being used. The second option is to keep Emergency Calls & SOS enabled. The last is to have Find My iPhone enabled if you desire to have it tracked if stolen or lost.
Before you exit the Privacy page, go to the Analytics & Improvements tab, and disable all analytics sharing. If you have done it right, you will not see any green enabled options on the page.
It is also important to know what you have installed on your phone. The simplicity of downloading an App makes it easy to overlook whether the App is something you actually need. Luckily, Apple has begun to improve their privacy transparency in the App Store. You can now review how apps use your data and what data is being used to track you. If there is a free chess game that tracks your location and has access to your contacts, you may want to think twice about keeping that App.
In terms of security and ensuring your device is not compromised there are a few steps that you can take. One is to ensure that there are not any unknown configuration profiles installed. Profiles are used for legitimate reasons as well so be sure before removing one.
Settings → General → (If you do not see ‘Profile’ then you do not have any installed)
Settings → General → Profiles → Unknown_Profile → Click on Unknown_Profile and select Remove Profile
Automatic Updates are an easy safeguard which prevents you from using outdated software with security vulnerabilities.
Settings → General → Software Update → Automatic Updates
→ Enable Download iOS Updates
→ Enable Install iOS Updates
It may be worthwhile to install a third-party service to enhance your phones security. One popular paid choice is the iVerify application from Trail of Bits. While additional security applications are not necessary, they can offer educational benefits. iVerify will scan your configuration settings to let you know if you are following best security practices and offer instructions as to how they can be improved. There are many other security applications available such as WatchGuard’s own PandaDome for iPhone.
Only a handful of security and privacy topics were covered here. If you truly want to understand how your information is handled, go through your phones settings and Google what you don’t know. Often you will find that an enabled setting isn’t truly for your benefit but for Apps to track and profit from your activities.