Securing Your iOS Device
Apple iOS Data Protection
All iPhones since the 3gs, all models of iPad, and iPod Touch models since the 3rd generation include hardware encryption. Encryption is enabled automatically when the device is configured to access GRC Exchange email using ActiveSync, which will require you to set a passcode.
If you do not configure GRC Exchange using ActiveSync, you can manually enable encryption by setting a device passcode:
- Tap Settings > Touch ID & Passcode (or Face ID & Passcode)
- Follow the prompts to create a passcode. Apple recommends using at least a 6-digit passcode.
- After the passcode is set, scroll down to the bottom of the screen and verify that the text ‘Data protection is enabled’ is visible.
For more information, refer to the Apple document Use a Passcode with your iPhone, iPad, or iPod Touch.
Use of Touch ID or Face ID is acceptable, since the Apple implementation stores the biometrics in a Secure Enclave and works in conjunction with the passcode.
For more information, refer to the Apple document About Touch ID advanced security technology.
If you use iTunes to synchronize and backup your device, configure encrypted backups by enabling the iTunes option ‘encrypt iPhone backups’ on the general preferences page for the phone. Then sync the device again to complete the process.
Privacy Settings for iOS
Apple provides a number of settings to control privacy in iOS.
In order to best protect your privacy, we recommend the following settings:
- Settings > Touch ID & Passcode (or Face ID & Passcode)
- Scroll down to the section labeled ‘Allow Access When Locked’
- Set the following options to Off:
- Control Center
- Reply with Message
- Return Missed Calls
- USB Accessories
- For each app listed, you can choose whether it is allowed to popup notifications, and most apps will let you disable notification on the lock screen and whether to show previews. We suggest at a minimum disabling notification previews for Mail, Messages, and any other messaging apps you use, in order to prevent someone else viewing messages that might be confidential.
- Turn on ‘Erase Data’
- Settings > Privacy > Location Services
- You can choose what abilities to allow each app that makes use of Location Services. Most apps should probably be set to ‘Never’ or ‘While Using’. Only select ‘Always’ for apps that absolutely need to access your location at all times, and after reviewing the app’s security and privacy policies.
- Settings > Notifications
- You can choose to set ‘Show Previews’ to ‘When Unlocked’ so that notification previews (snippets of notifications, such as incoming text messages) are not displayed when the screen is locked. Or, you can choose ‘Always’ and then customize which apps can display notification previews.
We also recommend that you turn ON the following settings for any iOS device:
- Settings > Privacy > Advertising > Limit Ad Tracking
- Settings > Safari > Do Not Track
More information https://www.apple.com/privacy/manage-your-privacy/