Better Privacy and Security Settings for iOS

posted


I've been needing to replace my dying HP Touchpad, and due to recently buying further into Apple's ecosystem, I ended up picking up an iPad Mini the other day. I'd like to skip getting into some long-winded debate about Android and iOS and just move onto talking about iOS settings relevant to privacy and security.

I am by no means completely sold on either platform (or any of the various "competitors" that are available), and have owned my fair share of Android devices in the past and even staunchly advocated for them.

I'll be going down the list of Settings and mentioning any of them that I think we should alter. Many of these things require weighing a potential privacy and/or security gain against a potential loss of convenience, which is typically the tradeoff we all have to make (and a hard one, too).

I don't necessarily do all of these things, though I recognize that I probably should do the few that I do not.

A Note on Privacy and Security: If you've already been using your device for awhile, a lot of these things will only be a band-aid privacy-wise because data has already almost assuredly been stored somewhere. This is mostly a look at things that we can do to help make the system at least feel more private and secure. Also, if you are using any Google, Apple, or other large coporation's services, they are likely already storing all sorts of information, so these settings won't really do anything to stop any of that.

A Note on Jailbreaking: There are likely more things we could install and tweak on a jailbroken device. I'm currently undecided on jailbreaking my new iPad Mini because many of the programs used to do so just feel extremely shady and untrustworthy, and if you can't trust the thing that will unrestrict access to your device, do you really want it modifying your access? I'm holding off on the jailbreak pending further research.

WiFi

Ideally you've already secured your own network and all that fun stuff, because we won't be getting into that in this post. I will say, however, if your network doesn't have a password (or the password is "password") stop reading this and go change that. Go ahead, we'll wait.

We will take a look at that little switch at the bottom of the settings that says "Ask to Join Networks" and make sure it's off. We don't want our phone asking us to connect to stuff all the time.

This isn't really any sort of amazing bullet-proof measure and isn't proven to really protect anything, but the idea of my phone just looking for networks and asking me, "Do you want to connect to this network?" feels unsettling.

Also, it can become REALLY annoying if you are moving through any populated area where there are likely dozens upon dozens of open WiFi networks.

Notes

  • You should probably turn off your device's WiFi when leaving areas where you generally access a WiFi network to prevent your phone from trying to connect to an SSID with the same name as one of your regular access points and then turn the WiFi back on when you are at a location where you regularly connect or plan to connect.
  • If you are really worried about someone spoofing an access point with the same SSID as one of your regular access points, you can also choose the network from your list and select the Forget this Network option when you are done. This is one of those items where the inconvenience might outweigh the security gains, though.
  • If you are using public WiFi, use a VPN or don't do anything but look up stupid cat videos on YouTube or browse Reddit without logging in.

Bluetooth

This one is super simple, if you aren't currently using a Bluetooth device, turn off your Bluetooth. Leaving open connections just lying around isn't a good idea for any device or type of network.

This one is hard to remember and I forget most of the time because it hasn't become habitual yet.

Note: This might be a good candidate for some sort of NFC automation so you can toggle it on when entering your car for hands-free pairing and such. We won't be going into any of that here, though.

Cellular

Scroll down to the Use Cellular Data For: list and make sure any app that you don't actually want using your data is turned off. Also make sure you recognize all of these apps.

General

Let's head into the General Settings now and start updating our settings.

Siri

You may really like Siri, but I don't. For me, turning this off was pretty much a given.

No data gets sent to the Siri servers. No data is set up to link my contacts to particular statuses like "mother," "father," "girlfriend," etc. I don't have any evidence of any of this ever being accessed or used for anything, but I'd rather not have it out there if possible.

Note on Privacy: In a past, less security and privacy-minded, life I probably put most of the information mentioned above into various other systems (I'm looking at you, Facebook). I'd rather not put it all over the place if I can avoid it going forward, though. You could probably use just the information on this site to probably find out these things about me and I know that my information was likely compromised in one of any number of breaches of institutions that have more than enough data to compromise my identity; so my only real "defense" at this point is having a pretty generic name and crossing my fingers.

Spotlight Search

This one really comes down to your personal preference, but I don't use Spotlight for much of anything, unless maybe I'm looking for an App I installed and can't find it (and I am pretty obsessive about the organization of my home screens), so I've turned off basically all of the options here, especially the Bing Web Results option.

Background App Refresh

Hopefully you noticed any anomalies in apps using your cellular data when we looked at the usage earlier, and now is a chance to make sure only apps that you want having access to the web in the background are allowed to connect and update when you aren't currently focusing on them. Just make sure you trust the app and it's reason for connecting in the background. If you don't, turn it off (though, if you don't trust the app, you should probably just uninstall it).

Auto-Lock

Turn it on. You don't want your phone not locking if you left it somewhere accidentally. I use 1-Minute, but you can choose what works for you.

Note: There are times you might want to turn this off when using your phone in a known safe zone, like your home.

Restrictions

If you are really serious about the privacy and security of the device, you're welcome to turn some of these on so that an extra layer of complexity is added to use certain features.

There have been some brute force vulnerabilities for iOS Restrictions pin, though. So don't consider this a perfect layer.

I opted to forego this layer of security due to the aforementioned need to weigh privacy/security and convenience.

VPN

If you have a VPN you trust and would like to route your traffic through it, this would be the place to add it.

Touch ID & Passcode

Use both of these, and definitely upgrade your passcode from the simple, 4-digit PIN to an actually password.

If you are serious about this, enable the last option, Erase Data, which will delete your phone's data after 10 failed passcode attempts.

Privacy

Here we get to the real meat of the tweaks.

Location Services

Share My Location

I turn this off because I don't trust it to not be leaking that data somewhere in some way. Make your own judgement call on that one.

App Store

Never. I don't care what people near me are installing.

Camera

Never. Don't want to geotag those images if we don't have to.

And then basically just turn off location services for any of the things you don't really need to have your location. I would turn this off for any photo apps, social networks, etc.

System Services

This one has it's own hidden subset of things that were really eye-opening to me.

  • Location-Based Alerts - No Thanks
  • Location-Based iAds - Nope
  • Share My Location - No
  • Spotlight Suggestions - Probably Not
  • Frequent Locations - Absolutely Not (you'll want to delete the data for this one, too if there is any)
  • Diagnostics & Usage - Nope
  • Popular Near Me - Nope
  • Status Bar Icon - Yes, please. I'd like to know when something is geolocating me.

Diagnostics & Usage

I set this to Don't Send. It's probably all anonymized, but it says in the little blurb that it may include location information.

Advertising

Reset your Advertising Identifier and clean the slate. Now turn on Limit Ad Tracking.

I'm not 100% sure how the tracking works and how the limiting is used, so it might be worth it to hop in here and reset your Advertising Identifier every once in awhile.

Other Privacy Settings

You'll need to go through each of these options and make sure only apps you trust to have access to your Contacts, Camera, Microphone, etc. are enabled. Disable anything you don't trust or anything you don't think really needs that access.

iCloud

If you are using iCloud, make sure only apps that you trust have access to it and make sure you are comfortable with the Backup and Keychain settings, especially give the iCloud Drive settings a look.

iTunes & App Store

I turn off App Store recommendations and most downloads for purchases made on other devices. I'd rather manually manage my downloads.

Safari

There are a few things I tweak here just because I can't use my preferred browser as a default for everything, nor can I remove Safari. Much like tweaking security settings and installing updates for IE (despite never using it accept to download another browser after a fresh install), this is something I find I need to do for peace of mind. You may or may not want to tweak these.

  • Search Engine: DuckDuckGo (My preference would be StartPage, but it isn't an option)
  • Search Engine Suggestions: Off
  • Spotlight Suggestions: Off
  • Quick Website Search: Off
  • Preload Top Hit: Off

General

  • Passwords & AutoFill: Turn all of this off and delete any saved data (You are using a password manager, right?)
  • Block Pop-ups: On

Privacy & Security

  • Do Not Track: On
  • Allow Cookies: Always Block
  • Fraudulent Website Warning: On

App Recommendations

There are any number of lists of apps out there, so I won't go into great detail and list tons of them, but I will mention a few that I think are invaluable.

Don't take my word for it. Read, research, test, and come to your own conclusions. Ultimately we are each responsible for our own privacy and security.

  • LastPass: Despite a possible recent breach of some heavily hashed data, I still trust LastPass due to their security diligence. Really you should be using any password manager you feel you can trust because just cycling through a dozen or so variations of passwords leads to insecure, tightly coupled accounts (where a domino effect from a compromise is very possible) and possible security lockouts as you exhaust your login attempts cycling through your usual passwords
  • Endless Browser: An iOS browser focused on security and developed in the open. It allows StartPage as a default Search Engine, which was also a big plus for me.
  • Prey: An anti-theft measure for your devices. I have yet to need to recover a device using Prey, thankfully, but I sleep better knowing it's an option.

If you have any comments, questions, or angry notes telling me how wrong I am about something or how I completely overlooked something, please feel encouraged to leave them in the Disqus form below.

comments powered by Disqus