Go to the profile of CodeFlügel
CodeFlügel
The CodeFlügel blog — news, tests and how-tos about the latest technology trends. Focus on Augmented Reality and Virtual Reality & some other more nerdy stuff.

Security and the iPhone — on protecting your privacy in the digital age

by Erroll Kappes

For my grandparents, signs of progress were probably being connected to the city’s sewer system or phone network for the first time. They could see it in the growing number of electrical outlets, mains and devices making their life easier, from can openers to thermostats. When I think about visible technological progress throughout my lifetime, the first thing that comes to mind is mobile phones spreading like wildfire in the 90s and early 00s. And only a few days ago, I was astounded by how many IP addresses I manage in my own home.

What all of these things have in common, is a closer connection to the outside world. I’m sure my grandparents never saw that as a threat, even though any technological breakthrough made more information openly available and thus exploitable by the state. Already in the early 50s, American intelligence agencies were able to intercept things being written on electrical typewriters by measuring electric fields. And many a terrarium owner received unexpected visits by the police, due to a suspicious level of power consumption.

Where’s my data going and why?

Nowadays, people’s growing unease about how much our various devices know about us and what they can do with that information has reached absurd levels. That leads many people to want to share as little information as possible with the outside world. But how can you decide what to use and what to avoid? Especially because there can be no universal answer to this question, and a specific individual answer would necessitate profound technical understanding. Personally, I always ask what someone’s motivation is for providing a service for free. Facebook needs to finance itself, so does Google and I don’t pay them anything, at least not in money. We pay with our data and by allowing our emails to be read. We pay every time we agree to a cookie being saved and with every step we take with Pokémon Go in hand.

The companies don’t care about us, personally. They don’t care about individuals, but about making money now and in the future. But, of course, this data can also be used in other ways when it gets into the wrong hands. We carry small tracking devices in our pockets that can be identified in a multitude of ways — online as well as offline and even, thanks to data retention, months or years from now. How great would it be for state agencies to be able to check where anyone is at any given time in order to catch criminals quickly and easily. Or why not automate the identification and be able to tell via various algorithms who might commit a crime in the near future. Or, even better, remotely monitor cars to catch people speeding and to pay their fine, the drivers just need to reply to a text message… only to be fined again for texting while driving. At what point do you get creeped out?

Why I use an iPhone

Now, thinking about the data collectors’ motives makes me spend tons of money on Apple products. I prefer paying a little more to being constantly monitored. Contrary to the popular opinion that Apple is the worst data-hog there is, even worse than Facebook and co. put together, you have to admit that it is one of only a few companies that don’t share their data with third parties. They even make an effort to keep the monitoring in their apps at a minimum and allow it to be turned off altogether.

Thus, Apple has by far the best data security concept of all mobile platforms — they even go so far as to shut down their own advertising services, because this restrictive approach doesn’t stand a chance in today’s world of pretty colorful pictures. A further indicator is Apple’s use of the “differential privacy” concept, which enables machine learning without gathering any data which can be allocated to individual users. And what Porsche has to say about Apple Car vs. Google Car only deepens my impression of them. Therefore, I would like to give you some pointers about iOS settings every user should know in my opinion.

Touch ID & Code

If you open the device settings, the first relevant list item is “Touch ID & Code”. Generally, I’d recommend using a 6 digit code, since there are 990.000 more possible combinations than with a 4 digit code. If you want to be safer still, you should use an alphanumerical password, i.e. a password that contains numbers as well as letters and special characters, since that makes the number of possible combinations nearly endless. And thanks to the introduction of fingerprint scanners, using a real password without foregoing any comfort has become really easy.

If you activate this feature, your fingerprints are saved on an additional computer inside the device. So every newer iOS device basically has two computers, where one handles your regular use and the other, the so-called Security Enclave, only saves your fingerprint. Technically, we already have the technology to reproduce fingerprints and trick the system, but I think we can agree, that the risk of someone spying on you while you type in your pin is a lot higher than them artificially reproducing your fingerprint.

In the past, there have been many security leaks allowing third parties to bypass the password protection. So you should think about restricting access to the system services while the device is locked. The question here is, do you want to enable everyone picking up your phone to make calls or send text messages (via Siri)? I’d also recommend enabling the ‘delete data’ option, which completely wipes any data from your device when a wrong pin is entered 10 times.

Data Security

In the “data security” menu on the main screen of your device settings, you can restrict your apps from accessing your personal data, such as your contacts and images, but also to other functions such as the camera and microphone. Those options give you a lot of control and Apple urges all developers to keep their apps as fully functional as possible when its access is restricted. Now, of course, it’s a lot easier to keep a messenger app working despite the access to the contacts being denied, than it is to keep a photo app working when you don’t grant it access to the camera.

In my experience, most apps still work fine despite restricted access to some data sources. Apps that cause problems due to those restrictions are a little suspicious and should maybe be avoided. I personally grant apps access to my contacts only when it is strictly necessary, since otherwise they are stored on some server without even checking with me. That has been known to happen, which is how some users suddenly found their private phone numbers on their Facebook profiles without ever having put them there.

iCloud

You’ll find the perhaps most important settings under “iCloud”. I strongly recommend setting up an iCloud account, activating it on the device and also activating the ‘find my iPhone’ setting to every user. Firstly, this prevents third parties from reusing a stolen device after re-installing the operating system, since they would need your iCloud password to do that. Secondly, of course, you can track lost and stolen devices via iCloud.com and you can even remotely disable them or delete the saved data. Additionally, you can select a message to be displayed on the lock screen and provide a phone number for the honest finder to call.

However, activating the iCloud backup is an entirely different story. Here, you’ll have to make your choice based on either comfort or privacy. In the past, various agencies have gained access to such stored data, since they are saved on Apple servers without any encryptions. It’s much safer to back your data up on your private computer, activating the ‘encryption’ option. The latter also has the advantage that more sensitive data (such as the increasing number of health and fitness data) are also included in the backup, which isn’t the case in the cloud.

2-Factor-Authentication

Lastly, I would like to point out the 2-factor-authentication option. With this enabled, your iCloud account can only be accessed by entering an additional pin, which you’re probably familiar if you use online banking. You can choose whether the you want to confirm your identity via a connected device or via text message. The advantage of the device-based authentication is that your pin will always be transmitted over a secure connection. The text message authentication, on the other hand, can still give you access even if you happen to lose your device. In order to activate the 2-factor-authentication, you have to visit appleid.apple.com and log into your iCloud account. Then, you select ‘edit’ in the ‘security’ menu and follow the setup assistant for ‘two-factor-authentication’.

Remember when some very private photos of public personalities got leaked on the internet last year? Well, a 2-factor-authentication would have prevented that. But sometimes all this effort is still in vain. It all just depends on so many little things which contain small mistakes that can lead to huge data leaks.

How paranoid is too paranoid?

I just aim to not be the most low-hanging fruit, that is, I don’t want to make stealing my data too easy. If you take my advice on some of these issues, your devices will not be the equivalent to Fort Knox, but they should be safe enough. And anyways, you can’t do more than be mindful of the data you send out into the world — anything else is up to other people, unfortunately. My latest security effort was opening a second bank account. Now, one of the banks knows how much money I make, and the other one knows what I spend it on. And that info is really only valuable if you know both those things.

via giphy

In conclusion, I don’t think there’s any reason to panic and start wearing a tinfoil hat. Instead, I’ll refer you to the progressive ideas my grandpa taught me when I was a kid, “The electricity is there whether you use it or not, so make sure you do!”

Further Info
How to set up a secure travel iPhone