Take the following steps to secure your Apple iOS device. Please
check with your manufacturer for specific instructions on how to
best utilize these suggestions.
Update firmware to the latest version Firmware updates often include critical security fixes, which
reduce the probability of someone remotely exploiting the
Require a passcode
Requiring a password to unlock the device helps prevent
unauthorized access to the device.
Set auto-lock timeout
Automatically locking a device after a short period of inactivity
reduces the probability of someone accessing it without entering a
Disable grace period for lock
A grace period allows the device to be unlocked after auto-locking
without providing an unlock code. Setting a value of "Immediately"
will require the passcode to be entered regardless of when the
device was last locked.
Erase data upon excessive passcode failures
Excessive passcode failures typically indicate that the device is
out of its owner’s control. When this happens, the phone will
erase its data to ensure the confidentiality of any information
stored on the device.
Enable Fraud Warning in Safari
Enabling a fraud warning can help you avoid accidently visiting
some known phishing and other fraudulent sites covered by this
Enable Data Protection
With devices that support hardware encryption (iPhone 3GS and
later, iPod Touch 3rd gen and later, and all iPads), iOS 4 and
above allow applications to use an encryption key derived from your
passcode to protect application data.
Turn off Ask to Join Networks
Requiring manually configuration to join a Wi-Fi network reduces
the risk of inadvertently joining a similarly named, yet untrusted
network (i.e. "default" vs. "defualt"). Once you have configured
your device to connect to all of the usual places you’ll want
to connect to (UB, home, etc.), turn off “Ask to Join
Networks” to reduce this risk.
Turn off Bluetooth when not needed
If you don’t need Bluetooth enabled, it should be disabled to
prevent its discovery and connection by someone else.
Forget Wi-Fi networks to prevent automatic rejoin
A trusted, but unauthenticated Wi-Fi network may be spoofed and
automatically joined if it’s not forgotten after last use.
Additionally, if such a network has a common SSID (network name),
such as “default” or “Linksys,” it is
probable that the iOS device will encounter an untrusted instance
of a same-named Wi-Fi network and automatically join it.
Erase all data before return, repair or recycle
In normal operations, deleting data on an iOS device renders it
inaccessible through the user interface, but the data is not erased
from the device. Erasing stored data by securely discarding the
block storage encryption key before returning, recycling,
disposing, or otherwise placing a device out of your control
reduces the probability of someone else subsequently accessing
confidential information previously stored on the device.
Enable remote wipe functionality
If your iOS device is lost, the data can be erased remotely using
Find My iPhone. Among other things, Apple's iCloud service provides
the ability to track GPS enabled devices, display messages on the
screen, lock a device, and wipe all data. These features are
provided free of charge to owners of iPhone 4 and newer, iPod Touch
4th generation and newer, and all iPad devices, but it does need to
be setup on the device before it’s lost.
Encrypt device backups through iTunes
By default, backups of devices made in iTunes are not encrypted.
This may expose sensitive data if any associated computer, tablet
or iOS device is lost or compromised.