Apple iOS Security Recommendations

Take the following steps to secure your Apple iOS device. Please check with your manufacturer for specific instructions on how to best utilize these suggestions.

Operating System: All

Applies To: UB students, faculty, staff, alumni, retirees and volunteers

Last Updated: September 9, 2016

  1. Update firmware to the latest version
    Firmware updates often include critical security fixes, which reduce the probability of someone remotely exploiting the device.
  2. Require a passcode
    Requiring a password to unlock the device helps prevent unauthorized access to the device.
  3. Set auto-lock timeout
    Automatically locking a device after a short period of inactivity reduces the probability of someone accessing it without entering a password.
  4. Disable grace period for lock
    A grace period allows the device to be unlocked after auto-locking without providing an unlock code. Setting a value of "Immediately" will require the passcode to be entered regardless of when the device was last locked.
  5. Erase data upon excessive passcode failures
    Excessive passcode failures typically indicate that the device is out of its owner’s control. When this happens, the phone will erase its data to ensure the confidentiality of any information stored on the device.
  6. Enable Fraud Warning in Safari
    Enabling a fraud warning can help you avoid accidently visiting some known phishing and other fraudulent sites covered by this feature.
  7. Enable Data Protection
    With devices that support hardware encryption (iPhone 3GS and later, iPod Touch 3rd gen and later, and all iPads), iOS 4 and above allow applications to use an encryption key derived from your passcode to protect application data. 
  8. Turn off Ask to Join Networks
    Requiring manually configuration to join a Wi-Fi network reduces the risk of inadvertently joining a similarly named, yet untrusted network (i.e. "default" vs. "defualt"). Once you have configured your device to connect to all of the usual places you’ll want to connect to (UB, home, etc.), turn off “Ask to Join Networks” to reduce this risk.
  9. Turn off Bluetooth when not needed
    If you don’t need Bluetooth enabled, it should be disabled to prevent its discovery and connection by someone else.
  10. Forget Wi-Fi networks to prevent automatic rejoin
    A trusted, but unauthenticated Wi-Fi network may be spoofed and automatically joined if it’s not forgotten after last use. Additionally, if such a network has a common SSID (network name), such as “default” or “Linksys,” it is probable that the iOS device will encounter an untrusted instance of a same-named Wi-Fi network and automatically join it.
  11. Erase all data before return, repair or recycle
    In normal operations, deleting data on an iOS device renders it inaccessible through the user interface, but the data is not erased from the device. Erasing stored data by securely discarding the block storage encryption key before returning, recycling, disposing, or otherwise placing a device out of your control reduces the probability of someone else subsequently accessing confidential information previously stored on the device.
  12. Enable remote wipe functionality
    If your iOS device is lost, the data can be erased remotely using Find My iPhone. Among other things, Apple's iCloud service provides the ability to track GPS enabled devices, display messages on the screen, lock a device, and wipe all data. These features are provided free of charge to owners of iPhone 4 and newer, iPod Touch 4th generation and newer, and all iPad devices, but it does need to be setup on the device before it’s lost.
  13. Encrypt device backups through iTunes
    By default, backups of devices made in iTunes are not encrypted. This may expose sensitive data if any associated computer, tablet or iOS device is lost or compromised.

 

Still need help?

Contact the UBIT Help Center.