Better iOS Security in 5 simple steps

Better iOS Security
Table of Contents

Unless you lived under a moldy rock in the last years, your are probably aware of the ongoing war to obtain the perfect balance between privacy and security that takes place in our digital life. Stories like WikiLeaks, Edward Snowden, Cambridge Analytica and so on, have been on the first page of the news and security related incidents continue to make the headlines almost daily.

The security and privacy realm is huge, providing a bullet proof solution is impossible, and the weakest link is, almost all the time, the end user. But, with a little discipline and with the help of some apps, you can improve the privacy and security of your new iOS device easily and for free.

Bellow you may find 5 steps that you should perform on a new iOS device, before installing other apps and start using it.

1. Face ID

Face ID1 is designed to confirm user attention, provide robust authentication with a low false match rate, and mitigate both digital and physical spoofing. The TrueDepth camera automatically looks for your face when you wake your iPhone by raising it or tapping the screen, as well as when your iPhone attempts to authenticate you to display an incoming notification or when a supported app requests Face ID authentication. When a face is detected, Face ID confirms attention and intent to unlock by detecting that your eyes are open and directed at your device.

Apple claims that there is a 1 in 50,000 chance that someone else’s fingerprint will falsely unlock your iPhone (Touch ID) and a 1 in 1,000,000 chance that someone else’s face will do it. There’s a 1 in 10,000 someone could just guess a four digit passcode (4 digit passcode? really? in 2019?) and a 1 in 1,000,000 chance they could guess your six digit passcode (and they get three tries before they’re locked out).

Turn On Require Attention

To make the hackers life harder and sleep a little bit better, make sure Face ID Require Attention is turned on. Navigate to Settings > Face ID & Passcode and make sure Require Attention for Face ID is enabled.

face-id-attention
Require Attention for Face ID

Turn On Erase Data

Have a friend who likes to check your phone behind you? Is there a way to make sure no one sees the file on your phone without you knowing about it? Yep, there is. If you want to stop this, just set your iPhone to erase all the data after 10 failed attempts. Navigate to Settings > Face ID & Passcode scroll to the bottom of the page and make sure Erase Data is enabled.

face-id-erase-data
Erase Data

2. Safari

Prevent Cross-Site Tracking

When you browse from site to site, you’re often followed by trackers that collect data on where you’ve been and what you’ve done, using scripts, widgets or even tiny, invisible images embedded on the sites you visit. Take, for example, those social share buttons embedded on many websites. Sites may choose to include those buttons to gain useful analytics about their content, but the buttons also send data back to the social platforms. Sometimes, that makes sense, allowing you to share content on other social platforms. But often, that data also ends up being used behind the scenes to target advertising or create user profiles. What also happens behind the scenes is that many more third parties – companies separate from the sites you’re visiting – are also receiving that activity, without your knowledge. Not knowing what’s up with your data is what makes cross-site tracking tricky. Those third parties – like data brokers, affiliate networks and advertising networks – use cookies, and other data tracking methods, to collect information about our browsing habits without our consent.

Let’s frustrate them! Navigate to Settings > Safari, scroll down to Prevent Cross-Site Tracking2 and make sure is enabled.

safari-cross-site
Prevent Cross-Site Tracking

Change the default Search Engine

Searching the Internet using a search engine is free – in theory. In reality, Google and other major search providers collect data on you. They then use this data to create a unique profile for you to serve you hyper-targeted advertising.

DuckDuckGo3 to the rescue! DuckDuckGo doesn’t collect or store any data on you, it doesn’t target ads, and it doesn’t track your browsing history. In other words, if you care about online privacy — even in the slightest — you should be using DuckDuckGo as your primary search engine for routine browsing. DuckDuckGo it’s an excellent alternative to many of the big name search platforms you’re probably already using (yes, Google). But it’s not enough to just type in DuckDuckGo whenever you’d like to search. You should also change the default search engine on your browser, too.

Open Settings, navigate and tap on Safari, tap on Search Engine and select DuckDuckGo and your are good to quack, ahem… go.

safari-search-engine
Change the Search Engine

Configure some Content Blockers

In iOS, a Content Blocker extension customizes the way Safari handles your content. The extension tailors your content by hiding elements, blocking loads, and stripping cookies from Safari requests. Using a Content Blocker extension, you provide Safari with content-blocking rules that specify how Safari treats content such as images, scripts, and pop-up windows. Your rules can hide Safari-downloaded content or prevent Safari from requesting specific content from the server. By reducing the amount of content Safari requests, your extension can reduce the amount of time required to load pages. When you block content from loading, you reduce Safari’s memory usage and improve Safari’s performance. In addition to blocking unwanted content, a Content Blocker extension protects privacy. For example, the extension doesn’t have access to users’ browsing activity and it can’t report activity to your app. By blocking cookies and scripts, the extension reduces the information that Safari provides to other websites.

My simple recommendation is Firefox Focus4 and 1Blocker5. Install them from AppStore and then go to Settings > Safari, scroll to Content Blockers and enabled both of them. Default setting should do for most of the users, for advanced user there is a ton of configuration options for both blockers. Play with them as you like, just, you know, don’t disable them.

safari-content-blockers
Content Blockers
safari-content-blockers-2
Firefox Focus & 1Blocker

3. Use a Password Manager

Forgetting the password for an important website can send you down the tar pit of figuring out the password reset procedure. It’s really tempting to use something so simple you won’t forget it, or to memorize just one tricky password and use it everywhere (Who? Me? Noooo…). However, doing so is setting yourself up for major pain when some hacker or – God forbid – an ex guesses your simple password. And if that complex, tricky password gets exposed in a breach, all your accounts are in danger. The only solution is to use a different password for every account, and make them both long and random, like dVC%#P4c0Y2P3Ckatx1. Any chance you can remember dozens of strong passwords like that? If yes, skip the next part, this article and forget you ever enter this site. Thank you! Otherwise, you absolutely need a password manager.

Enter LastPass Password Manager6. Syncs passwords across Windows, macOS, Android, and iOS devices, has two-factor authentication, actionable password strength report, secure sharing, password inheritance and automatic password change. Ah, and one more thing: it’s free.

last-pass
LastPass

After you install it from AppStore, open the Settings app, tap Passwords & Accounts, tap AutoFill Passwords, turn the toggle on to AutoFill Passwords, select LastPass from list and unselect Keychain.

settings-autofill-passwords
AutoFill Passwords

Next time you will need to login in a website or an app that is saved in your LastPass vault: Voilà, c’est magique!

last-pass2
LastPass in Action

4. Use Secure DNS

Even if you are visiting a site using HTTPS, your DNS query is sent over an unencrypted connection. That means that even if you are browsing https://facebook.com, anyone listening to packets on the network knows you are attempting to visit facebook.com. The second problem with unencrypted DNS is that it is easy for a Man-In-The-Middle to change DNS answers to route unsuspecting visitors to their phishing, malware or surveillance site. To combat this problem, we have DNS resolution over an HTTPS endpoint.

1.1.1.1: Faster Internet7 is a fast and private way to browse the Internet. It is a DNS resolver – kind of like Google Maps for your computer, it translates places – like facebook.com – into addresses – like 2a03:2880:f11c:8083:face:b00c:0:25de. 1.1.1.1 is deployed in 150+ cities worldwide, and has access to the addresses of 7M+ domain names on the same servers it runs on so it’s the fastest resolver out there.

How to use it? Just install it, toggle it on and forget about it. It does not get more simpler than this.

vpn-secure-dns
1.1.1.1

5. Use a VPN

Put simply, a Virtual Private Network, or VPN, is a group of computers (or discrete networks) networked together over a public network—namely, the Internet. Businesses use VPNs to connect remote data-centers, and individuals can use VPNs to get access to network resources when they’re not physically on the same LAN (local area network), or as a method for securing and encrypting their communications when they’re using an untrusted public network.

Fascinating! Almost falling asleep…

The most important thing you need to know about a VPN: it secures your Internet connection to guarantee that all of the data you’re sending and receiving is encrypted and secured from prying eyes.

Behold Windscribe VPN8 features galore! You can use Windscribe for free, for as long as you like. With a confirmed email address you get 10GB/month of data, unlimited connections and access to over 10 countries. How cool is that?

Other great features: blocks IPs and domains (ads) of your choice on all devices, can’t personally identify you based on IP and timestamp, uses AES-256 cipher with SHA512 auth and a 4096-bit RSA key, generates OpenVPN, IKEv2 and SOCKS configs for all your devices, and much more.

Install it, turn it on and browse those sites with total privacy.

vpn-windscribe
Windscribe VPN

If you have some preferred secured networks that you totally trust (or, in my case, the BMW CarPlay was going crazy with a VPN so I had to disable it) you can easily whitelist them in the Network Whitelist section.

vpn-windscribe2
Windscribe VPN

Conclusion

Nobody can ever assure a 100% security protection, particularly when it comes to online security. However, you can certainly minimize the risks by keep employing some basic security measures. Use this article as a starting point and continue from here. Here are some other Quick Tips that might help:

  • When computing, whatever happens, behave as though you meant it to happen;
  • When you get to the point where you really understand your computer, it’s probably obsolete;
  • The first place to look for information is in the section of the manual where you least expect to find it;
  • When the going gets tough, upgrade;
  • For every action, there is an equal and opposite malfunction;
  • To err is human… to blame your computer for your mistakes is even more human, it is downright natural;
  • He who laughs last probably made a back-up;
  • If at first you do not succeed, blame your computer;
  • A complex system that does not work is invariably found to have evolved from a simpler system that worked just fine;
  • The number one cause of computer problems is computer solutions.