Security on your iOS Device
A lot has been said about the iPhone and iPad. Â It's great, magical, revolutionary, and cool. Â But not a lot of people are aware of the security features that come with an iOS device, and it's a shame. Â IT departments tend to panic when they don't know about the necessary security measures needed when such devices start showing up. Â Here are a couple of things that I would recommend to any user, particularly if you are going to start using your iOS device in a business setting.
Set a Passcode: Â This is so simple, and often overlooked because of the potential for inconvenience. Â In particular, if you let your kids use your iOS device without unlocking it first. Â But there are huge benefits. Â You have secure access to your device, and if it fails too many times it can wipe the data from the device to protect your privacy. Â How do you do it? Â Easy! Â Go to your Settings app, and then in General, click Passcode Lock. Â Then select Turn Passcode On. Â You can change your passcode, set it here, have a simple passcode (four digits) or a more complex alphanumeric passcode. Â Then, you can turn on Erase Data. Â This will wipe your data after 10 failed tries. CAUTION: Â If you have kids that play with your iOS device, they may try to get access to it several times, and could get to that 10 failed threshold. Â So keep track of your device.
Be Aware Of Your Network: Â Unbeknownst to many users out there, the wireless network in your local coffee house may not be completely safe. Â It's possible someone could be hijacking your information. Â Check which network you are using in your Settings, and be sure to always connect to your email through a secured connection (most use SSL to encrypt your connection to your mail, as Google Mail does). Â Not sure if you are connected through SSL? Â Check with your mail provider. Â And never, EVER, send any sensitive data through email. Â It's not an envelope, it's a post card. Â ANYONE can read it!
Use MobileMe Where Is My iPhone: Â It's free now, as of iOS 4.2, and definitely worth it. Â You can track your iOS device based on your iTunes account information using GPS. Â A really cool example was used in the BBC show "Sherlock". Â That way, should your iPhone get stolen, or your iPad, you can track it's location. Â Definitely worth the 10 minutes to set it up. Â And where do you set it up? Â In your Mail, Contacts and Calendars (it is part of MobileMe, remember). Â Just add a MobileMe account, and select Find My iPhone (or iPad). Â Then using either the Find My iPhone app, or the web (www.me.com) if you are at a desktop computer, you can locate your device, display a message or a loud annoying sound, remotely lock the phone, or even remotely wipe the phone.
Physical Security: Â Nothing works better to secure your iOS device than keeping it locked when not in use. Â And I don't mean locking the screen, but locking the device physically in a drawer or office. Â For my iPhone, I keep it in my front pocket (where I would definitely notice if someone was reaching for it). Â For my iPad, I tend to keep it either locked in a drawer, in my office, or in my bag and I carry my bad with me. Â The minute you leave it down somewhere, it could be the last time you see it. Â Always be sure you get in the habit of putting your iOS device (or laptop for that matter) away. Â Cubicles are not safe, as anyone can take anything left out. Â Use a key.
Don't Jailbreak The iPhone: Okay, I know it's cool, and I know it gives you the feeling that you are "sticking it to the man" and going your own way, but think about this: Â There could be a VERY good reason why a lot of those apps only available to a Jailbroken phone are not in the App Store. Â One is that some have been proven to carry data mining information. Â What, you say? Â Someone would do such a thing? Â Ask the 50,000 plus estimated Android users that used one of 50 apps that did that very thing for them. Â Yes, people do that, and yes, they can do it on any platform that is left open and has no security safeguards. Â Apple has intentional sandboxing of apps to keep data secure to the individual app and not share anything across the board. Â Now, that being said, if you are dead set on Jailbreaking your phone, then you are on your own. I'm not your mom, and I can't tell you what to do with your life. But don't say I didn't warn you. Â And if I were corporate IT, I would make it a serious breach of company policy to have ANY jailbroken iOS devices in my DMZ.
So those are a few suggestions that I would give. Â There are a number of corporate solutions that Apple provides through it's iPhone Configuration Utility and various Mobile Device Management server partnerships, but that would be a subject for another post. Â These suggestions are general ones that should work for any user. Â Does anyone else have any suggestions or comments they would like to pass on?