The Checklist 76: Apple Watch and Security
Way back in 2007, Apple released the iPhone and changed the world overnight by putting the power of an iPod, a phone, and the Internet right in our pockets. The iPhone quickly relegated the iPod to the annals of history, and for better or worse, it all but killed the wristwatch too. Then Apple decided it was time to bring the watch back to life — and thus, the Apple Watch was born.
Just like the iPhone, the Watch is more than just a timepiece. It tracks workouts, it receives messages, it lets you unlock your computer — in some cases, you could even use it unlock a hotel room door! It could, quite literally, be a lifesaver. So how does Apple make something so small and powerful still secure enough to use without undue concern? Today, we’re breaking down the security features of the Apple Watch to reveal what makes it tick. On the Checklist:
- Your passcode & your security
- When Your Apple Watch Goes Missing
- Notifications and the Prying Eyes of Passers-by
- Privacy Settings & The Data You Share
- Using the Apple Watch to keep yourself physically safe
Your passcode & your security
The first line of defense when it comes to security on the Apple Watch is much the same as it is on your iPhone — it’s all about the passcode. When you want to keep prying eyes and strangers away from your information, setting a passcode just makes good sense. The Apple Watch comes with a few settings built-in that you can use to customize your experience. There is an option to leave it disabled, for instant access to your device — but don’t choose this option! What if you lose your watch, or someone steals it and walks off? No passcode means instant access for anyone — so it’s best to ignore that option.
The first real choice is to set a simple passcode. Longtime iPhone users will be familiar with this as the 4-digit passcode that was for many years the gold standard for iPhone security. While better than nothing — and a fine option if you continually lock and unlock your Watch — you can also disable Simple Password to create a longer,more complex passcode to use. Generally, this is what we’d recommend because it’s the most secure option. Plus, if you’re wearing the Watch, you’ll only need to punch the code in every now and again, as opposed to typing your code repeatedly.
“Unlock with iPhone” is another option, this one something of a legacy from the earlier days of the Apple Watch. Before Apple put out the Series 3 Watch, the device required your iPhone to access the full range of functionalities it housed. The Watch still had built-in functions for workouts and a few other features, but you needed to bring your phone out to do more. If you enable this feature now, you can control your passcodes and other security options directly within the Watch App. Unlocking your phone also automatically unlocks your Watch (so long as it’s on your wrist), making for a convenient way to pair your devices.
Speaking of wearing your watch, you can enable Wrist Protection to ensure that your device always locks automatically the moment you remove it and put it down. This way, if you accidentally leave your Watch some place — say, in a restaurant — your data won’t remain vulnerable to the next person. There is also one final option to consider: erase data.
Erase data is a feature that comes from the iPhone as well. When enabled, the user only gets ten attempts to properly unlock the device. If someone exceeds ten failed attempts, your Watch will automatically erase all its data and reset itself to a factory default. If someone steals your watch to try and get your info, this will ensure data destruction and the corresponding safety for you. If you’re the only individual wearing the Watch, it could be a handy feature to use. However, for those out there with kids who might play around with your devices — well, it’s probably best to leave this one feature disabled.
When Your Apple Watch Goes Missing
Let’s focus on that scenario in which you lose or misplace your Watch somewhere while you’re out and about. Just like when you lose your phone, it can be a pretty distressing experience whether you’ve got sensitive information on the device or not. You might worry that it’s an even bigger problem if you’ve linked Apple Pay to your Watch, too. So, what can you do if you lose your Watch? Luckily, Apple has made it very easy to access the features you’ll need. In fact, you can do it all right from your iPhone, within the Watch app.
Imagine you have lost your Watch. The next thing you would do would be to open your Watch App, select the Apple Watch paired to your device, and then select the Information button for it. That’s the little circle with the “i” inside. On that screen, you begin the process of using Find My iPhone to locate your Watch based on its last reported GPS position. If you’ve ever misplaced your iPhone before, this should already be quite familiar to you. Don’t have your phone on hand? You can always use Apple’s online version of Find My iPhone by visiting the appropriate website. This way, you can locate any or all your missing devices.
From here, you can choose to enable “Lost Mode” if you wish. It’s a good idea, especially if you won’t be able to get to the Watch right away. When activated, you can input a message to display (such as “Help, I am lost” and your contact details) on the Watch screen. Anyone who picks up your device will be able to see this message — but since you set up a passcode, they won’t be able to get to your actual information. Apple also allows you to make the Watch play a sound, which can be helpful when you’re in the right area but still can’t find your device.
If you’re sure that the device has been stolen or lost irretrievably, you can tell Find My iPhone to erase your Apple Watch remotely. Unless you have a backup, this is permanent — so beware. However, as a last resort, it’s an essential and useful tool to have.
Losing something as expensive as an Apple Watch is stressful. Unfortunately, an AppleCare plan won’t help you here. Unlike with a product such as the AirPods, which receive AppleCare coverage for loss or theft, you need to safeguard your Watch just as you would your actual iPhone. However, one important thing to note: many credit cards, as a part of their terms, do extend some limited protections to consumers regarding the loss of items purchased on those cards. You should check out your cardholder policy to see what type of protections you may have, and how long it might last. It can help provide you with some extra peace of mind for a big purchase.
Notifications and the Prying Eyes of Passers-by
Notifications are important — they let us know when we have email, when we’ve got reminders or appointments coming up, and far more. They can also expose a lot of information about your personal and private life to people who might try to look at your screen. Apple has taken steps to not only ensure you can preserve your privacy when using the Watch, but also to give you greater control over your notifications. Generally, notifications only appear when you’re wearing your Watch and when it’s unlocked. Otherwise, they won’t appear. They also turn off automatically when the Watch senses that you’re using your iPhone — a handy feature that keeps the same notifications from going off on all your devices at once!
The alerts you receive while wearing your Watch could be important. Perhaps you need to remember to place a call to a business associate, or maybe you need a reminder to take medication. Perhaps it’s just the latest cute cat picture from an account you follow on Instagram — but whatever it is, you’ll want to see them while the device is on your wrist. Even so, you don’t want others seeing them. To help with this, you can choose to enable Notification Privacy Settings.
With this feature enabled, only a generic alert appears on your Watch, indicating what type of notification you’ve received. Tapping on the notification allows you to see more details, but you won’t expose your personal information every time you move your wrist around. Be sure to check out individual settings in each of your apps, too, as there is a large degree of customization available in Watch apps. These will let you decide what information and how much of it to display when an app sends your Watch a notification.
As a reminder: most of these settings also have a “mirror iPhone” option, which means your Watch apps will simply use whatever settings you’ve configured on your phone. Therefore, you can also work to customize your settings from your phone if you prefer not to work on them through the Watch itself.
Privacy Settings & The Data You Share
Let’s spend just a moment clarifying what is shared between your Watch and your phone, and then we’ll dive in to protecting some of the more sensitive information your device generates. Overall, location services, your contacts and address book, any analytical services, and your accumulated health data get shared between your devices. So, whenever you make a change to any one of these services, it carries over, creating consistency between your devices. If you’d like to tweak what’s shared or to exercise some finer control over your information, change them in the Privacy portion of the iPhone Settings app.
So, speaking of privacy, let’s focus on the health data your Apple Watch collects. Apple bills itself as a leader in the personal fitness device space, with the Watch now purposefully designed to aid in tracking your workouts. It has all kinds of neat functionality, like a built-in swim tracker that can even sense when you make a turn to start a new lap in the pool. Throughout all of this, your Watch can log and keep track of information such as your heart rate, distance traveled, and even calories burned. Apple has even announced its intention to roll out a program to analyze heart data and warn users if it detects the potential for cardiac problems.
While this is all useful information to have, and a key reason for why many people purchase the Apple Watch, think about it — this is some pretty personal data. Sure, some random person who finds your phone might not have much use for your historical heart rate data, but this is still information that should remain private, and at the most shared between you and your doctor. It’s worth considering what kinds of trade-offs you’re willing to make regarding keeping your information as private as possible and getting the most out of your device.
One interesting story hit the news recently which involved a murder in Germany. As part of the police investigation, data from the man’s health app was used to show that he was engaged in strenuous activity around the time that police alleged he was covering up his crime. While this didn’t involve an Apple Watch specifically, it does showcase the fact that the data our devices log could be used against one in a court of law — or it could be used to exonerate you just the same.
A similar situation occurred in 2017 when police used records of a man’s FitBit steps to place him at the scene of his wife’s murder. All this is just some food for thought, as it is worth considering how we potentially sacrifice privacy by using the latest and greatest services.
Using the Apple Watch to keep yourself physically safe
There are a few ways that your Watch can help keep you safe out in the real world. Just like with the iPhone, the Watch has a built-in “SOS” mode you can activate in the event of an emergency. If you need to make an emergency call right away, it’s simple: press and hold the side buttons, then slide the Emergency SOS slider when it appears. This will automatically place a call to the relevant emergency services, such as 911 in the United States.
After the end of the call, your Watch goes one step further, automatically alerting your pre-defined emergency contacts that you activated the SOS mode. If it has access to your GPS location, it includes that in the message as well. Merely holding the button until your device beeps will also trigger an automatic countdown to call emergency services. As you can imagine, there are tons of situations where this functionality could be a real lifesaver.
What about the heart rate monitoring? We mentioned a moment ago that Apple was planning to roll out an exciting new program.
It’s called Apple Heart Study, and it recently hit the Watch as part of a new research project. The goal is to collect user heart rate information (from users who’ve opted in to the program) to identify irregular heartbeats that may be caused by atrial fibrillation, or AFib. This medical condition is a major factor in strokes, which lead to more than a hundred thousand deaths and three-quarters of a million hospitalizations every year. Yet for the most part, sufferers of AFib show no symptoms at all.
The Apple Watch’s built-in LED sensors use rapid pulses of light to analyze and interpret the flow of blood through your wrist, while the onboard software closely tracks your heart rate. By using this data, the Apple Heart Study app can identify patterns that are most likely to indicate the presence of AFib. The app then alerts the user, who can speak to their doctor about treating the condition and improving their overall health. Haven’t had a chance to see this yet? Check out the link below in the show notes — getting in to the study is easy, as all you need to opt-in is your birthday and location. We recommend giving it a try if you own an Apple Watch!
That about wraps it up for today’s episode — despite its small size, the Watch has a lot of security packed into its features. There’s a certain degree of safety that comes from the way you use it, and of course there are always some trade-offs to be mindful of when considering purchasing one of these devices. Nonetheless, just like the iPhone impressed us more than ten years ago, the Watch is reshaping what personal timepieces are all about.
Do you want to give a listen to some past episodes, or check out their show notes? You can find everything you need right here in our very own archives. It’s an excellent resource for catching up, going back, and even sharing with friends and family to spread the knowledge of security.
Got questions, or think you’ve come up with a good topic you’d like to hear us hit? Just shoot an email to Checklist@SecureMac.com to let us know. As always, thanks for tuning in to The Checklist, brought to you by SecureMac.
