SecureMac, Inc.

Checklist 266: It’s the Little Things: Apple Watch, AirTag, and Security

February 10, 2022

Apple Watch privacy tips: 6 ways to make sure your Apple Watch isn’t giving you away. Plus: Silent AirTags and how to stay safe.

Checklist 266: It’s the Little Things: Apple Watch, AirTag, and Security

On this episode of The Checklist:

Apple Watch safe setup tips

Apple Watch: What’s not to love? It brings you the news, allows you to keep in touch with the people in your life, and helps you to improve your health and wellbeing. 

Yes, Apple Watch is capable of doing a ton of good. But because it does so much, it also contains a truckload of your sensitive personal data. And if your Apple Watch isn’t set up for security and privacy, that data might be at risk.

Here, then, are six simple things you can do to make your Apple Watch a little bit safer:

  1. Use strong passcodes

    We’ve talked about this one many times before on The Checklist. A strong password (or passcode, as the case may be), is absolutely essential to good security — for whatever device you’re using.

    If you set your Apple Watch up with a weak, easily guessed passcode, fix that mistake! First things first: Make sure you can create a password that’s longer than the 4-digit default. On your Apple Watch, go to Settings > Passcode and toggle off Simple Passcode. You’ll be prompted to confirm your existing 4-digit passcode just to turn it off, and then you’ll be able to set a longer, stronger one (and please, not 123456!).

  2. Turn on auto-erase

    You probably know that iPhones can be set up to erase themselves after 10 failed login attempts (which is why the FBI turns to tools like GreyKey to access locked iPhones). But did you know that you can do the same thing with Apple Watch?

    Here’s how: On your Apple Watch, head to Settings > Passcode and toggle on Erase Data.

  3. Turn on auto-lock

    OK, this one’s actually a default setting, but some people turn it off for … reasons. Your Apple Watch should be set up to lock automatically when you’re not wearing it. If it isn’t, you’ll want to turn that setting on now.

    Go to Settings > Passcode > Wrist Detection and turn this option on.

  4. Thwart shoulder surfers

    Apple Watch Series 5 introduced the Always On display. That’s great — unless some nosy individual is sneaking a peek at your Apple Watch face! But not to worry, there’s a way to make use of an always-on device in a way that also protects your privacy.

    First off, hide the details of incoming notifications. You’ll still get your notifications, but they will just be generic-looking alerts until you tap on them. To do this, go to Settings > Notifications > and toggle on Notification Privacy.

    Next, hide any sensitive complications. Complications are those little windows and widgets that live on your Apple Watch’s face, some of which show private details like appointments, health data, and so on. Go to Settings > Display & Brightness > Always On, and then toggle the Hide Sensitive Complications option. When your wrist is down, your sensitive complications will be hidden.

    And of course, for the truly privacy-minded, there’s the nuclear option: turn that Always On feature…off. To do this, go to Settings > Display & Brightness > Always On and, you guessed it, turn it off.

  5. Don’t give your location away (unless you really want to)

    There are lots of good reasons to use Location Services on an Apple Watch or an iPhone. Some have to do with safety, others convenience, and some with, well, basic functionality (Map apps tend not to work very well if they can’t see where they are!).

    But you definitely don’t want to be giving location data to people who don’t need it — or who can’t be trusted with it. The good news is that you can control location sharing on an app-by-app basis. You’ll have to do this from your paired iPhone, but other than that, it’s fairly easy to accomplish.

    Go into your iPhone’s Settings, then head to Privacy > Location Services. That’s where you’ll see a full list of apps installed on your iPhone and your Apple Watch. You can give an app permission to access your location “Always”, “While Using the App”, or “Never”. Whatever you choose here will apply to both devices.

  6. Don’t let Mail give you away

    Apple introduced Mail Privacy Protection in iOS 15. The feature helps to hide your IP address from trackers when you open emails in Mail.

    But there’s a catch: Mail Privacy Protection only works on your iPhone. If you’re using Mail on your paired Apple Watch, then your real IP address will be revealed — even if you have Mail Privacy Protection enabled on your iPhone.

    For some people, that’s probably not a big deal. But if it matters to you, then you should know how to stop Mail on your Apple Watch from giving you away.

    The good news is that the fix here is pretty simple: Just stop receiving Mail notifications on your Apple Watch! To do this, open the Watch app on your iPhone, go to Mail > Custom > and then toggle Notifications to off.

Silent AirTags hit the market

We’ve discussed the security and privacy issues with AirTag before. The TL;DR is that Apple’s little tracking device for personal belongings can be misused to track people.

And now there’s a new concern. Last week, Cult of Mac reported that “silent AirTags” are being sold on Etsy. The sellers are disabling the AirTag’s built-in speaker — the very same speaker that’s supposed to beep to alert you if someone else’s AirTag is concealed in your bag or car — and then reselling them at 2-3 times the normal retail price. 

In fairness, there are some plausible, non-creepy use cases for a silent AirTag. But given all the public concern about abusers using AirTag for stalking, it’s a little hard to believe that the Etsy sellers didn’t realize who might be buying their products.

Protecting yourself from silent AirTags

When confronted about the potential security ramifications of silent AirTags, at least one prominent Etsy seller pulled the product immediately. But as Cult of Mac points out, disabling an AirTag’s speaker appears to be as simple as “drilling a small hole” in the device and disconnecting it. That means we probably haven’t seen the last of this issue. 

As such, pay special attention to any iPhone messages you get about an “Item Detected Near You”. Even if you didn’t hear any beeping, there may still be a modified AirTag around. In addition, if you’re an Android user, or if you know one, check out our segment about AirTag safety for non-iPhone havers on Checklist 264: Updates and Sharing What You Know. In particular, be aware that Apple has now released an Android app called Tracker Detect in the Google Play store. The app gives Android users the ability to receive the same sort of mobile alerts that iPhone users get when somebody else’s AirTag is nearby.

Do you have a burning question about digital privacy or cybersecurity? Send us an email and ask: We’ll try to answer it on a future edition of the podcast!

To check out past episodes of The Checklist while you’re waiting for the next show, head over to our archives.  

Get the latest security news and deals