SecureMac, Inc.

The Checklist Podcast

SecureMac presents The Checklist. Each week, Nicholas Raba, Nicholas Ptacek, and Ken Ray hit security topics for your Mac and iOS devices. From getting an old iPhone, iPad, iPod, Mac, and other Apple gear ready to sell to the first steps to take to secure new hardware, each show contains a set of easy to follow steps meant to keep you safe from identity thieves, hackers, malware, and other digital downfalls. Check in each Thursday for a new Checklist!

The Checklist 74: Overall iOS Security Features

Posted on February 1, 2018

Your iPhone is secure, right? That’s the general impression, anyway — and it’s certainly an impression Apple has worked hard to maintain over the years. It’s easy enough to call it secure, but what is in place to keep you safe? What does Apple do to protect its users day after day, and do we ever need to go beyond the “out of box” security experience? On today’s edition of The Checklist, we’re talking about the overall security features you’ll find in iOS, whether you’re an iPhone or an iPad user. Items on the list include:

  • Your Passcode – The First Line of Defense
  • Sandboxing
  • Apple’s Walled Garden
  • iCloud Security Services
  • Third-Party Security Apps?

When you pick up your phone, one of the first things you might do is punch in your passcode. So that makes it an obvious place to begin today.

Your Passcode – The First Line of Defense

The PIN is one of the oldest methods for rapidly verifying a user’s identity on a secure system, though not perhaps as old as you might think. The first PINs were used back in the late 60s when ATMs first began to proliferate. Now, we use them for far more than basic cash withdrawals at the bank. We use PINs generated automatically to verify ourselves at many other institutions; you could even think of two-factor authentication codes as a kind of one-time PIN. It’s an incredibly useful method because it’s easy for individuals to remember a secret number — and that’s why your passcode is the first line of defense against intruders who want to access your phone.

Anyone who gets their hands on your iOS device will come up against your passcode first, and it does a pretty decent job of keeping prying eyes away from your most confidential information. The simple fact that Apple has contended with legal challenges from law enforcement agencies unable to break through the passcode is evidence of that. Unless someone compels you to give up the password — or finds a way to wipe the phone altogether — they’re not getting in, and they’re certainly not getting your data.

How long is the passcode on your phone? If it’s still four digits, it’s time to make a change. While a 4-digit PIN is easier to remember, it’s also less secure than necessary. Today, Apple recommends using a 6-digit passcode, which you can quickly create in the settings of your iOS device.

Want to go a little further to provide even more protection to the info on your phone? You can set a passcode of almost any length you want, and you can even mix in alphabetical characters as well. The result should always be something that’s tough to guess. In other words, stay away from using combinations that include your birthday or other easily guessed personal information.

In the early days of iOS devices, PIN’s were our only option for securing access to our device.  Today, Touch ID and Face ID provide us with some pretty convenient and cool alternatives for unlocking our devices. Whether you’re having your fingerprint read by the scanner built into the home button or you’re using an iPhone X and enjoying the instant recognition of Face ID, your phone knows it’s you by storing a copy of your biometric credentials deep within itself. Don’t worry, though: this sensitive data always remains suitably locked down.

Apple achieves this using something called “Secure Enclave,” a heavily encrypted and fortified co-processor with the sole purpose of handling storage and verification of biometric information like this. There’s no need to worry about Apple turning into the Big Brother from Cupertino and compiling massive databases of user fingerprints and faces — the company never actually sees or handles your information directly at all.

Instead, an encrypted copy is stored inside the Enclave. Your iOS device then communicates with the Enclave through a complicated procedure when you try to verify with your fingerprint or face. Luckily, it all happens so fast we don’t even notice that it’s keeping us safe. We’ve covered the Secure Enclave itself and more information about these services on past episodes of The Checklist — hit the archives to check out our notes on those subjects.

There is one additional important thing to note: you have probably noticed, but iOS always requires you to input your passcode after a device restart. If you’re worried that someone might try to unlock your phone with your fingerprints (either while you sleep or by force or coercion), turn your device off, reboot it, or trigger and dismiss the Emergency SOS mode. All three of these methods will prompt your device to require the passcode, rather than opening automatically to Touch or Face ID.

Sandboxing

Next up, we have some features of iOS itself — some of the most critical security attributes found on your phone or iPad are the ones baked into the operating system itself. These are always present, occur automatically, and don’t need any input from the user. They “just work,” as Apple was once fond of saying, and they work to keep us safe. Among the critical functions that do that, is the way that iOS operates a “sandbox” where apps can function. The same thing happens to some extent on macOS, too. So, what is this feature that sounds like some playground equipment?

Think of a digital “sandbox” as a set of limitations on an app — sort of like an invisible electric fence. Every app on iOS gets its own sandbox to play in, and that in turn means those apps only have permission to access the files and data already set up and associated with that sandbox. They’re not allowed to play around in another app’s sandbox without strict permission. That means there’s no sharing of data between apps beyond the accepted parameters. It also means that apps are not allowed to touch system information which is kept entirely separate from these sandboxes.

Why is that so important? For one, it means a malicious app can’t freely tamper with critical system files that might expose information or cause instability. Even more critically, the sandbox prevents rogue apps from stealing information in transit from other apps. So, for example, a secretly malicious app won’t be able to steal information from your bank’s app. It won’t be able to figure out what your social media login credentials are, either. These are both examples of the types of risks inherent in running apps outside a sandbox. Luckily, as this is a hard-coded part of the operating system, there’s no need to worry about apps escaping.

This method does a little more than protect against apps that make it through the approval process and go rogue anyway, though. With the sandbox in place, it makes iOS a stronger system altogether because the bad guys will have a much tougher time building exploits that work. Among the most egregious flaws that have occurred, bad apps try to force other apps to do something unexpected. This can cause them to break and spill information that the attacking app shouldn’t have access to under normal conditions. With the sandbox in place, hackers need to spend more time and effort just trying to circumvent these measures before they can even begin to formulate an attack.

All things considered, that makes it a very valuable feature. We covered this topic in greater detail as well when we touched on the overall security features of macOS at the beginning of December 2017. Check out the notes for that show for more information on sandboxing.

Apple’s Walled Garden

Now we’ll turn our attention to something that’s more general, rather than a specific feature of your iOS device. Let’s take a trip to the garden — the “walled garden,” that is. That’s another name for the way that iOS operates as a system.

In the past (and even today), Apple has received criticism and disparagement for being something of a control freak when it comes to its devices. While that might not always be the best approach in some regards, it is undoubtedly a boon when it comes to security. In fact, we might say that Apple’s rigorous control over its security procedures has been a major contributor to its ability to keep users broadly safe on iOS but, what is this “walled garden” approach?

To simplify, think of iOS itself as a beautiful, well-kept garden filled with the things you want to do, see, and accomplish with your phone. Now think of Apple as a bouncer that stands outside this garden, deciding who can enter and enjoy the system and who cannot. With a “walled garden,” Apple gets to make very specific choices about what is and is not allowed to run on iOS devices. Therefore, for the most part, apps must come from the official store run by Apple. The App Store, alongside the platform’s baked-in features, is an essential part of the ability to run a walled garden.

By forcing developers of third-party apps to submit their programs to the company for its app review process, Apple can weed out software it doesn’t want on the platform. This is also the company’s opportunity to ensure that apps pass the minimum bars set for acceptable functions, keeping most junk off the App Store — though not everything, as you’ve surely noticed. The primary goal here is to keep out any apps that are clearly (or not so clearly) malicious. The app review isn’t a judgment on the quality of the code or the function of the app (provided it doesn’t violate content guidelines) — it’s just the first line of defense.

As part of this process, Apple also aims to make sure developers only used the features of the system they have permission to use. Private functions do exist in iOS, but these are high-level system calls reserved for Apple’s internal development teams. If a programmer tries to use one of these restricted code options, they’ll quickly find their app rejected from the Store altogether.

While these restrictions make good sense, they haven’t always been popular with users. In the early days of iOS, many people saw the walled garden as a barrier to using the full potential of their devices. This, in turn, led to the first jailbreaks, and then a long string of successive tricks and methods for getting around the App Store. As we’ve talked about on The Checklist numerous times before, this isn’t a good idea at all — and it’s not necessary on a modern iPhone or iPad. Rather than opening new software opportunities, it opens the door to all kinds of malware threats… the ones Apple tries so hard to keep out!

That said, it doesn’t always require a jailbreak to load apps that don’t come from the store. Apple has a special program, called the Developer Enterprise Program, which allows schools, businesses, and other suitable organizations to develop their own custom apps. Since they’re not intended for public consumption or distribution through the Store, there’s no need for these apps to pass the review process. This can be very helpful for teaching young students how to code or for providing employees with access to exclusive software.

To keep these installations safe, Apple issues special security certificates that verify the legitimacy of the apps and allows their installation on an iOS device. Worldwide, many organizations use this program without major problems; its value is self-evident. However, there have been occasions when bad actors have abused this loophole to trick unsuspecting users into installing malware outside the App Store. For that reason, you should never add an app to your phone unless you’re certain it is safe, secure, and authentic. If it’s a random website telling you what steps to take to install their app — Run away!

iCloud Security Services

Let’s zoom back in on the big picture and look at something else a little more specific than Apple’s overall approach to system security. What about the ways iCloud can be used to keep us safe? We have access to a bunch of very important security features iOS uses, but which tie in directly to your Apple ID. This is part of why setting up your Apple ID with a strong password is so important — someone who breaks into your iCloud account can cause more headaches than we can count.

Set a good password, keep it secret, and keep it safe: don’t share your details with anyone. When you enable one of the security features found in iCloud, it’s impossible for anyone else to turn them off again unless they know your login details. That’s why it’s so crucial to keep them under wraps. Now, what about those features?

It’s been a few episodes since we’ve shared a reminder about the importance of regularly backing up your data, but don’t worry — even if you forget, Apple won’t. They’ve got us covered with the iCloud Backup service, an incredibly useful tool that’s helpful in the event of either a lost or damaged phone, or some serious security compromise. Each night, when you plug your phone in and go to bed, iCloud Backup automatically runs a backup of all the data on your device.

All it requires to run, besides your permission, is a home WiFi connection. You won’t ever need to worry about your backups being out of data again. The service even reminds you if you’ve gone more than two weeks without creating a new backup copy — talk about convenient! A lot of data on your phone can change over the course of two weeks, though, so be sure to make a semi-regular habit out of checking your backup status. When you finally encounter a situation that calls for restoration, you’ll be glad you set up this service.

Losing your phone can be a disaster, especially if you neglected to be diligent about your backups. That’s where Find My iPhone comes into play as one of the essential services Apple provides to users through iCloud. Once enabled, it serves as a quick and simple way to find your phone even when you can’t remember where or when you last had it in hand.

While connected to WiFi or your cellular provider’s network, your phone will periodically “ping” to Apple’s secure iCloud servers with the phone’s most recent GPS fix. This happens automatically and silently provided the phone remains powered on. If you lose your phone or think it’s been stolen, you can simply head to the nearest computer (or a friend’s mobile device), login to iCloud, and activate Find My iPhone.

At this point, Apple queries its servers, finds your phone’s last coordinates and displays them on a convenient map. To help you locate it, Find My iPhone now lets you do things such as play a sound — which the phone will emit even if the ringer is off and silenced. Ideally, this should let you figure out where it is — whether it’s lost in your couch cushions or stranded at the grocery store. In either case or if you suspect it was stolen, you can now put your phone into “Lost Mode.” This is the third important security feature iCloud has.

The first and most important thing to do in Lost Mode is to lock your device down. No matter where it is, if it has power, this command will protect your device with a passcode. It works much the same way as the reboot prompt we talked about earlier on today’s list. This way, no one can access the data on your phone. Next, you can set a custom display message that will be visible to anyone who looks at the lock screen. A clever idea in some cases might be to set a message with your contact details alongside a note indicating the phone has been lost. This could speed up having your phone returned.

Lost Mode also locks down your data in other ways. Your device won’t display standard alerts (i.e., text messages, missed phone calls) or play text message alert sounds at all. Any payment methods authorized through Apple Pay will also deactivate automatically and await authentication with your Apple ID on the device itself. With all this in place, your confidential information remains obscured entirely, and no one can make purchases without your consent. When you think your phone or iPad might be in possession of a thief, this provides valuable peace of mind.

In the worst-case scenario — such as theft — you can command iCloud to erase your device remotely. Be careful because this is permanent; you’ll have to restore from a backup if you recover the device. This command tells your device to reset itself to factory default settings and nuke all the data on it. Once you do this, Find My iPhone will no longer be able to track your device. It’s a useful feature but remember: it’s a last resort.

Third-Party Security Apps?

OK, so that about covers the major built-in security features of iOS — but is it enough? Do you ever need to seek out third-party security apps to make your device safer? We hear questions like this all the time, fueled in part by the proliferation of apps on the App Store that claim to provide services such as network security or anti-malware operations. So, do you need anything besides what Apple provides? It depends on what you want.

Some of the options out there, such as password management apps, extend and augment the security of iOS devices. We recommend you use a password management app, not just because it is convenient, but because it is a quick path to better, stronger password security on all your accounts. This is a welcome addition to what iOS offers. By choosing to use such an app, you make your device that much stronger.

There are other useful security additions, too, such as official Safari Content Blockers. When you’re tired of dealing with ads on the web, or when you’re concerned about advertiser tracking, these blockers help create a better browsing experience. Just like installing an ad blocker in another desktop browser, it’s a worthwhile step that can help keep you safer online. However, this is about the extent of what you need to consider adding to your device.

Users don’t need third-party antivirus or anti-malware solutions for their iPhone or iPad devices. While malware for these platforms is out there, most of it focuses on attacking jailbroken devices. With malicious apps, Apple can remotely disable these programs, so they can take steps to protect users faster than any third-party program can. Additionally, due to the sandboxing, we discussed earlier, and the overall design of iOS, security software wouldn’t even work correctly in the first place! While some anti-malware software on the Mac can scan (unencrypted) iOS backups for malware, this is an edge case. By and large, Apple has done all the demanding work to keep its users safe.

Although the clear majority of security work takes place behind the scenes, we don’t have to see it all to know that we’re using a very safe platform. Though malware authors will continue to seek out ways to break through the defenses built into iOS, so far it is safe to say we enjoy relative comfort and peace of mind.

That’s everything we have for you on this week’s Checklist. If you’d like to explore more information on some of the topics mentioned here today, you’ll find all the notes of our previous shows right here on our site. Be sure to check back again next week when we’ll return with yet another detailed discussion on Apple, security, and everything in between!

Got a burning question or an interesting topic you’d like to see us hit in a future episode? Just send us an email at Checklist@SecureMac.com and let us know what you’re thinking.

Join our mailing list for the latest security news and deals