I’m looking for suggestions beyond the basic “use a password instead of a pin”, “use 2fa”, don’t connect to public WiFi”. I think I’ve got my iPhone setup pretty well, but I suspect I’m missing more than just a few things. Any suggestion is appreciated, I’m willing to at least try it.
Change the name of your iPhone. The default name may include your actual name, which can be seen in more places than you'd think.
Wipe/reset your iPhone every now and then. There is residual data left on the phone from app/data deletion (left over databases even). A factory reset will clear this, OS updates can help as well. The "Other" section of your iPhone storage is dangerous.
Make sure the emergency feature to disable TouchID/FaceID is enabled. When turned on it kills biometrics until you put in your (hopefully unique and complex) password. Otherwise, biometrics is safer.
Don't add any mail accounts to the native iOS mail app.
Ensure that access to USB accessories while the phone is locked is turned off.
Work only on LTE and your own private Wi-Fi (your job will have very complex monitoring tools like FireEye). Disable cellular data on any apps that you won't actively be using.
Backup your iPhone to a secure location when travelling, wipe your phone and then re-build your phone using the backup upon arrival. Destroy the backup after.
Don't open any shady URLs and make sure you always update iOS. Turn on auto-update.
Security is critical on iOS as some apps have the ability to log you in or restore a session without any sort of credential check. This is despite the fact that unique device identifiers are not supposed to be used by devs.
>> Backup your iPhone to a secure location when travelling, wipe your phone and then re-build your phone using the backup upon arrival. Destroy the backup after.
Do you think better it’s is better to have an interim account after reset the phone and before rebuild the phone with the backup?
> Security is critical on iOS as some apps have the ability to log you in or restore a session without any sort of credential check. This is despite the fact that unique device identifiers are not supposed to be used by devs.
Some apps with persistent "anonymous" logins save an identifier to the keychain and sync it with iCloud so that it persists between installations and across devices.
> Don't add any mail accounts to the native iOS mail app.
Woah, I haven't heard this advice before—is the argument that the native mail app is less sandboxed than an App Store app? If so that makes a lot of sense (especially given P0's recent exploit chain involving an IMAP client vulnerability), sigh.
VPNs are debatable. While it's true they're a better solution for open WiFi networks, remember you're simply changing who has access to your connection data
It's not so clear VPN providers, even paid ones have your best interests in mind
For higher levels of security, it would be better the VPN was controlled by yourself
> Disable sending analytics to Apple and app developers
While this makes obvious sense, iOS is pretty good and forcing logs to be anonymised. Also one can only log string literals so the developer can’t just leak sensitive data there.
This being said, I wonder if Apple can capture somebody making a function that would loop over some string and log it letter by letter.
> (bonus points if it disables your internet when it's not connected to the VPN)
I believe that, unless the VPN specifically disables it, you can go to any VPN in settings-> VPN and enable "connect on demand" - the system will only send data if the VPN reports it's active. Apps can also request connect-on-demand themselves.
Use Adblock from futuremind. It cost less than a beer. It set’s up a local dns vpn so you can still use a VPN like nordvpn. You can then block any type IP or set up complex rules. I’ve been able to block youtube ads and all the other stuff on their page. I only see the video I go to. The only limiting thing is a 5000 url/ip limit and that I have to open up and restart the App once a day usually.
Also under experimental settings for safari, only enable
disable web SQL
block top level redirects from third party sites
1Blocker X is brilliant. Use the YouTube website, not the app; content blocking only works inside Safari afaict (for instance, Firefox on iOS doesn't seem to benefit from the content blocker).
None of them are going to stop YouTube ads, that’s just not how the built in content blocker works. You might be able to with pinhole but setting that up on mobile is a world of fun...
You can trigger Emergency SOS (aka "cop mode" - either to call them or to avoid them, tbh) by pressing the power button five times on iPhone 7 and below or holding side button + a volume button on iPhone 8 and up. Dismiss the prompt to call 911, and then your phone will be in a state where Touch ID / Face ID is disabled until you successfully use your passcode again.
It appears Wallet still works so you should still be able to get to boarding passes without unlocking the device.
I use AdGuard Pro in combination with StevenBlack/hosts [0] and a custom DNS. This is used for system wide (not just Safari) ads/tracker blocking. Adding custom filters as and when required.
I like weblock (I believe were talking about the same by Futuremind) but I prefer their other app Adblock (I posted a small quib about it ~15 replies up from this reply). You can also, if you want; copy the PAC weblock sets up for you, host it yourself on github and then set it up as your own proxy for whatever wifi you connect to.
Avoid any low quality website willing to sell redirection or iframe based online advertising (e.g. online television, pornography websites). These can be a vector for exploitation attempts.
Persistent malware is more expensive and has higher risk of compromise, and so it is used sparingly. A regular restart is a surprisingly good defence technique on an iPhone.
I think it's fairly clear auslegung is asking about the second. Mentioning "my iPhone" and "Any suggestion is appreciated, I’m willing to at least try it." doesn't indicate that auslegung wants to make changes to how iOS is architected.
Wipe/reset your iPhone every now and then. There is residual data left on the phone from app/data deletion (left over databases even). A factory reset will clear this, OS updates can help as well. The "Other" section of your iPhone storage is dangerous.
Make sure the emergency feature to disable TouchID/FaceID is enabled. When turned on it kills biometrics until you put in your (hopefully unique and complex) password. Otherwise, biometrics is safer.
Don't add any mail accounts to the native iOS mail app.
Ensure that access to USB accessories while the phone is locked is turned off.
Work only on LTE and your own private Wi-Fi (your job will have very complex monitoring tools like FireEye). Disable cellular data on any apps that you won't actively be using.
Backup your iPhone to a secure location when travelling, wipe your phone and then re-build your phone using the backup upon arrival. Destroy the backup after.
Don't open any shady URLs and make sure you always update iOS. Turn on auto-update.
Security is critical on iOS as some apps have the ability to log you in or restore a session without any sort of credential check. This is despite the fact that unique device identifiers are not supposed to be used by devs.
Protect yourselves!