Lock down my iPhone.
January 6, 2016 12:45 PM Subscribe
What can I do to make my iPhone more secure? Difficulty level: 1984.
Okay, maybe not 1984. But if I get detained by police in a particular country, they could make me enter the password on both my iPhone and laptop and hand them over.
I'm aware that if they don't get what they want, they can still take whatever next step they're going to take. However, I'd like to maximize my chances of them being satisfied enough with my innocence to let me leave that detention room. Therefore, having my devices erase all their data or something doesn't seem like a good option.
As per a previous ask with a similar concern about a laptop (can't find the link), I put everything of issue on my laptop in an encrypted password-locked sparse bundle in an out-of-the-way folder. Now, is there something similar I can do for my iPhone 5--something that makes it both more secure AND more innocuous-looking, with minimal inconvenience to me?
-I'm particularly worried about my contacts. Is it true that cops can just suck all my contacts' names off my SIM card without my phone even being unlocked? (I know "suck" isn't the right technical term here.) And if so, can I stop them?
-What about apps like Skype, Facebook Messenger, WhatsApp, and Mail? Is there any way I can still use these apps in my daily life, while also having them be secure?
Okay, maybe not 1984. But if I get detained by police in a particular country, they could make me enter the password on both my iPhone and laptop and hand them over.
I'm aware that if they don't get what they want, they can still take whatever next step they're going to take. However, I'd like to maximize my chances of them being satisfied enough with my innocence to let me leave that detention room. Therefore, having my devices erase all their data or something doesn't seem like a good option.
As per a previous ask with a similar concern about a laptop (can't find the link), I put everything of issue on my laptop in an encrypted password-locked sparse bundle in an out-of-the-way folder. Now, is there something similar I can do for my iPhone 5--something that makes it both more secure AND more innocuous-looking, with minimal inconvenience to me?
-I'm particularly worried about my contacts. Is it true that cops can just suck all my contacts' names off my SIM card without my phone even being unlocked? (I know "suck" isn't the right technical term here.) And if so, can I stop them?
-What about apps like Skype, Facebook Messenger, WhatsApp, and Mail? Is there any way I can still use these apps in my daily life, while also having them be secure?
Is it true that cops can just suck all my contacts' names off my SIM card without my phone even being unlocked?
This is not true on an iPhone. I can't speak to other phones. On an iPhone your contacts are encrypted with all of your other data.
In terms of hiding and securing your information on an iPhone (in addition to the encryption provided by the phone itself), you could start by searching the app store for the word "vault". There are all sorts of applications designed to look innocuous and provide a password-protected location to store data you don't want others to see. Most of these are geared toward photos and videos (I can't imagine why!) but there might be something more general purpose that would suit your needs.
posted by alms at 1:04 PM on January 6, 2016
This is not true on an iPhone. I can't speak to other phones. On an iPhone your contacts are encrypted with all of your other data.
In terms of hiding and securing your information on an iPhone (in addition to the encryption provided by the phone itself), you could start by searching the app store for the word "vault". There are all sorts of applications designed to look innocuous and provide a password-protected location to store data you don't want others to see. Most of these are geared toward photos and videos (I can't imagine why!) but there might be something more general purpose that would suit your needs.
posted by alms at 1:04 PM on January 6, 2016
If you are traveling to the sort of place where they can "make" you give up your password, then they can also make you give up whatever other passwords you may set up. You are relying on, essentially, security-through-obscurity (perhaps they won't look in THIS folder).
Bring a cheap burner phone and consider it already compromised. Leave your sensitive data home.
posted by gauche at 1:28 PM on January 6, 2016 [2 favorites]
Bring a cheap burner phone and consider it already compromised. Leave your sensitive data home.
posted by gauche at 1:28 PM on January 6, 2016 [2 favorites]
What kind of organisation are you trying to protect yourself against here? What’s the threat? Because a three or four letter agency will just do an evil-maid (or evil border guard) attack, compromise the BIOS on your laptop & exfiltrate your data at their leisure if they really want to target you. iPhones are supposedly harder to crack, but a western (5-eyes) intelligence agency has access to all your Apple data via the FISA warrant process anyway.
NB: an encrypted folder will stick out like a sore thumb to anyone who takes an image of your hard drive & does entropy analysis on it - sticking the folder name in an out of the way spot in the your directory hierarchy will not help you when your adversary can simply walk over the underlying binary image looking for a block of high entropy data.
The only way you maximise your chances of walking away is to have *nothing* on any of these devices that would be incriminating. That includes encrypted data.
posted by pharm at 2:08 PM on January 6, 2016
NB: an encrypted folder will stick out like a sore thumb to anyone who takes an image of your hard drive & does entropy analysis on it - sticking the folder name in an out of the way spot in the your directory hierarchy will not help you when your adversary can simply walk over the underlying binary image looking for a block of high entropy data.
The only way you maximise your chances of walking away is to have *nothing* on any of these devices that would be incriminating. That includes encrypted data.
posted by pharm at 2:08 PM on January 6, 2016
iPhones are supposedly harder to crack, but a western (5-eyes) intelligence agency has access to all your Apple data via the FISA warrant process anyway.
FWIW, Apple claims this isn't true. They claim that they can't access data encrypted on an iPhone and so they can't give anyone else access to it, FISA warrant or not. I haven't seen anyone dispute those claims.
posted by alms at 2:16 PM on January 6, 2016
FWIW, Apple claims this isn't true. They claim that they can't access data encrypted on an iPhone and so they can't give anyone else access to it, FISA warrant or not. I haven't seen anyone dispute those claims.
posted by alms at 2:16 PM on January 6, 2016
If you must have your iPhone with you, consider locking up your data in password protected locations and in turn locking those passwords into an app like LastPass. Also, another Apple device with Find My iPhone installed will remotely erase your seized iPhone.
posted by bearwife at 2:19 PM on January 6, 2016
posted by bearwife at 2:19 PM on January 6, 2016
If you think this is a risk, you might just want to back everything up, store your passwords on LastPass or similar, but go through the airport with a factory-reset phone with essential numbers in but without LastPass installed.
That should reduce your risk as there is much less chance of being told "install this app and tell us your password for it". You might also consider having some embarrassing (but legal) porn or some low-value banking details (old empty account) encrypted on there so that they can compel you to decrypt something.
Don't forget to do it on the way home, too.
posted by Wrinkled Stumpskin at 2:37 PM on January 6, 2016 [1 favorite]
That should reduce your risk as there is much less chance of being told "install this app and tell us your password for it". You might also consider having some embarrassing (but legal) porn or some low-value banking details (old empty account) encrypted on there so that they can compel you to decrypt something.
Don't forget to do it on the way home, too.
posted by Wrinkled Stumpskin at 2:37 PM on January 6, 2016 [1 favorite]
Response by poster: The threat is a non-Western government, for whom things like (just to give one example) a chat in a language they associate with "terrorists" would be enough to set off their alarm bells. I don't have anything important to hide, but I'm sure I have plenty of such things that would set off their alarm bells. Any ideas for how to protect and/or hide my communication and data on my phone so that they are just less likely to see these things if they make me unlock it?
This question about laptop security is the previous ask I mentioned, btw.
posted by a sourceless light at 2:40 PM on January 6, 2016
This question about laptop security is the previous ask I mentioned, btw.
posted by a sourceless light at 2:40 PM on January 6, 2016
Oh, and your contacts don't have to be on the SIM card. However, depending on what phones your SIM card has been in they might be there, so go to Settings -> Mail, Contacts ... -> Import SIM Contacts (to make sure you don't lose them) then delete them from the SIM card. Those are not secure. I don't know how to delete them on iPhone, it looks like you have to download an app. You could also just stick it in an old dumbphone and delete from that.
posted by Wrinkled Stumpskin at 2:45 PM on January 6, 2016
posted by Wrinkled Stumpskin at 2:45 PM on January 6, 2016
To be clear - I meant that they can get access to any data that Apple holds on their servers. I don't know whether that includes a copy of the contacs database on an iPhone though.
posted by pharm at 3:32 PM on January 6, 2016
posted by pharm at 3:32 PM on January 6, 2016
Any ideas for how to protect and/or hide my communication and data on my phone so that they are just less likely to see these things if they make me unlock it?
So assuming the nation state can't just pull your communications off the wire / manipulate the telecoms infrastructure etc (or at least you aren't a direct target for that), probably the easiest way is for there no data to ever be on your phone to begin with.
At the extreme end of this (and assuming at the extreme end you still using a mobile device at all) that would look like everything you do is via a remote terminal app on your phone (like Citrix, VNC, etc. from your phone to a remote trusted server where you use your real apps). You only download the terminal app when its needed and delete it after each use. If you are forced to unlock all they find is the base device software.
At the more practical end of the spectrum this may just be using web enabled versions of apps which may be problematic (like Twitter or Facebook website instead of the native app, Gmail website instead of native app, possibly in incognito mode type windows in Chrome/Safari/Firefox on your device) and then sign off from website when not using them. Or if using a native app delete the app if you feel there is a genuine risk of you getting in a jam (like if you are going to attend a political rally, about to go through a security checkpoint etc).
Keep stuff you really don't care about on your phone to give them "some data" to look at (contacts for restaurants you like, photos of your cats, social network data for low risk activity - like a Twitter account where you are simply following a few celebs, a throwaway Gmail account signed up to consumer mailing lists, etc.).
posted by inflatablekiwi at 5:44 PM on January 6, 2016
So assuming the nation state can't just pull your communications off the wire / manipulate the telecoms infrastructure etc (or at least you aren't a direct target for that), probably the easiest way is for there no data to ever be on your phone to begin with.
At the extreme end of this (and assuming at the extreme end you still using a mobile device at all) that would look like everything you do is via a remote terminal app on your phone (like Citrix, VNC, etc. from your phone to a remote trusted server where you use your real apps). You only download the terminal app when its needed and delete it after each use. If you are forced to unlock all they find is the base device software.
At the more practical end of the spectrum this may just be using web enabled versions of apps which may be problematic (like Twitter or Facebook website instead of the native app, Gmail website instead of native app, possibly in incognito mode type windows in Chrome/Safari/Firefox on your device) and then sign off from website when not using them. Or if using a native app delete the app if you feel there is a genuine risk of you getting in a jam (like if you are going to attend a political rally, about to go through a security checkpoint etc).
Keep stuff you really don't care about on your phone to give them "some data" to look at (contacts for restaurants you like, photos of your cats, social network data for low risk activity - like a Twitter account where you are simply following a few celebs, a throwaway Gmail account signed up to consumer mailing lists, etc.).
posted by inflatablekiwi at 5:44 PM on January 6, 2016
In my view, either you're being really paranoid, or you need to leave your iPhone at home and memorize the phone numbers of your loved ones. I'd do some research into where you're going. In some places, like China, if you're an American and you have a certain type of job, you can assume everything you're doing is being monitored and your hotel room is being searched.
posted by AppleTurnover at 8:47 PM on January 6, 2016
posted by AppleTurnover at 8:47 PM on January 6, 2016
This is pretty much what you want. Might be slightly outdated at this point.
The Apple security guide is actually quite good. If you're curious how things are protected, I'd suggest giving it a read.
posted by yeahwhatever at 4:23 PM on January 13, 2016
The Apple security guide is actually quite good. If you're curious how things are protected, I'd suggest giving it a read.
posted by yeahwhatever at 4:23 PM on January 13, 2016
This thread is closed to new comments.
posted by rhizome at 12:52 PM on January 6, 2016