Yesterday’s post covered the initial device setup for my Private iPod Phone. Today’s post will go through the settings that impact privacy and security. The goal of these settings is to make the device as inherently hardened as possible. These changes are designed to lower the footprint of the iPod by limiting the amount of information it transmits, making it less trackable, and generally less “noisy”. These are all important factors to me when creating my ultra-private iPod phone. Many of these settings can also be applied to your iPhone.
Apple’s Control Center allows you to quickly and conveniently adjust certain functions. A few of these have security implications. To access the control center, swipe up from the bottom of the screen. First, disable AirDrop. AirDrop uses low-energy Bluetooth to transmit data between Apple devices. Though the transmission is secure, this can make you discoverable to other devices. Tap “AirDrop” and select “Off”. Next, ensure Bluetooth is turned off by toggling the Bluetooth logo. In the future I will also use the Control Center to turn Wi-Fi off and place the device in Airplane Mode before powering it down. Finally, you should limit access to the Control Center itself. If the Control Center is available from the lock screen, an attacker could turn Wi-Fi on to survey your iPod’s probe requests. This would allow the attacker to see all networks your device “knows”. To disable Control Center from the lock screen: Settings >> Control Center. Toggle the slider beside “Access on Lock Screen” to OFF.
The remainder of the settings we will deal with are within the Settings menu. The first is perhaps one of the most important settings on the device: Software Update. Keeping the OS updated is incredibly important to security. Navigate to Settings >> General >> Software Update. The iPod will automatically check for an update. If an update is available, allow it to download and install before you proceed further. Next, go to Spotlight Search and turn off all options. Next, go back to General and scroll down to Siri. Ensure that Siri is turned off. Finally, go to Handoff and Installed Apps and turn both off.
Passcode Lock and Privacy
Go back into Settings and scroll down to Passcode Lock. Since you have already applied a passcode to the device you will be prompted to enter it before being allowed to proceed. If you did not initially setup a good, strong passcode you can do so here. Next, scroll down to Require Passcode and ensure it is set to “Immediately”. This will ensure that your iPod is locked as soon as the screen goes to sleep, giving you positive confirmation that the data on the device is protected. Next, turn off access to all settings when the device is locked including Voice Dial, Today, Notifications View, Reply with Message, and Wallet. Even though we will not use any of these settings with this device, I would like to limit, to the maximum extent possible, what is available on the lock screen. Finally, enable Erase Data. This will cause the device to be completely overwritten and erased upon the entry of 10 incorrect passcode attempts.
Next, go back to Settings and tap Privacy. Tap the first setting, Location Services. Location Services should already be disabled (from setup), but if it is not, disable it here. Also tap Share My Location and disable this setting, as well. Next, scroll through each Privacy setting (Contacts, Calendars, etc.) and turn off any app that is requesting access to this data. In the future we will have to manipulate some of these settings for some apps that we will install, but for now disable everything. Finally, scroll down to Diagnostics & Usage and Advertising.
Privacy >> Diagnostics and Usage: Tap Diagnostics & Usage. Select “Don’t Send”. This will limit information transmitted back to Apple about usage of the device.
Privacy >> Advertising: Toggle the “Limit Ad Tracking” slider to ON. Though I won’t use this device for much (if any) browsing, I still want to limit the information that can be collected about me. Tapping “Reset Advertising Identifier” allows you to reset the advertising code that is unique to your device. Again, this is probably not a major concern for our purposes, but resetting this occasionally can help limit tracking through iAds.
Navigate to Settings >> iCloud. Toggle iCloud Drive and Photos to OFF. Confirm these decisions. Next, toggle all other settings to OFF. This will ensure that your data is not being transmitted to iCloud. Finally, tap “Share My Location” and ensure that it, too is turned off.
Background App Refresh
Finally, navigate to Settings >> General >> Background App Refresh. Toggle each application to off, then turn the Global Setting to OFF. Background App Refresh allows applications to check for updates and new content. Turning this off will help preserve your battery, and limit the information being transmitted to and from the device.
The initial setup of the ultra-private iPod phone and system settings applied here have the device almost ready to go. Before communicating on it we first need to add applications that will permit us to talk securely. We will cover iTunes setup and adding applications in the next part of this series. Stay tuned!
If you enjoyed this article and would like exclusive content, sign up for the Operational-Security Newsletter.