Encrypting your data on your iPad or iPhone is a great way to protect yourself on the off chance you lose your device. Even if someone plugs your device into a computer, they ideally won’t be able to steal all of your data. On current iOS devices, encrypting is as simple as setting a passcode.
Encryption in iOS 3 and iOS 4 — I say “ideally” because it turns out to be a little more complicated than simply setting a passcode. Apple first dipped their toes into the encryption waters by including hardware encryption on the iPhone 3GS using iOS 3. That version was deeply flawed, since merely jailbreaking the phone enabled bad guys to bypass the encryption.
That’s because authorized access to the device would allow decryption of the data — something that happened automatically when moving data onto or off of the iPhone. All an attacker needed to do to compromise data was to jailbreak the device, after which the passcode could be avoided and disabled. After that, all access was seen as authorized and all the data was conveniently decrypted by the nifty new hardware chip. I first wrote about this in “iPhone 3GS Hardware Encryption Easy to Circumvent” (7 August 2009).
Apple fixed much of this with the release of iOS 4. In that version, some of your data is encrypted using your device passcode. Even if an attacker bypasses the passcode by jailbreaking, he can’t access protected data without knowing the passcode.
“Protected data” includes all of your email (and attachments) and data in any apps that link into Apple’s encryption. Other data on your device still isn’t encrypted with your passcode, so that might still be at risk (again, it depends on the app), but you probably don’t care if someone steals your Angry Birds high scores.
Just as in iOS 3, encryption is automatically enabled by default if you set a passcode on any iPhone 3GS or later device with iOS 4 or above. You enable this in Settings > General > Passcode Lock.
The iOS 4 Upgrade Encryption Loophole — Unfortunately there’s one case where you might have a passcode set, but your device still isn’t encrypted. I used to think this case was rare, but a show of hands at my Macworld 2011 iOS security session revealed that a fair number of attendees weren’t protected, and that’s a small sample of relatively technical users, suggesting that the general population might be even more at risk.
The problem can occur if you had a passcode set on an iOS device that shipped with iOS 3, and then upgraded your device from iOS 3 to 4, which is a common scenario.
To see if encryption is actually enabled on your iOS device, on the Passcode Lock settings screen, look at the bottom. If you see “Data protection is enabled” you are all set. If not, you need to make a small change that’s easy, if a bit time consuming (it depends on how much data you have on your device). Follow these steps:
- Disable your passcode in Settings > General > Passcode Lock.
- Back up your device by connecting it to your computer and, in iTunes, Control-clicking it and choosing Back Up.
Restore your device by clicking the Restore button in the Summary screen in iTunes. Note that several commenters have said that Control-clicking your device in iTunes and choosing Restore from Backup does not work in the same way.
Enable your passcode again, which turns on encryption.
Apple provides a nice support article with all the steps.
I always recommend that people set passcodes on their smartphone or tablet no matter who manufactures it. Since setting a passcode in iOS also encrypts the sensitive data on the device, we might as well take advantage of that extra encryption hardware chip.