Make Sure Your iOS Device is Really Encrypted
Encrypting your data on your iPad or iPhone is a great way to protect yourself on the off chance you lose your device. Even if someone plugs your device into a computer, they ideally won’t be able to steal all of your data. On current iOS devices, encrypting is as simple as setting a passcode.
Encryption in iOS 3 and iOS 4 — I say “ideally” because it turns out to be a little more complicated than simply setting a passcode. Apple first dipped their toes into the encryption waters by including hardware encryption on the iPhone 3GS using iOS 3. That version was deeply flawed, since merely jailbreaking the phone enabled bad guys to bypass the encryption.
That’s because authorized access to the device would allow decryption of the data — something that happened automatically when moving data onto or off of the iPhone. All an attacker needed to do to compromise data was to jailbreak the device, after which the passcode could be avoided and disabled. After that, all access was seen as authorized and all the data was conveniently decrypted by the nifty new hardware chip. I first wrote about this in “iPhone 3GS Hardware Encryption Easy to Circumvent” (7 August 2009).
Apple fixed much of this with the release of iOS 4. In that version, some of your data is encrypted using your device passcode. Even if an attacker bypasses the passcode by jailbreaking, he can’t access protected data without knowing the passcode.
“Protected data” includes all of your email (and attachments) and data in any apps that link into Apple’s encryption. Other data on your device still isn’t encrypted with your passcode, so that might still be at risk (again, it depends on the app), but you probably don’t care if someone steals your Angry Birds high scores.
Just as in iOS 3, encryption is automatically enabled by default if you set a passcode on any iPhone 3GS or later device with iOS 4 or above. You enable this in Settings > General > Passcode Lock.
The iOS 4 Upgrade Encryption Loophole — Unfortunately there’s one case where you might have a passcode set, but your device still isn’t encrypted. I used to think this case was rare, but a show of hands at my Macworld 2011 iOS security session revealed that a fair number of attendees weren’t protected, and that’s a small sample of relatively technical users, suggesting that the general population might be even more at risk.
The problem can occur if you had a passcode set on an iOS device that shipped with iOS 3, and then upgraded your device from iOS 3 to 4, which is a common scenario.
To see if encryption is actually enabled on your iOS device, on the Passcode Lock settings screen, look at the bottom. If you see “Data protection is enabled” you are all set. If not, you need to make a small change that’s easy, if a bit time consuming (it depends on how much data you have on your device). Follow these steps:
- Disable your passcode in Settings > General > Passcode Lock.
- Back up your device by connecting it to your computer and, in iTunes, Control-clicking it and choosing Back Up.
-
Restore your device by clicking the Restore button in the Summary screen in iTunes. Note that several commenters have said that Control-clicking your device in iTunes and choosing Restore from Backup does not work in the same way.
-
Enable your passcode again, which turns on encryption.
Apple provides a nice support article with all the steps.
I always recommend that people set passcodes on their smartphone or tablet no matter who manufactures it. Since setting a passcode in iOS also encrypts the sensitive data on the device, we might as well take advantage of that extra encryption hardware chip.
Is this the same for those enterprise users that had ios3, had a 4 digit passcode, upgraded to ios4, and then had a password policy pushed to the device that enforces an 8 character code?
Enabling Data Protection still doesn't encrypt everything, currently only Mail makes use of this. Data stored by other apps is still as accessible as ever (I confirmed this while reviewing iOS 4.x devices with DP enabled on behalf of customers).
For more details see WWDC 2010 session 209 (Securing Application Data) - applications have to specifically make use of the data protection API and can set different levels of protection.
Yes, you're absolutely correct, and the article clearly states that.
My question is how someone would be able to figure out whether any given app is tying into Apple's encryption APIs or not.
The Right-Click restore from the article didn't work for me. I looked at the Apple article and it says to use the one in the summary pane. Seems that there's a difference between the two. The button is doing a deep restore. Still going as I write this.
Yes, I had the same problem. You are correct, in fact you have to do a factory restore/reset of the device (iOS and the firmware) using the "Restore" button in the summary pane, then when that's finished it'll offer to restore your data from the last backup you did, and then after that it'll do another sync, and then it will prompt you to set a new passcode.
Using the Summary>Restore button in iTunes is not the same as simply right-clicking on the device and selecting "Restore from backup..."!
If I recall correctly iTunes used to make this distinction clearer than it does now. Didn't the restore button used to say something like "Restore to factory settings" or something?
I also had the same issue - wasted a fair amount of time having skipped the "Summary -> Restore option" between the backup and restore from backup steps. The original article should be updated to reflect this, with an editors note if needed.
I'm glad for the article as I would have had no idea this was an issue. But the quick "fix" in the article is missing the key step in the process.
That's my fault - I changed it in editing because Apple's instructions say merely...
select the option to "Restore from a backup"
...which is of course entirely unclear. The contextual menu that you get from Control-clicking is "Restore from Backup" but the button in the Summary pane is just Restore.
I'll tweak the article.
The Apple note referenced in the article says that it applies to:
"iPad, iPod touch (3rd generation), iPhone 4, iPod touch (4th generation), iPhone 3GS"
So, I assume that it does NOT apply to older iOS devices, like my iPod Touch (2nd generation) presumably because they lack the hardware support for encryption.
Anyone care to confirm that data encryption is NOT an option for older iOS devices?
Thanks.
- nello
I tried on a 2nd gen (8GB) iPod touch:
First, by selecting Restore via control-click; no encryption. (I tried to post this awhile back, but the "Post Comment" button seemed to do nothing.)
Second, by selecting Restore via the Summary pane: It resets the firmware..., restarts......, restores settings, restarts..., syncs...(installing apps takes awhile!)...(sync'ing music -not auto-downsampled- seems to proceed more quickly; a simpler operation)...(total of about a half hour for 7G)… Then I turn the passcode back on - and still no indication of encryption. Oh well.
BTW; In case this helps anyone:
The first sync (after firmware reset) threw up a warning about wanting to change what looked like all my calendar events. (Since I've configured iSync to warn when data will be changed.)
I clicked "Sync later" and then checked... It looks like something about the process adds an "original date" field, with a zero-value of 1/1/1. I don't need that and don't want the risk of its sync'ing, damaging my calendar data.
So I de-selected "Sync calendars" in the Info pane in iTunes, sync'ed (which wiped calendars on the iPod), re-selected "Sync calendars", sync'ed again and all was well.
This makes sense for my config because my canonical calendar data is elsewhere (Google calendars, FWIW) and I knew nothing had changed on my iPod since.
Just in case I've missed something (it has happened :) - Has anyone else tried with a 2nd gen?
I think that article states that pretty clearly, "Data protection is a feature available for iOS 4 devices that offer hardware encryption: iPhone 4, iPhone 3GS, iPod touch (3rd generation or later), and all iPad models." The 2nd gen touch isn't listed so data encryption isn't available on it.
So far, it is a no go for me. I have a 64 gb 3G/Wifi iPad.
Yesterday, I followed the instructions - did the back up and then the restore from the summary pane. It asked me which back up to use and when (much later) it was complete asked for a new password. At the end - NO date encryption oval at the bottom of the passcode lock page.
I started fresh this morning - rebooted, then did a new back up. We'll see. At this point I'm not hopeful. It will take a few hours before I'll know. :-(
We've had a couple of other reports of this and Rich is looking into it with his contacts.
I followed the directions a second time. I still do not have encryption.
Tried twice with 64 GB 3G iPad (first gen) and no "Data encryption is enabled" message.
I tried this, and it did work when hitting the Restore button. However, once my iPad restored and re-synced, all my app data was gone — it re-copied all my apps and media, put the apps in the right places on my home screens, but the few apps I tried were as if they'd just been installed. Trying a Restore from Backup by right-clicking on the iPad in the iTunes sidebar now to see if that gets my app data back. If I had to pick, I'd rather have my app data back (hopefully) than worry about encryption.
It might be a good idea to warn people that this may happen if they follow your directions.
I should clarify that the more thorough restore did allow me to see "Data protection is enabled" once I set my passcode again. For those that aren't getting this to work, I wonder if it has anything to do with forced passcode policies from corporate Exchange servers or provisioning profiles. I do have some provisioning profiles and two Exchange accounts set up, but no forced passcode policy.
I didn't have any probs with missing app data following Apple's directions and then TidBITS directions with the extra step of removing passcode beforehand--though neither has managed to give me encrypted data (iPad 1).
No lost data that I can see (so far). But unsuccessful getting the encryption.
Finally got this to work by upgrading to an iPad 2 :-) Interestingly most apps lost my p/w when doing the restore to the new device, so possibly they were already encrypted.
I'm have a 3G with iOS 4.
I gather from reference in your article to 3GS and later that my data is not secure. Correct?
If so, my Dropbox data is partially secure behind that iPhone 4 digit password but that's all?
And my email is not secure at all.
Solution? By a new iPhone. :-)
Thanks.