Security was at the heart of Apple’s design process for iOS, at least partly because of frustration with security issues in desktop operating systems including its own.
This is why you can’t install software from anywhere but Apple’s App Store onto an iOS device, and it’s why you have precious little ability to customise iOS devices. It’s a “walled garden” — but a secure one.
The exception has been “jailbroken” devices — those that have been modified to allow users to install software from other sources and to customise their iOS experience in other ways. If you choose to compromise your device’s security, you should understand the risks.
In the past year or so, there have been malware attacks that could affect iOS devices regardless of whether or not they were jailbroken.
One, called “Masque Attack”, attacked companies that allow their users to install iOS software from enterprise servers. Once the server was compromised, malware replaced seemingly legitimate apps on users’ devices.
The other, “WireLurker”, modified iOS apps in users’ iTunes libraries on their Windows computers. When the user plugged their iOS device into the computer, the modified apps would be installed.
Finally, there was the “Great App Store Hack”, which appeared at first blush to render all of Apple’s claims about iOS security moot. Apps which users had legitimately downloaded directly from the App Store had been infected with malware called “XcodeGhost”.
In fact, the App Store hadn’t been hacked. The malware’s authors targeted a number of developers (primarily in China) with a modified version of Apple’s Xcode development environment. When these trusted developers updated their apps, they unwittingly uploaded infected code to the App Store.
In all three cases, Apple responded swiftly by stopping the affected apps from launching, and it says it has put processes in place to head off similar attacks in future.
The bottom line is that iOS remains a secure platform, but users must be vigilant.
Make your iOS device more secure
The primary way baddies can attack your iPhone or iPad is by getting their hands on it. If you’re not using a passcode on your device (so the kids can play with it, for example), you’re at risk of your data getting into the wrong hands.
Open the Settings app and tap on Touch ID & Passcode. Then tap Turn Passcode On. You’ll then have three options: a custom alphanumeric code, a custom numeric code, or a custom 4-digit numeric code.
Your best option is a custom alphanumeric code — string some random words together and teach them to your kids. It’s easy to remember “banana2monkey” but almost impossible for someone else to guess.
You should also enable Erase Data, which will wipe the device after ten incorrect passcode attempts. (Teach your children well!)
Finally, always make sure you install the latest software updates from Apple. As well as bug fixes and new features, they dress security vulnerabilities when they arise.
Oh yeah — don’t jailbreak.