
Ask HN: How to make iOS more private and secure? - auslegung
I’m looking for suggestions beyond the basic “use a password instead of a pin”, “use 2fa”, don’t connect to public WiFi”. I think I’ve got my iPhone setup pretty well, but I suspect I’m missing more than just a few things. Any suggestion is appreciated, I’m willing to at least try it.
======
kkbaxter
Change the name of your iPhone. The default name may include your actual name,
which can be seen in more places than you'd think.

Wipe/reset your iPhone every now and then. There is residual data left on the
phone from app/data deletion (left over databases even). A factory reset will
clear this, OS updates can help as well. The "Other" section of your iPhone
storage is dangerous.

Make sure the emergency feature to disable TouchID/FaceID is enabled. When
turned on it kills biometrics until you put in your (hopefully unique and
complex) password. Otherwise, biometrics is safer.

Don't add any mail accounts to the native iOS mail app.

Ensure that access to USB accessories while the phone is locked is turned off.

Work only on LTE and your own private Wi-Fi (your job will have very complex
monitoring tools like FireEye). Disable cellular data on any apps that you
won't actively be using.

Backup your iPhone to a secure location when travelling, wipe your phone and
then re-build your phone using the backup upon arrival. Destroy the backup
after.

Don't open any shady URLs and make sure you always update iOS. Turn on auto-
update.

Security is critical on iOS as some apps have the ability to log you in or
restore a session without any sort of credential check. This is despite the
fact that unique device identifiers are not supposed to be used by devs.

Protect yourselves!

~~~
jakebasile
> Security is critical on iOS as some apps have the ability to log you in or
> restore a session without any sort of credential check. This is despite the
> fact that unique device identifiers are not supposed to be used by devs.

I've noticed this before. How is that possible?

~~~
eecc
OAuth2 token authentication?

------
evanrelf
Off the top of my head:

\- Change your DNS resolver to something you trust

\- Use a paid VPN service (bonus points if it disables your internet when it's
not connected to the VPN)

\- Enable erasing data after several failed password attempts

\- Disable notification previews on the lockscreen / when locked

\- Disable Siri, control center, widgets, etc. on the lockscreen / when locked

\- Disable Touch/Face ID when entering a risky location (airport, etc.)

\- Disable location services, camera, microphone, etc. for every app you can

\- Disable sending analytics to Apple and app developers

\- Use a privacy conscious search engine (DuckDuckGo, StartPage)

\- Install a good content blocker (1Blocker)

\- Don't use apps like Facebook that violate your privacy

That's all I can think of for now.

~~~
godelmachine
I tried using many content blockers (free ones) but not even a single one of
them was able to prevent YouTube ads from playing.

Have you any suggestions here?

~~~
SHAKEDECADE
Use Adblock from futuremind. It cost less than a beer. It set’s up a local dns
vpn so you can still use a VPN like nordvpn. You can then block any type IP or
set up complex rules. I’ve been able to block youtube ads and all the other
stuff on their page. I only see the video I go to. The only limiting thing is
a 5000 url/ip limit and that I have to open up and restart the App once a day
usually.

Also under experimental settings for safari, only enable

    
    
      disable web SQL
    
      block top level redirects from third party sites

and

    
    
      swap processes on cross site navigation

~~~
godelmachine
Thanks for sharing all the details.

Its quite cheap as compared to others, agreed, but I would like to still see
if there are good free Adblockers.

------
praveenweb
I use AdGuard Pro in combination with StevenBlack/hosts [0] and a custom DNS.
This is used for system wide (not just Safari) ads/tracker blocking. Adding
custom filters as and when required.

\- [0]
[https://github.com/StevenBlack/hosts](https://github.com/StevenBlack/hosts)

~~~
skinnymuch
Any reason for this over Weblock?

~~~
SHAKEDECADE
I like weblock (I believe were talking about the same by Futuremind) but I
prefer their other app Adblock (I posted a small quib about it ~15 replies up
from this reply). You can also, if you want; copy the PAC weblock sets up for
you, host it yourself on github and then set it up as your own proxy for
whatever wifi you connect to.

~~~
skinnymuch
Ah okay cool! I accidentally bought both. And wasn’t sure which to return.
I’ll return Weblock then.

The pac self hosting feature seems cool too.

I’m just using nextdns now though so won’t be actively using any future mind
apps for now. But good to know

------
nyolfen
adblocking encrypted dns:

[https://nextdns.io/](https://nextdns.io/)

------
ecesena
This was an interesting post, from a while ago:
[https://blog.filippo.io/securing-a-travel-
iphone/](https://blog.filippo.io/securing-a-travel-iphone/)

------
thornjm
Avoid any low quality website willing to sell redirection or iframe based
online advertising (e.g. online television, pornography websites). These can
be a vector for exploitation attempts.

------
thornjm
Persistent malware is more expensive and has higher risk of compromise, and so
it is used sparingly. A regular restart is a surprisingly good defence
technique on an iPhone.

------
walterbell
If you have a Mac, use Apple Configurator to set iOS device-wide MDM/security
policies, some of which cannot be set using the on-device Settings app.

------
cosmojg
Don't use iOS. There is nothing private or secure about proprietary software.
Plenty of free and open source alternatives exist. [1]

[1] [https://www.privacytools.io/operating-
systems/#mobile_os](https://www.privacytools.io/operating-systems/#mobile_os)

------
pictur
Use android

------
mooreed
I am not sure I fully understand your question. Perhaps restate some of your
goals more concretely?

Or link to a longer form post?

For me, I can’t tell if you are looking for some architectural patterns you
hope apple will adopt?

Or for a discussion about DuckDuckGo, DNS over https, and VPN usage, Firefox
focus, etc?

~~~
Thorrez
I think it's fairly clear auslegung is asking about the second. Mentioning "my
iPhone" and "Any suggestion is appreciated, I’m willing to at least try it."
doesn't indicate that auslegung wants to make changes to how iOS is
architected.

~~~
mooreed
Fair points. Good feedback. I was clearly “feeling grand” upon first reading
it.

