With today’s world becoming more and more digitized and interconnected, you might be one of the many people who could benefit from encrypting parts of your digital life. For those of you who don’t know much about encryption, it is the process of converting all the most important pieces of your data into a kind of cipher, which can only be unlocked by a specific key (or, in rare cases, a backdoor, but we’ll come back to that later). In fact, many of your digital devices are likely to have some form of encryption that protects your personal data (contacts, messages, pictures, videos, documents, etc.) ready for you to enable. In short, encryption is one of the best ways to protect your digital information from criminals at large.
This is especially true if you're one of the world's 1 billion (or just over, according to Apple’s internal data) iPhone owners. If you have it enabled, Apple’s “default encryption protection” ensures your phone’s data is kept safe from intruders, whether you're traveling and have misplaced your device, or you find yourself in the unfortunate situation where it’s been stolen. However, over the last 3 years, Apple became the subject of interest for advocates of data privacy due to their proposition of a backdoor with client-side scanning for child sexual abuse material (CSAM) in 2021. In a large U-turn, Apple seemingly closed this backdoor (and any others, including their own proprietary access) in December 2022 (in the United States) and January 2023 (for the rest of the world) with the release of their new privacy features.
Although the ramifications of this update mean better security for iPhone users, it also has a number of caveats that you should consider. So, before you turn your phone into a pocket-sized Pentagon, take a look at the following guide to encrypting your iPhone data, where we’ll explain what the default settings are, how to check they are properly enabled, and how to activate Apple’s new end-to-end advanced encryption feature.
The first part of this guide is going to explore the default encryption settings and show you how to check if you’ve activated this type of protection on your device. The second part of this article will be examining how you can activate Apple’s new optional advanced encryption feature, what this new protocol means for your data, and how it affects your backups. The following guide pertains to iOS versions 16.3 and above (iPadOS 16.3, macOS 13.2, tvOS 16.3, or watchOS 9.3).
Update to the Latest iOS Version
Before we start, for Apple’s latest encryption features, you should make sure that you are running the latest version of iOS by opening your phone's ‘Settings’ app, selecting ‘General’ from the menu, and tapping ‘About’. The installed version of iOS appears next to Version. This is also a good time to check on the latest software updates in the ‘General’ menu to make sure your phone has the most current versions available for the model. Keeping software up to date is an important practice for phone security as these updates often contain patches for viruses that developers have discovered since the last updates were made publicly available.
Default Encryption
Now that your system is updated, we can start to look at Apple’s default encryption process. Usually, all personal data on Apple iPhones are encrypted by default whenever the phone is locked with a passcode, Face ID, or Touch ID. The menu option to activate this feature is usually found in the Settings application. Scroll down until you see the “Touch ID & Passcode” or “Face ID & Passcode” option and tap it (you might be prompted to enter your passcode at this point if it’s already on). From there, you should find the option to “Turn Passcode On” if it isn’t for some reason.
The iPhone offers a few options during passcode setup that determine how difficult it is for someone to break into your phone. As previously mentioned, some versions allow you to access the phone using a fingerprint (Touch ID) or facial recognition software (Face ID). If you have the option to use Face ID, we recommend it, as security professionals have already successfully experimented with ways to hack Touch ID using glue. In terms of a numerical passcode, we recommend picking the six-digit code instead of the four-digit one. If you have the possibility to enable the Custom Numeric Code or Custom Alphanumeric Code and disable the Simple Passcode option, you should do it. In addition, the setup utility should warn you if your passcode is too easy to guess.
Depending on the importance of the data on your phone, you can also set your iPhone to automatically “Erase Data” after 10 failed access attempts. This is a good idea for business phones and personal phones loaded with sensitive security, health, or financial information. However, the Erase Data feature is an extreme measure that should be used carefully, especially if you're an adult who allows small children to play with your phone.
iOS Encryption
Now that your iPhone is encrypted with Apple’s default settings, let’s explore the type of encryption used to protect your data. Apple uses a file and keychain protection mechanism called Data Protection. Data Protection works by constructing a hierarchy of “keys and builds” on the hardware encryption technology in your iPhone. It assigns each file to a class, with accessibility being determined according to whether the class keys have been unlocked or not. In addition, the APFS (Apple File System that your phone uses to operate) further subdivides the keys and files, which means that different parts of a file can have different keys to unlock it. Every time a file is created on the data volume, Data Protection creates a new 256-bit key, which the AES Engine uses to encrypt the file as it’s written to flash storage.
How to Turn on End-to-End Encryption on Your iPhone?
Known as Advanced Data Protection, this new feature increases the scope of what data is end-to-end encrypted by Apple. Previously, not much of your personal iPhone data had access to this level of security (14 categories, including your payment information, Apple Card transactions, health data, and the passwords in your iCloud Keychain were protected by end-to-end encryption), and much of your iCloud data was only encrypted “in transit” and on Apple's servers in their data centers (including photos, notes, voice memos and more). This also meant that Apple did, in fact, have some kind of proprietary access to your personal data, if you gave them permission to use it.
With the new security feature, you have more control over the encryption keys on your device, which means Apple will not be able to access any of the data that is end-to-end encrypted, and they also won’t be able to help you regain access to most of your information if you delete it by accident. Instead of contacting Apple to gain access to your information, the new feature requires you to use a recovery contact or a personal recovery key. The most notable data that are now included in the Advanced Data Protection feature are iCloud backups (including any backup of your Messages), the iCloud Drive data, your photos, notes, and reminders.
End-end encryption is activated by doing the following:
- Enable two-factor authentication on your Apple Account.
- Update your iOS system.
- Open Settings and go to “Your Name” to access the iCloud settings.
- Once in iCloud, tap Advanced Data Protection and proceed to Account Recovery.
- During the Account Recovery setup, you will be given two options to select from a Recovery Contact and a Recovery Key.
- The Recovery Contact is a friend or family member with an Apple device who will be able to send you a recovery code in the event that you need it (they will not have access to any of your phone’s data and you can remove them from this same menu).
- The Recovery Key is a 28-character code that will give you access to your account should you need it (Apple does not get a copy of the key, so keep it safe). You'll need to type the recovery key in a few times to fully complete this setup, so we recommend writing it down.
- Once you’ve chosen your recovery method, you may then need to go back to Settings.
- Tap “Your Name” to access iCloud Advanced Data Protection.
- From there, access the Account Recovery menu and tap "Turn on Advanced Data Protection" and follow the setup prompts.
From here, the vast majority of your personal data should be end-to-end encrypted for the foreseeable future. However, be aware that other Apple devices which cannot be updated to at least iOS 16.3 or newer (iPadOS 16.3, macOS 13.2, tvOS 16.3, or watchOS 9.3) may need to have their Apple IDs removed (rendering the device unusable) in order to enable Advanced Data Protection. As Advanced Data Protection applies to your Apple account as a whole and not just your phone, you will need to consider this before using this kind of advanced encryption.
Encrypting Your Backups
As previously mentioned, encrypted backups are automatic on iCloud but you will need to activate the backup option in your iPhone settings first. In order to do this, you will need to access your Settings>“Your Name” and tap iCloud>iCloud Backup, and then turn on Back Up This iPhone. When your device is connected to Wi-Fi, a power source and the device screen is locked, your iPhone should automatically back up if you have enough storage. An encrypted iPhone backup includes saved passwords, Wi-Fi credentials, and other sensitive data that you need in the event of a lost, broken, or stolen phone.
To make a local backup on your computer, connect your iPhone to the device and open iTunes. Once you have located your device, select "Encrypt local backup" from the Backups section. You will also be prompted to create a password that will give you access to your backup. Remember to store this password securely as you may need it in the future; to do this safely, we recommend using a password manager to store all your passwords.
As mentioned in the previous section, the new Advanced Data Protection now encrypts your iCloud backups with end-to-end encryption. So, as long as you have iCloud Backups enabled, your iPhone data should be safe and fully encrypted anyway.
How to Turn Off Encryption on Your iPhone?
In all the cases listed above, you will have to follow the instructions given in this article and select the inverse option that allows you to deactivate the Touch ID & Passcode or Face ID & Passcode, the Advanced Data Protection feature, or unselect the “Back Up This iPhone” option or “Encrypt local backup” on your iTunes.
However, to keep important information safe, we recommend using one of the encrypted security measures mentioned in this guide. We also recommend regularly backing your phone up and checking for iOS and application updates.
Despite all this, encrypted iPhones are still vulnerable to software flaws and certain types of ransomware. With some proactive steps and the use of Kaspersky Premium, you can ensure you don't lose anything important to criminals on any of your devices.
Related articles:
- What are Password Managers and are they Safe?
- What is DNS Hijacking?
- What is a Cross-Site Scripting attack?
- Defending yourself from a Man-in-the-Middle attack
Recommended products:
