Why your iPhone might not be as secure as you think

Social Media apps on iPhone

One of the key selling points for Apple products, and iPhones in particular is greater security and there is a general consensus that an iPhone is safer in many respects than its Android competitors.

But what exactly constitutes ‘safe’ and could the perception of better security actually increase the vulnerability especially among unsophisticated device users?

iPhone safety – out of the box

Apple prides itself on retaining tight control over the devices it supplies and this means that their claim that an iPhone has safety ‘out of the box’ is largely true.

By stopping apps from accessing the phone’s root coding, Apple has ensured that malicious apps can’t do as much damage.

The Apple ecosystem is also important when we are thinking about security. Apple tightly controls what apps can do and which apps get authorised; if you don’t play by the rules then you don’t get onto the app store.

This means that users can’t download apps that feature malicious code and in turn, this ensures that to a large extent they stay within a protected bubble. So if users only ever connect using a secure network and they only ever use approved apps then they are living in a world where nothing can harm them.

Another important reason for the greater likelihood of being hacked if you own an android is simply market economics. Estimates vary, but with somewhere between 75% and 85% of smartphone users choosing Android, it makes much more sense for hackers to be targeting their effort at the largest market share.

However, just because the iOS is seen to be much more hack-free than Android OS, doesn’t mean to say that users can forget about security altogether.

The way we use our devices

The first thing to point out is that although the iOS is indeed safer than Android, it’s not totally without its foibles.

As we saw recently from the Johns Hopkins University research, the unlock state of the device could potentially allow sophisticated hackers to at least partially decode the encryption.

Whether that is likely to happen remains to be seen, although, with security it pays to never say ‘never’ and given the huge rewards available to unscrupulous types who may want to invest in beating the iOS security system, it seems to be more about when rather than if.

One of the great things about always-on connectivity is that we can use our devices wherever we choose and that brings with it a lot of freedom but it also increases risk for the unwary user.

Connecting to public access points such as open wireless networks in coffee shops, airports and malls mean that users are potentially opening themselves up to attack.

When it is behind the Apple security screen, users data is safe, once it leaves the protection that their iPhone affords, then it is much easier to access. The question this poses is; if it’s hard to crack an iPhone but easy to crack an open wifi connection then which would you choose?

Safety can increase risk

It sounds counterintuitive but a sense of safety actually increases the risk to the individual.

Since a groundbreaking study in 1966 by academic Sam Peltzman, researchers have found that in any number of areas, people who feel safe, take more risks.

Drivers with additional safety features are more likely to have accidents, skiers fall more often and financial institutions exhibit riskier behaviours when their perceived risk is reduced.

The irony is that the safer something is, the worse humans behave.

This means that the person with an iPhone at a coffee shop is more likely to click on a suspect link or ignore signs that they are accessing an unsafe website because they think that their iPhone is inherently safe.

Of course, their iPhone is safe, it’s the thing that they connect to that is dangerous.

Reducing the risk to iPhone users

The simple method to reduce our individual risk is to act as though the device we are carrying isn’t safe.

Connecting to public wifi is fine as long as you are using a VPN iPhone protection.

Clicking on links are also fine as long as you have assessed the source that they came from and that you have checked the URL that they resolve to.

And of course, entering data into websites that have suspect provenance is a bad move, whatever device you are using.

The clear message is that iPhone users should act as though they had a Windows or Android phone and forget about the better security features that they paid for!