In today’s world, it seems like everyone from petty criminals to the federal government is after the data stored on your iOS 11 device. So, encrypting your devices is more important than ever. Luckily, encrypting all of the data stored on your iPhone, iPad or iPod touch is easily accomplished.
In 2013, Edward Snowden, a former contractor at the National Security Agency, claimed that Apple, Google and other tech companies provided “backdoors” for government agencies to access data stored on their customers’ devices.
In response to Snowden’s claims, Apple pledged to ensure that they could never be forced to hand over any data stored in their customer’s devices, including their texts, emails, documents and other files. Apple’s encryption efforts also include customers’ data that is stored in their iCloud online storage services.
In this article, I’ll also walk you through the steps to turn on encryption for your device (I will include screenshots, making it ultra-easy to follow along). I’ll also explain how encryption protects your data from those who would love to see what you’ve got going on in there.
In addition, I’ll also give you the low-down on how Apple’s encryption works, and why even Apple couldn’t crack the encryption protecting your data, even if they’re faced with a court order telling them to do so.
How to Encrypt The Data on Your iOS Device
Let’s not waste any time. First off, I’ll go ahead and show you how to encrypt the information stored on your iPhone, iPad or iPod touch. It’s a simple process, and it only takes a few taps of your finger to encrypt your devices.
The encryption process automatically takes place when you set a screen lock passcode for your device. Just follow the very few steps listed below, and all of your data stored on your device will be encrypted, as will any other files you save to your device in the future.
Go to the “Settings” app on your iOS device. Scroll down until you see the “Touch ID & Passcode” menu item. Tap that.
On the Touch ID & Passcode screen, scroll down until you see the “Turn Passcode On” option. Tap that.
You will then be presented with the option to enter an easy-to-remember 4-digit passcode, a strong 6-digit or longer numerical passcode or even an alphanumeric password.
If you use a 4-digit passcode, be sure to keep in mind that while 4 digits are easy for you to remember, there are only 10,000 possible combinations of 4 numbers, making it easier for someone to crack your code.
That’s why you should always enable the “Erase Data” option found in the Touch ID & Passcode menu, which erases all of the data stored on the device after 10 failed passcode attempts.
A 6-digit or longer passcode greatly decreases the possibility of someone guessing your passcode (as there are one million possible combinations for 6 digits), while still making it relatively easy to remember your designated passcode.
A Custom Alphanumeric Code also significantly improves your device’s security. Apple says a 6-digit alphanumeric passcode that includes lower-case letters and numbers would take approximately five years to crack if every possible combination was attempted.
When Do I Encrypt my iPhone’s Data?
You just did. When you set a passcode for your iOS device, you automatically engaged the encryption process. Once your passcode is set, your device is encrypted. It will remain encrypted until you disable your passcode.
If you do turn off Passcode Lock on your device, you will see the notice seen above, which will warn you that all encrypted information stored on the device will either be removed or will be available for viewing by anyone that gains access to the device.
Apple Pay users should note that all of the credit and debit cards they have enrolled for use in Apple Pay will be removed if the passcode lock is disabled, so no more looks of awe on the faces of cashiers as you prove to them that yes, they do indeed accept Apple Pay as payment for goods after all!
Now that we have encrypted your device let’s take a look at what encryption is, and how it protects the data you store on your iOS device and in iCloud. We’ll take a look at the different kinds of encryption schemes, and also how Apple’s encryption can’t be cracked – even by Apple. (And even if the government orders them to!)
What is Encryption?
Encryption is a method of encoding information so that only authorized parties can access the encrypted data. Data is encrypted using an encryption algorithm, which uses a key to decrypt the information.
Many of my readers likely used a very simple form of encryption when they were a child. Remember when you wanted to send “secret messages” to your friends, and wanted to prevent your parents, teachers or kids that weren’t in your “cool” club from reading and understanding them? You likely used a “secret” code to “encrypt” your messages.
In simple encryption schemes like those used in childhood, the code may be something similar to A=1, B=2, C=3, D=4, etc.
Sure, a code like that is perhaps the most simple one you could have used, and really doesn’t provide much protection from prying eyes, but it was probably sufficient for the messages you wanted to protect.
Plus, you felt really smart for having come up with it. (Or, for having “borrowed” the idea from “A Christmas Story.”)
Modern data encryption methods use an algorithm called a cipher to turn plaintext (the information) into a series of what appears to be random characters. The encrypted information is unreadable by anyone who doesn’t possess a special key to decrypt the data back into readable characters.
Two widely used methods of encryption used today are the Public key (asymmetric) method and the Private key (symmetric) method. Both methods allow users to encrypt their data to hide it from other users and then decrypt it for reading by authorized users. However, they differ in how the encryption and decryption steps are handled.
Public Key Encryption
Public Key (Asymmetric) Encryption uses a recipient’s public key, along with a private key that mathematically matches the public key. This allows a user to send an encrypted message (with their public key) to a recipient who has a matching private key that could be used to decrypt the information back into plaintext.
The Public Key Encryption method would thus allow a sender to “unlock” a mailbox to place a message into it, but it would not allow them to peek at any of the other encrypted messages in the mailbox, as the recipient’s private key would be required to decrypt the other messages.
Private Key Encryption
Private Key (Symmetric) Encryption is similar to Public Key Encryption, with one important difference: while 2 keys are still required to encrypt and decrypt information, both keys are basically the same, allowing both parties to encrypt or decrypt the information.
What Type of Encryption Does Apple Use?
Apple says that every iOS device
“has a dedicated AES-256 encryption engine built into the DMA path between the flash storage and main system memory, making file encryption highly efficient. […] The device’s unique ID (UID) and a device group ID (GID) are AES 256-bitkeys fused (UID) or compiled (GID) into the application processor and Secure Enclave during manufacturing.”
That sounds cool, but what does it mean?
What all that means is that no app, or even the iOS device’s firmware, can read the device’s application processor or Secure Enclave. Instead, they can only read the results of the encryption or decryption operations.
Can Apple Decrypt My Device’s Data?
Short answer: No. Apple’s iOS 11 operating system doesn’t include a “backdoor” that would allow the Cupertino firm or law enforcement agencies to access the data on your iOS device.
As we’ll see, Apple couldn’t access data on one particular device, even when it was involved in a terrorist attack.
The encryption used by Apple on devices running iOS 8 and later uses methods that prevent Apple from accessing any information stored on the devices, even if faced with a government warrant.
No Access for the Feds
Apple’s encryption methods have led to a number of legal battles with law enforcement, on both the local and national levels.
For example, an iPhone 5C used by Syed Rizwan Farook, one of the shooters in the December 2015 San Bernardino terror attack who killed 14 people and injured 22 others, was recovered by the Federal Bureau of Investigation (FBI).
Both attackers died soon after the attack, and they had previously destroyed their personal smartphones. However, the FBI did find an employer-provided iPhone 5C used by Farook. The device had been locked with a 4-digit passcode. (The iPhone 5C model does not include the Touch ID or Face ID features used to unlock later models of Apple’s handsets.)
The FBI was unable to unlock the iPhone due to Apple’s advanced method of encrypting the device. Although the FBI asked the National Security Agency (NSA) for assistance in cracking the device’s encryption, the NSA was unable to help, as the agency had little experience in successfully breaking into iPhones.
This led to the FBI making a request to Apple to create a new version of the iPhone’s operating system, which would open a “backdoor” to allow access to the data stored on the shooter’s device. Apple refused, due to its previously stated policy that it would never undermine the security features of the products it made.
The FBI responded by asking a United States magistrate judge to order Apple to create and provide the previously requested operating system. The judge did so, and Apple announced its intention to oppose the order, as there were security risks to its customers if the company complied with the order.
Before all of this could be sorted out, possibly setting a large number of legal precedents as the case moved forward, the government withdrew its request for the new OS, stating a third party had come up with a method that could possibly recover the data from the iPhone 5C in question.
The method proposed by the outside party did indeed work (the government has not disclosed the method used). However, the method only works on iPhone 5C and older iPhones, which lack a Touch ID fingerprint sensor.
It is believed that the third party used a “zero-day” vulnerability in the iPhone software to bypass the device’s built-in limitation of 10 tries for a passcode, allowing the use of the old-fashioned “brute force” method of determining the passcode. (Brute force is when all possible combinations of the 4-digit passcode are entered until the device finally unlocks.)
Can Apple Decrypt My Information Stored in iCloud?
The short answer for this one: it depends.
Calendars, Contacts, Notes, Reminders, Photos, anything stored in your iCloud Drive and your iCloud backups are all encrypted end-to-end during transmission and are stored on Apple’s servers, using a minimum of 128-bit AES encryption.
The data is protected using a unique key from your device, combined with the device’s passcode. That creates encryption that only you can access.
However, when it comes to your mail, Apple could access it when it’s stored on their servers.
While all internet traffic between your devices and iCloud Mail is encrypted using TLS 1.2, Apple follows industry standard practices in not encrypting the data stored on their IMAP servers. Apple’s email clients do support optional S/MIME encryption.
End-to-end encryption also protects other information that is transmitted to, and stored in, iCloud.
The information includes:
- iCloud Keychain, which includes your saved accounts and passwords
- All payment information
- Wi-Fi network information, including passwords
- hashtagHome data
- hashtagSiri usage information
Note: two-factor authentication must be turned on for your Apple ID. This ensures your account and its associated personal and business data can only be accessed on devices you have designated as “trusted.”
For more information about two-factor authentication, read my article that explains what two-factor authentication is, and how you can set it up on your devices.
What Have We Learned?
Apple makes it easy for you to encrypt your iPhone or any other iOS 11 device. All it takes is a few taps on your iPhone’s screen, and in less than a minute, all the information you have stored on your iOS device is encrypted.
Apple’s iOS 11 encryption isn’t a matter of simply protecting your device with an easy-to-crack code, either.
Even United States government agencies, like the Federal Bureau of Investigation and the National Security Agency, can’t crack Apple’s encryption. Actually, even Apple can’t crack the encryption – it’s just that good.
What all this means is that your personal and business-sensitive information are safe if you have it stored on your iOS device and protected by a passcode, Touch ID or FaceID. Even if you lose your device, or even if it’s stolen, your data is safe.