Safe Computing
Home Students Faculty and Staff IT Security Community
Protect Your Computer
and Data
Report an IT Security
Incident
Services
Sensitive Data Guide
Digital Copyright
Compliance
Training
IT Security Events
F.A.Q.
About IIA
Help
left navigation bottom border

MDS Info


Home arrow Information for UM Faculty and Staff arrow Mobile Device Security arrow iPhone Security & Privacy Guidance

iPhone Security & Privacy Guidance

iPhone Configuration

  1. Always update firmware (iOS) to latest version.
  2. Turn off 'ask to join networks' and auto-join for all networks.
  3. Install the U-M VPN configuration at
    https://www.itcom.itd.umich.edu/vpn/software/iphone.html
  4. Turn off Location Services unless necessary for specific apps.
  5. Require a passcode/PIN to unlock the iPhone.
  6. Set auto-lock timeout to a period of 5 minutes or less.
  7. Disable SMS preview when the iPhone is locked.
  8. Enable erase data upon excessive password failures.
  9. Ensure that remote wipe capability exists through Apple, an Exchange e-mail service, or another means.

Safari Configuration

  1. Enable Fraud Warning.
  2. Disable AutoFill

Operations:

  1. Turn on airplane mode when you do not need the phone, GPS, radio, Wi-Fi, or Bluetooth.
  2. Only turn on WiFi & Bluetooth when you need to connect to a WiFi and Bluetooth network.
  3. Use the campus VPN when accessing U-M resources.
  4. Use the cell carrier's network instead of an insecure WiFi network.
  5. Use public WiFi hotspots with caution and configure the smartphone so that it does not connect automatically. Use only trusted networks for sensitive matters, e.g., ebanking,/commerce, and e-mailing.
  6. Never jailbreak your iPhone.
  7. Erase all data before selling or recycling your iPhone.
  8. Be skeptical: take a skeptical approach to messages, content and software, especially when it is coming from unknown sources via SMS, Bluetooth, e-mail, or otherwise.
  9. Check reputation: before installing or using new smartphone apps or services, check their reputation using app-store reputation mechanisms and, if possible, with friends, family or colleagues. It is good practice to install apps only from the Apple app store. Never install any software onto Apple devices unless it knows and trusts the source of that software and expects to receive it. This refers to any software or application that users receive on their devices through any channel, e.g., by download over WAP/web, attached to an SMS, MMS, instant message or e-mail, through Bluetooth, or data connection, via synchronization with a computer or from a memory card or other temporary storage device read by the phone. Never ignore or override security prompts displayed unless you are confident that you fully understand the risks associated with these actions.
  10. Check resource usage and phone bills or prepaid balances. Mobile malware can sometimes be detected by monitoring in this way, especially when premium rate services are being defrauded or abused.

Lost or Stolen

  1. Remote wipe the iPhone.
  2. Immediately change all saved passwords (UMICH password, Google, Facebook, etc.) on the iPhone.
  3. If you used your iPhone to access sensitive U-M information, notify immediately your unit's IT security team.

Sensitive Information

  1. Do not store U-M (and personally owned) sensitive information (ePHI, SSNs, credit card numbers, private personal information, etc.) on an iPhone.
  2. Only access U-M sensitive information from non-caching applications or the Safari web browser and ensure that the browser cache is erased afterwards.

IN GENERAL: STOP > THINK > CONNECT.

More Resources
Last modified January 17, 2013