Apple symbol with a lock.

The best way to secure your Apple devices

Internet security isn’t just for your desktop anymore. Most Apple users collect, store, and transfer data with multiple devices, most notably the iPhone, iPad, and iPod Touch. Luckily, ExpressVPN has apps to protect the connection between all those devices and the rest of the Internet, but it’s useful to have a few extra tricks up your sleeve to protect those Apple products and the personal data they contain.

Read on for a guide to securing your Apple devices.

Apple’s got your back

If you’re an Apple customer, most of the work in securing your data has already been done for you. Apple’s privacy policy is second to none, earning it 5 out of 5 stars in EFF’s annual Who Has Your Back? report. Apple is very clear about how far it will go in complying with law enforcement requests for its customer’s data, and is outspoken in its rejection of government backdoors to its products.

What’s more, on the latest versions of iOS devices, the default communication apps (iMessage and FaceTime) as well as the backup app iCloud encrypt all data end-to-end by default. That gives Apple devices a respectable base level of security right out of the box.

Still, below are some simple tips to take your mobile security even further.

Set a passcode

It might seem obvious, but with all the talk about digital security it’s easy to forget: sometimes the easiest way for someone to steal data from your phone is to literally steal your phone. Setting up a passcode takes care of that by requiring you to enter a 4-digit numerical code to access your device (or if you prefer, a longer numerical code, or an alpha-numeric code, or even a fingerprint with Touch ID).

But what most people don’t know is that since iOS 8, setting a passcode also automatically encrypts all data on your device. That means even if someone tries to bypass the code by physically breaking your phone open to access its memory, the data inside would still be unreadable*. The best part? The encryption key is mathematically tied to the passcode that only you know, meaning not even Apple can crack it. So if your iPhone somehow finds its way into the government’s hands and they approach Apple with a warrant to decrypt your phone, Apple couldn’t comply even if they wanted to. It’s not a political issue; it’s just not computationally possible.

*Want this functionality on your Mac desktop or laptop? Use FileVault.

Use two-step verification

Two-step verification is a great security tool provided by services like Google and Dropbox, and you can get it for Apple services like iCloud and iTunes too. To use it, register your phone (or another trusted device) to your Apple ID. Then whenever you log in with that Apple ID, you’ll be asked for your password and an SMS verification code in order to gain access. That means even if an attacker has stolen your Apple ID password, they still won’t be able to access your iCloud data or buy iTunes content unless they’ve also physically stolen your phone and stolen the passcode you set in the previous step. That’s more than enough to deter all but the most motivated data thieves.

Encrypt your iTunes backups

If you have personal content in your iTunes and you back it up using iCloud, that data is already encrypted with a minimum of 128-AES encryption (note: purchased content isn’t encrypted). But what you might not know is that you can set iTunes to encrypt the local copy on your iPhone, iPod, or iPad as well. To do so, connect your device to your computer and select “Encrypt iPhone/iPad/iPod backup” in the Backups preferences pane.

Use Find My iPhone/iPad

Find My iPhone is another great security tool for your iOS device. It’s incredibly useful when your device gets lost or stolen. To use it, just sign into iCloud from another computer. If your device is just lost in your house somewhere, you can force the device to play a sound to track it down. If your device is lost or stolen, you can locate your stolen device on a map, lock it, or remotely erase it. Even if your device is powered off or not connected, anything you do from Find my iPhone will take effect the next time the device goes online.

Speaking of erasing data on your mobile devices*, that’s not a bad first step if you’re planning on selling or giving away your iPhone, iPod, or iPad soon. Follow this guide to wiping the data from your device before it leaves your hands.

*To securely delete data from your Mac desktop or laptop, use the “Secure Empty Trash” option. As opposed to “Empty Trash”, which simply marks the area where your data is stored as available for use, “Secure Empty Trash” actually writes random data over the area to prevent data recovery. If you want even more protection, Disk Utility (a built-in app on your Mac) can write over the contents of memory up to 7 times.

Manage your privacy

As mentioned before, Apple’s admirable security track record means your iPhones, iPods, iPads, and Macs are reasonably well-protected by default, but if you’re ever concerned about the data your device might be sending to and from iCloud, iTunes, or any other app on your phone, read Apple’s guide to learn more about how to manage your privacy settings.

Read more online privacy guides from ExpressVPN here


  1. You might also want to advocate the use of Little Snitch, a powerful outward firewall for macs which allows you to control what sites your mac sends data to rather than what is sent to your mac

  2. Good article but very out of date (several years!) on securing macs. No mention of filevault or that there is no longer a secure delete option for hard drives because it doesn’t work for ssd storage. Perhaps you need to update this section?

  3. What a great and comprehensive piece! Thank you so kindly for sharing and providing links to the protocols. ExpressVPN is becoming my go to for news feeds and cool little tips, such as these!

  4. Impressive! Article “How to Secure Your Apple Devices” was absolutely prescient given the current DoJ pressure on Apple.

Leave a Comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>