If you have an iPhone 3GS or later, an iPod touch 3rd generation or later, or any iPad, you can protect the contents of your device using encryption. That means that if someone gets physical access to your device, they will also need your passcode to decrypt what's stored on it, including contacts, instant messages or texts, call logs and email.
In fact, most modern Apple devices encrypt their contents by default, with various levels of protection. But to protect yourself from someone obtaining your data by physically stealing your device, you need to tie that encryption to a passphrase or code that only you know.
On devices running iOS 4–iOS 7, you can do this by going to the General settings, and choosing Passcode (or iTouch & Passcode). As for iOS 8-9, Passcode (or “Touch ID & Passcode”) has its own section in the Settings app. Follow the prompts to create a passcode. You should set the “Require passcode” option to “Immediately,” so that your device isn't unlocked when you are not using it. Disable Simple Passcode so that you can use a code that's longer than 4 digits.
If you choose a passcode that's all-numeric, you will still get a numeric keypad when you need to unlock your phone, which may be easier than typing a set of letters and symbols on a tiny virtual keyboard. You should still try to keep your passcode long even though Apple's hardware is designed to slow down password-cracking tools. Try creating a passcode that is more than 6 digits.
Once you've set a passcode, scroll down to the bottom of the Passcode settings page. You should see a message that says “Data protection enabled.” This means that the device's encryption is now tied to your passcode, and that most data on your phone will need that code to unlock it.
Here are some other iOS features you should think about using if you're dealing with private data:
iTunes has an option to backup your device onto your computer. If you choose the “Encrypt backup” option on the Summary tab of your device in iTunes, iTunes will backup more confidential information (such as Wifi passwords and email passwords), but will encrypt it all before saving it onto your computer. Be sure to keep the password you use here safe: restoring from backups is a rare event, but extra painful if you cannot remember the password to unlock the backup in an emergency.
If you back up to Apple's iCloud, you should use a long passphrase to protect the data, and keep that passphrase safe. While Apple encrypts most data in its backups, it may be possible for the company to obtain access for law enforcement purposes since Apple also controls the keys used for iCloud encryption.
If you turn on data protection as described above, you will also be able to delete your data on your device securely and quickly. In the Passcode settings, you can set your device to wipe all its data after ten failed attempts to guess your passphrase.
According to Apple’s old Law Enforcement Guide, “Apple can extract certain categories of active data from passcode locked iOS devices. Specifically, the user generated active files on an iOS device that are contained in Apple’s native apps and for which the data is not encrypted using the passcode (“user generated active files”), can be extracted and provided to law enforcement on external media. Apple can perform this data extraction process on iOS devices running iOS 4 or more recent versions of iOS. Please note the only categories of user generated active files that can be provided to law enforcement, pursuant to a valid search warrant, are: SMS, photos, videos, contacts, audio recording, and call history. Apple cannot provide: email, calendar entries, or any third-party App data.”
The above information applies only to iOS devices running versions of iOS prior to 8.0.
- Now, Apple states that "On devices running iOS 8 and later versions, your personal data is placed under the protection of your passcode. For all devices running iOS 8 and later versions, Apple will not perform iOS data extractions in response to government search warrants because the files to be extracted are protected by an encryption key that is tied to the user’s passcode, which Apple does not possess."
REMEMBER: While Apple will be unable to extract data directly off a phone, if the device is set to sync with iCloud, or backup to a computer, much of the same data will indeed be accessible to law enforcement. Under most circumstances, iOS encryption is only effective when a device has been fully powered down (or freshly-rebooted, without being unlocked). Some attackers might be able to take valuable data from your device's memory when it's turned on. (They might even be able to take the data when it has just been turned off). Keep this in mind and, if possible, try to make sure your device is powered off (or rebooted and not unlocked) if you believe it's likely to be seized or stolen.
If you are concerned about your device getting lost or stolen, you can also set up your Apple device so that it can be erased remotely, using the “Find My iPhone” feature. Note that this will allow Apple to remotely request the location of your device at any time. You should balance the benefit of deleting data if you lose control of your device, with the risk of revealing your own position. (Mobile phones transmit this information to telephone companies as a matter of course; WiFi devices like iPads and the iPod Touch do not.)