How to: Encrypt Your iPhone
Last Reviewed: March 26, 2018
We are in the process of updating several guides, including this one, and are aware that some of this information is out of date.
If you have an iPhone 3GS or later, an iPod touch 3rd generation or later, or any iPad, you can protect the contents of your device using encryption . That means that if someone gets physical access to your device, they will also need your passcode to decrypt what's stored on it, including contacts, instant messages or texts, call logs, and email.
In fact, most modern Apple devices encrypt their contents by default, with various levels of protection. But to protect against someone obtaining your data by physically stealing your device, you need to tie that encryption to a passphrase or code that only you know. See below for instructions on how to do this.
On devices running iOS 4–iOS 7:
- Open the General settings and choose Passcode (or iTouch & Passcode).
- Follow the prompts to create a passcode.
On device running iOS 8-iOS 11
- Open the Settings app
- Tap Touch ID & Passcode
- Follow the prompts to create a passcode.
If your device is running iOS 8, disable Simple Passcode to create a code that is longer than 4 digits. With the release of iOS 9, Apple defaulted to a 6-digit passcode.
If you choose a passcode that's all-numeric, you will get a numeric keypad when you need to unlock your phone, which may be easier than typing a set of letters and symbols on a tiny virtual keyboard. However, we suggest choosing a passcode that's alphanumeric, and longer than 6 characters because it's simply harder to crack, even if Apple's hardware is designed to slow down password -cracking tools.
To customize your passcode, select "Passcode Options" and "Custom Alphanumeric Code." If you want to customize an existing passcode, select “Change Passcode” and then “Passcode Options.” You should also set the “Require passcode” option to “Immediately,” so that your device isn't unlocked when you are not using it.
Once you've set a passcode, scroll down to the bottom of the Passcode settings page. You should see a message that says “Data protection is enabled.” This means that the device's encryption is now tied to your passcode, and that most data on your phone will need that code to unlock it.
Here are some other iOS features you should think about using if you're dealing with private data: anchor link
iTunes has an option to backup your device onto your computer. iTunes doesn't encrypt your backups by default. If you choose the “Encrypt backup” option on the Summary tab of your device in iTunes, iTunes will backup more confidential information (such as Wi-Fi passwords and email passwords), but will encrypt it all before saving it onto your computer. Be sure to keep the password you use here safe: restoring from backups is a rare event, but extra painful if you cannot remember the password to unlock the backup in an emergency.
If you back up to Apple's iCloud, you should use a long passphrase to protect the data, and keep that passphrase safe. While Apple encrypts most data in its backups, it may be possible for the company to obtain access for law enforcement purposes since Apple also controls the keys used for iCloud encryption.
If you turn on data protection as described above, you will also be able to delete your data on your device securely and quickly. In the Touch ID & Passcode settings, you can set your device to erase all its data after 10 failed passcode attempts. If you do this be sure your phone is backed up in case someone purposefully enters your passcode incorrectly.
According to Apple’s old Law Enforcement Guide, “Apple can extract certain categories of active data from passcode locked iOS devices. Specifically, the user generated active files on an iOS device that are contained in Apple’s native apps and for which the data is not encrypted using the passcode (“user generated active files”), can be extracted and provided to law enforcement on external media. Apple can perform this data extraction process on iOS devices running iOS 4 or more recent versions of iOS. Please note the only categories of user generated active files that can be provided to law enforcement, pursuant to a valid search warrant, are: SMS, photos, videos, contacts, audio recording, and call history. Apple cannot provide: email, calendar entries, or any third-party App data.”
The above information applies only to iOS devices running versions of iOS prior to 8.0.
- Now, Apple states that “For all devices running iOS 8.0 and later versions, Apple is unable to perform an iOS device data extraction as the data typically sought by law enforcement is encrypted, and Apple does not possess the encryption key .”
REMEMBER: While Apple will be unable to extract data directly off a phone, if the device is set to sync with iCloud, or backup to a computer, much of the same data will indeed be accessible to law enforcement. Under most circumstances, iOS encryption is only effective when a device has been fully powered down (or freshly-rebooted, without being unlocked). Some attackers might be able to take valuable data from your device's memory when it's turned on. (They might even be able to take the data when it has just been turned off). Keep this in mind and, if possible, try to make sure your device is powered off (or rebooted and not unlocked) if you believe it's likely to be seized or stolen. At the time this guide was published, a few companies claimed they were able to break the passcodes of iPhones for law enforcement, but details surrounding these claims are unclear.
If you are concerned about your device getting lost or stolen, you can also set up your Apple device so that it can be erased remotely, using the “Find My iPhone” feature. Note that this will allow Apple to remotely request the location of your device at any time. You should balance the benefit of deleting data if you lose control of your device, with the risk of revealing your own position. (Mobile phones transmit this information to telephone companies as a matter of course; Wi-Fi devices like iPads and the iPod Touch do not.)