iOS 8’s encryption is beautiful. I know that’s not the word you’d usually use to describe such an uninspiring process. But this is something Apple is good at. Making things simple and making them work. Like Apple Pay for example.
The reason iOS 8’s encryption is so beautiful is because it works in the background even if you didn’t expressly enable it. If you have a PIN/passcode lock or Touch ID enabled in iPhone 5s and higher, congratulations, encryption on your iPhone/iPad is already up and running.
But what do I mean when I say “beautiful”, a term as arbitrary as Apple’s promotion jargon? What does encryption do and why should you be glad it’s enabled on your device? Read on to find out.
What Is Encryption On iOS 8?
Encryption (Apple uses the AES-256 bit military grade variant) is an added layer of security on files, photos, videos, and even messages. If a file is encrypted and someone gets hold of it via your phone, they still won’t be able to open it without the encryption key.
And the encryption key is generated randomly using an algorithm that’s not easy to replicate. It depends heavily on the device itself, and is even locked to the device. If you have an iPhone 6/6 Plus or an iPad Mini 3 and Air 2, there’s a special section in the M co-processor called Secure Enclave whose entire job is to manage this key.
Enabling Encryption And More Settings
To check if your device is encrypted or not, go to Settings -> Passcode and enable a PIN/password based passcode. A password is going to be secure, and Touch ID even more so.
After enabling a PIN lock, slide down to the bottom of the Passcode section. Here you’ll a declaration Data protection is enabled. This is Apple-speak for “Encryption is enabled”. If it doesn’t appear immediately after enabling the Passcode, give it a couple of minutes, encrypting storage takes time.
Okay so now you have encryption enabled. How do you make it better?
First, go to Request Passcode and to make it really secure, choose Immediately. After 1 minute might be a good compromise but anything more than that takes your security downhill.
In the bottom of the section you can enable the Erase Data option. This will erase anything that’s on your iPhone after 10 failed passcode attempts. Use this only if you’re really paranoid about security.
What about those iCloud hacks? Sadly, device based encryption is only limited to your physical device and not iCloud. But in brighter news, Ars Technica found that enabling 2-factor authentication stops hackers from stealing your iCloud backups.
What’s So Great About Apple’s Implementation Of Encryption?
There’s been a lot of talk about NSA snooping user data and having backdoors to companies like Apple and Google. And then there’s a whole separate issue of more targeted snooping/bugging that’s too complicated to talk about in detail here.
There are two great things about Apple’ implementation.
First, Apple doesn’t have the key that’s used to encrypt the storage. It’s based and stored secretly on a whole different part of the device. The key is not even on the storage. So even if a hacker rips your phone apart, gets access to the flash storage, he still won’t be able to access files stored within.
Secondly, it’s dead simple. Apple doesn’t even use the word encryption in any of its literature. It says “Data protection”. And it’s enabled for anyone who enables a PIN, which is a lot of people.
On Android, Google is turning this feature on by default for new phones with Android 5.0. But it’s available as an opt-in for the millions of older devices or the ones that update to 5.0 Lollipop. And no, just enabling PIN lock does not enable encryption in Android – for that you need to go through a whole other process that involves about half an hour and a couple of reboots.
The great thing about iOS 8’s encryption is that users don’t need to explicitly turn it on or even understand what it is or how it works.
How Do You Feel About Encryption in iOS?
I’m not even going to ask if you’ve enabled encryption or not. By now, of course you have. But let me know how you feel about Apple’s take on this issue in the comments below.