Stop the lock screen revealing secrets
Convenience can also leak personal secrets to anyone who can touch your iOS device. Glenn Fleishman reports
ATwitter user recounted a familiar story of a lost iPhone that resonated with a lot of people recently. The person behind @afronomics_ said she found another woman’s phone in the bathroom. She noted:
“I asked Siri what’s my name. It pulled up her info. Cool. I asked Siri who do I call most. Pulled up her recent calls. Cool.”
The thread is good reading (tinyurl.com/z7Lokps). (The account owner uses colourful language and may be inappropriate to peruse at a workplace.)
We tested the list of things she noted, and we had slightly different results, but no less concerning. Siri required that we unlock our phone when we asked, “Where do I live?” but when we said, “Directions to my home,” iOS provided those without a beat. When we asked our wife’s and children’s names, we were told to unlock, but our most recent call came up without reservation, as well as telling me my name when we asked.
We hadn’t recently noted where we parked our car, but apparently that’s within the scope of results, too. And that’s before swiping down to see the Today view and notifications, which we have enabled on the lock screen.
It’s perfectly reasonable to want convenient access to a number of features without having to unlock your phone, even when that’s relatively easy with Touch ID. The lock screen features are more about pulling them up quickly than securing all your private data.
But as the person who left their phone in the bathroom found, it’s very easy to mine a lot of data and fast. This is also true in school and work environments, or even in ones where you’re dealing with siblings, or when you’re the adult child of invasive parents.
Although Apple generally positions itself rightly as privacy conscious vis-à-vis the information about yourself that it allows itself and others to see,
there’s no one-stop-shop for dialing up or down what appears on the lock screen. You have to visit several places in Settings:
Touch ID & Passcode Control Center Notifications
Touch ID & Passcode allows access to major features, and all the options are enabled by default. You can turn them off under Allow Access When Locked:
Today View: The summary of what’s going on in your day plus widgets. (Some widgets show limited information while locked, such as Activity and Find My Friends.)
Notifications View: The swipe-down view that’s a swipe left from Today View, which reveals the history of notifications. You can keep notifications active and adjust how much information is displayed, however, as discussed below.
Siri: This won’t respond to everything, but does give away a lot. Disabling Siri in this fashion prevents the “Hey, Siri” option from working while locked.
Reply with Message: This lets you respond to an incoming message from the lock screen. Home Control: For HomeKit-connected devices. Wallet: This allows the use of stored cards. You still need Touch ID to pay with Apple Pay, but other items in the Wallet are freely available with a double-click of the Home button, such as storeaffinity cards. Someone with your phone could pay with your Starbucks card, for instance.
If you disable Siri, it also turns off Voice Dial, a feature that lets you call someone by name or by speaking a number. However, you can keep Siri on and turn off Voice Dial through a switch just above the Allow Access When Locked area.
Turning off Wallet on the lock screen prevents you from accessing cards, but still allows payments. You can also disable this via Settings > Wallet & Apple Pay. With Wallet disabled on the lock screen, you could put the Wallet app on your home screen or in your menu bar, so that when you unlock your phone it’s just a tap away.
Notifications can reveal varying amounts of information. As a general setting for each app with notifications enabled, you can go to Settings > Notifications > app name and tap Show on Lock Screen to off. Mail and a few other apps offer detailed previews on the lock screen, which can reveal too much. Mail offers a few different settings by category; here are the steps for switching off previews for senders you’ve marked as VIPs:
Open Settings > Notifications > Mail Tap VIP
Under Mail Options, tap Show Previews Select When Unlocked
Finally, Control Center has its own Access on Lock Screen setting. It’s useful, but it can also let someone play back your audio, change output devices, and potentially see more about you.
While you’re at, improve your passcode
Since we’re talking about unwanted or unintentional physical access to your phone, you should improve your passcode. A colleague told us last year about visiting home and turning around to see her teenage sister tapping away on her lock screen and guessing her four-digit passcode, which was not obvious. She suspected her sister might have seen enough of her unlocking the phone to guess the full number.
Security researchers say even the six-digit code Apple emphasizes now isn’t enough. Generate a short memorable phrase of words unlikely to appear together. If you’re using Touch ID, you don’t have to enter that passphrase often, but it’ll avoid the little sister and the casual snooper problem.
And since an update in iOS 9, you’ll keep your passphrase more in mind, because iOS requires that after six days in which you haven’t entered your passphrase, you’re prompted to re-enter it after not using Touch ID for eight hours. This keeps you on your digital toes.
You may choose to avoid all this advice, but now you know what you might be exposing the next time (if ever) someone you don’t intend has your phone in hand.
While enabled by default, you might choose to not allow all these options to work when your iOS device is locked