It's every iPhone user's worst nightmare: your iCloud account is compromised, exposing location data to the web in real time, without your knowledge.
Apple showed its commitment to keeping that confidential data secure by adding two-step verification to Apple ID and iCloud users today. The new security feature will prompt users to to enter their Apple username and password, plus an additional verification code sent via text message to one of your devices.
Enable two-step verification by signing in with your Apple ID at appleid.apple.com. Then go to Password and Security, and follow the instructions at the top of the page.
Setting up extra measures to protect your information is of the utmost importance in today's increasingly digital age. At a MacWorld session in February on how to toughen smartphone security, Ars Technica's Senior Apple Editor Jacqui Chang told a frightening tale of how her friend, after breaking up with his partner of 20 years, was stalked — and how iPhone location data, accessed through iCloud, made it possible.
When iCloud was introduced in 2011, we loved that the cloud-based service provided a free storage and syncing solution for our Apple devices. But with so much of our data automatically uploaded to the web, the service makes us more vulnerable to privacy predators. After her friend's traumatic experience with his ex, Jacqui investigated exactly how iCloud could put your privacy in danger, and offered these safety tips for smartphone users who are at risk of being stalked.
First, Change Your Passwords
- If you're at risk, then change your Apple ID immediately, as well as your iTunes ID (if it's different). This is the key to your iCloud, which can control almost everything in your device: from your contacts to your photostream to your email.
- Additionally, make sure your password recovery question is info that only you know. Jacqui reported that 3.4 million people in the US are stalked each year, and most stalkers are people the victims know well.
Second, Understand How Apps Interact With iCloud
- Find My iPhone — iCloud provides no privacy controls for Find My iPhone because it's designed for your personal use if your iPhone is misplaced. Once someone has your Apple ID info, they can find the location of your iPhone and, by proxy, you. This feature is installed by default with iOS 5 and 6, but needs to be enabled through Settings. You can find out when someone is tracking your iPhone from another device by going to Settings > Location Services > Find My iPhone > Turning "Status Bar Icon" to on.
- Find My Friends — While this free app must be installed on a phone to be activated, consider this: if your stalker finds your phone, unlocked, then he or she can download Find My Friends, have it run in the background, and prevent you from deleting it by setting a parental control passcode (which is different from the lock screen passcode). Notifications can be set up to alert users when "friends" enter or leave locations, like airports, places of work, home, or points of interest. In Settings > Location Services, you can check to see if Find My Friends has access.
- Photostream — Photostream automatically uploads images from a phone's camera roll to the web. Implicitly, a photostream could reveal who you're with, and where you are through location markers in photos, like subway stops or monuments. There is also widely available software that reveals encoded GPS coordinates (geotags) from any image taken on your phone. If Location Services are turned on for your Camera, then this location data is readily available to anyone on the web, even if you don't post it on a social network and explicitly state your location.
- iMessage — If your iMessage is associated with an email account (which is most likely if you've synced iMessage to an iPad or Mac), than these messages are accessible to anyone who can download the Messages app. That email account is most likely your Apple ID, and again, if your stalker has that information, then he or she can read every iMessage you send, remotely, on another device without your knowledge.
- Location Services — On your iPhone, go to Settings > Location Services and look at all the apps that use geo tracking. Some of these apps can track you even if it is running in the background, and a lot of apps are reporting your location back to servers. Savvy stalkers can hack your phone to send that data to an email address or a remote server. If you're at risk, then think hard about what apps really need location services.
Read Jacqui's entire investigation for more ways to harden your smartphone against stalkers.