There are a whopping 300 million iPhones in active use today.  It’s a difficult number to get your ahead around because it’s just too large. But think of it in terms of the population of the US which is just over 300 million, or five times the total number of people in the UK, and you get a better sense of how insanely popular these funky, snazzy smart phones are.   However, Android phones – think Samsung Galaxy, HTC 1, Google Nexus, Motorola Droid and so on – lead the way with almost 800 million in use. According to ABI Research the total number of smart phones in use today tops out at 1.4 billion when you add in BlackBerry and the Windows Phone. One of the great things about the iPhone, when compared to Android devices, is that security has generally never been an issue. There have been very few high profile breaches. That’s because Apple has a strict policy when apps go into its app store for sale. All apps must be scanned and verified to ensure they’re not harbouring malicious code or hiding Trojan viruses. In contrast, Android apps often come from unknown sources and some have been designed by hackers to look like something they’re not. Unsurprisingly the number of breaches on the Android platform is growing. Kevin McNamee, security architect and director of telco giant Alcatel-Lucent's security labs, goes straight to the heart of the matter when he says: "Malware and cyber security threats continue to be a growing problem for home networks and mobile devices, particularly for Android smartphones and tablets which are increasingly targeted."

Troubling iPhone vulnerabilities

IPhone users might have good reason to feel a bit smug – they’re toting a device that seems water tight. Sorry to break the bad news though because this is changing. With 300 million iPhone’s in use and increasing numbers of people flocking to mobile banking and online shopping with their smart phones a digital honey pot is being created. And don’t the hackers just know it. There’s a mounting body of evidence that suggests cracks are appearing in iPhone security – many originating from the app developer side. An alarming piece of research from IOActive Research dug into security around banking apps for the iPhone. The research assessed 40 home banking apps from some of the world’s top banks for the iPhone and iPads. And here are some of the troubling findings:
  • 40% of the audited apps didn’t validate the authenticity of SSL certificates that are presented during the transaction. This makes them susceptible to man in the middle attacks.  SSL certificates are small data files that digitally bind a cryptographic key to an organisation’s details.  When installed on a web server it allows secure connections from a web server to a browser.  They are typically used to secure credit card transactions, data transfers and logins. A man in the middle attack is a form of active eavesdropping in which the attacker makes connections between the user and the bank and effectively relays messages between them making them believe they are talking directly to each other over a private connection. However, the attacker is controlling the conversation.
  • 50% of the apps are vulnerable to JavaScript injections via insecure UIWebView implementations. In some cases, native iOS functionality was exposed so an attacker could send SMS or emails from the phone.  JavaScript injection is process in which JavaScript code is inserted into a web page by either entering the code into the address bar or by finding vulnerability such as UIWebView implementations. UIWebView is a Safari developer component that allows developers to embed web content into their apps.
  • 90% of the banking apps contained several non-SSL links throughout the application. Clearly, if some links aren’t encrypted an attacker could intercept the data and inject arbitrary JavaScript or HTML code to create a fake login prompt or similar scam.

Handing out the keys to the vault

In short, these vulnerabilities could allow hackers to intercept sensitive data, install malware and even take control of someone’s smartphone.  An attacker could certainly gain a good understanding of how the banking app is architected and the server infrastructure. In turn it could lead attacks targeting both the phone and the bank’s server.  It’s a bit like working out the combination on a lock that protects a vault.

So what is a poor iPhone user to do?

Given that mobile banking is becoming as popular as drinking tea in China and the bank’s don’t seem to have such a good handle on watertight security what should your average iPhone, mobile-banking user do?  Here are a few simple tips that will help keep you safe:
  • Never ever save your passwords to online bank accounts in the phone’s browser or anywhere on the phone. Either keep them in your head (extremely difficult) or get some pretty good encryption that protects passwords on your phone.
  • Don’t do online banking over public Wi-Fi networks or Wi-Fi connections that aren’t encrypted.  Some things are best done in private.  A public network is precisely that for a hacker – public.
  • Make sure you close all browsers and banking apps when your session is ended.  You wouldn’t walk around with banknotes sticking out of your back pocket would you?

Is that cinnamon sprinkles with your latte?

Another recent iPhone vulnerability also illustrates how developers are helping create ‘holes’ through which hackers can gain entry. Starbucks, the coffee chain you either love or hate, and that’s simply the coffee, recently admitted to a searing flaw in its digital wallet app. Put simply, data in the app wasn’t encrypted, so any creeping thief who lifts an iPhone with a Starbucks digital wallet on it, could connect the phone to a computer and as well as retrieving names and passwords also build up a picture of a user’s movements through the world of Starbucks and their preferred beverage. This level of info is not exactly going to lead to whooping police sirens and your house being surrounded by militarised police teams but it does illustrate how developers are missing tricks and how we, the general iPhone using public, shouldn’t assume that just because an app is on the iPhone it offers supreme security. That said, and speaking of supreme security there are a raft of iPhone applications that can, metaphorically speaking, provide similar levels of protection to that which surrounds American aircraft carriers. If you didn’t know, anything that comes within 50 miles of these floating air forces will trigger alarms, lasers and a raft of deadly missiles whose singular intent is to destroy. We’ve been doing some digging to find the best digital equivalents to protect your iPhone in the digital ocean and here are some of the best.

Find My iPhone

Strictly speaking it’s not an app. If your phone is lost or stolen, you can locate it, display a message on the screen, play a sound for two minutes and with all the insouciant panache of a digital God, lock and/or wipe the device remotely.  You can activate it on your iPhone by going to Settings, then iCloud, and enable Find My iPhone. There is also a Find My iPhone app which allows you to use your iPhone to perform the same functions for another iOS device.


GadgetTrak is similar to Find My iPhone but it has the added bonus of using the iPhone’s built in camera to take a photo of which ever shifty character is handling the stolen phone. It also shows your device’s location at pre-set intervals, so you can track the phone’s movements.  In short, you become your own digital detective – not only do you know what the villain looks like you can track their movements.


If you use your iPhone for lots of transactional type things then SplashID Safe for iPhone is the app for you.  This funky app enables secure storage of your online passwords, as well as credit card data, account numbers, registration codes and more. An automatic password generator helps create strong passwords and in terms of leading-edge encryption it protects stored data 256-bit Blowfish encryption. The app also syncs over Wi-Fi with the company’s desktop software which is handy but at $20 a pop, a bit pricey perhaps.


We love this app. It’s got James Bond 007 written all over it. It sends self-destructing messages to other WICKR users anywhere in the world, leaving no digital trace.  If you’re concerned about the recent NSA revelations in which seemingly every digital communication is scooped up by vast spying operation than this app is for you.  WICKR allows the sender to control the message by deciding who sees it and also the duration of the message before it self-destructs.  It’s protected by military grade encryption and also deletes metadata, the digital imprint much beloved of spy agencies.


Most people have some photos or videos on their iPhone that are ‘private,’ that is they don’t want others to see them. iDiscrete  is a neat little app that products your content including documents. It’s clever, in that it hides the fact that file are being protected. If someone tries to view your content the app presents a fake loading screen, if the correct touch sequence isn’t entered. Protected files can also be transferred between the phone and a computer via Wi-Fi.


If you use your iPhone to discuss sensitive information during calls and are a little concerned that someone may be listening in, an app called Kryptos offers secure voice communications using 256-bit AES encryption. It works over 3G, 4G and Wi-Fi networks.

Spam Arrest

If your iPhone email inbox is plagued with spam then this app might just for you. Spam Arrest doesn’t just filter spam and malware; it requires everyone who sends you an email to respond to a query to confirm their identity. That will stop spammers in their tracks.  The app offers the ability to create an account, manage unverified mail and edit an approved senders list.

Safe Eyes Mobile

This is a good one to protect the kiddies who, as is the way with children and gadgets, are probably grabbing at your phone, running off chuckling with glee and then hitting all sorts of different web sites. Safe Eyes Mobile essentially replaces the iPhone’s Safari browser with a browser that filters certain types of content so the children don’t inadvertently download something they shouldn’t.  

Hotspot Shield VPN

Does your use of your iPhone border on the addictive? You can’t help yourself when it comes to using public Wi-Fi networks? If so, you’ll probably find Hotspot Shield VPN quite useful.  It protects you when using Wi-Fi hotspots by encrypting all traffic to protect your identity, IP address and to stop unwanted tracking. It also notifies and blocks spam, phishing and rogue websites with malware protection. That said, you can unblock any blocked content and services.  


Dashlane is a robust password manager which can also store various IDs, credit cards and other payment methods, receipts, and notes. It comes with an auto-fill feature for online forms to which you can add different addresses, phone numbers, and other personal information you're tired of typing repeatedly.   This list is by no means exhaustive but it does provide some examples of the ‘hottest’ security apps available for the iPhone. Some are free and some cost. And new security apps are being developed all the time. If you’re thinking of bolstering your IPhone with some additional security – a good idea these days – you can’t go far wrong by considering these or similar apps. Whatever you choose it’s a good idea to read the customer reviews – they’ll give you a good sense of what’s what by filtering out the marketing noise around the apps.

Use your head

And finally, here are some tips to secure your iPhone that are so obvious it’s a bit like saying water are wet.  But that said, the obvious often flies over the head of many people, so it’s worth reiterating a few simple rules.

Use a Passcode Lock

Pass codes don't provide encryption of data. They simply make it hard to access the phone b y preventing unauthorized users from unlocking your device and reading its data or making outrageously expensive calls to far flung places.  Set your code by going to: Home Screen -> Settings -> General -> Passcode Lock. Enter a four-digit code of your choice.  And don’t forget it otherwise you’re looking at a full deletion of data on the phone and restoring from backup.

Passcode Lock with Siri

You can access Siri from the lock screen just by holding down the home button. This is a vulnerability of sorts because someone can access some elements of your phone even if it has a passcode on it. But you can turn this off and enable Siri only when a phone is unlocked. To do this, go to the Passcode screen and move the Siri slider to Off.

Encrypt Backups

You can secure the data on your iPhone by encrypting the backups on your computer. This will prevent someone who doesn’t know your password from getting access to your data by using your computer. Do this in iTunes when you sync your iPhone or iPod touch.

Safe and happy iPhone using!