I started writing a step-by-step type of guide on hardening your iOS, but I realized that without understanding the reasoning behind the steps I’ll be showing you, that it’s basically useless information. Also it’s important to remember that there is truly NO REAL WAY to secure your phone the way you imagine doing so. The reasoning will be explained below. So without further ado, here’s part one of the series I’m writing on how to improve your iOS privacy and security, let’s get into it.
EDIT: It was brought to my attention that I didn’t mention that this definitely is not a guide in which you will learn how to browse and operate the darknet via your mobile device. This would be an immense OpSec violation that could cost you your freedom. This series is more geared toward anyone who wants to increase the level of privacy and security on their iPhone in general. Nothing specifically related to the DN is going to be in this series. Strictly mobile (geared toward iOS) privacy and security fundamentals that everyone should be practicing in their day to day life regardless of one’s affiliation with the darknet.
Why is your iPhone your weakest OpSec link?
The reason that there is no real way to secure your phone and truly feel safe is all due to lack of control. You don’t have much control at all within iOS or any mobileOS, meaning that the operations and functions that are happening on your phone are mostly unbeknownst to you. The backend OS of your iPhone is very similar to MacOS, however it’s designed in a way that offers much less control (not that Mac offers a lot of control to begin with, but this is in comparison to an iPhone, not a linux setup). For example, on MacOS you’re able to use the terminal to run command at the UNIX level; this offers a lot of control over whats going on behind the scenes on your computer. You can also install an application layer firewall on your mac to really understand what things are doing in the context of the internet and you can even intercept how specific macOS low level applications are interacting with the internet. These are things that you cannot do at all whatsoever on an iPhone. Instead apps are essentially containers that access the OS through API’s and software development kits. This makes it so if you really care about privacy (as you absolutely should, look at where you are) and you desire to see what’s happening behind the scenes on your iPhone, well, you can’t.
What does your phone have that your computer doesn’t?
Well, a GPS chip for one, This means that it’s able to know, with satellite gps, where you are and can track where you are and follow you around with a high level of precision. It also has an LTE network connection, allowing you to make phone calls and receive SMS messages, as well as access the internet on your phone’s network.
GPS and LTE are both ways that someone can track you. Your phone using the GPS knows your exact position, and LTE can track you using antennaes and cell phone towers to triangulate your location.
Your phone is essentially a personal tracking device that was engineered to track you everywhere that you go, and this makes it very easy for a government agency or your carrier to follow you around. However, there are things that you can do to combat this, and make it more difficult, but it still means that we’re heavily realiant on trusting the OS. Say you have WiFi disabled in the user interface, does that mean it’s actually disabled? Well, it’s hard to tell when you only have user-level access with no ability to deep-dive into the OS. This could be a big deal considering that WiFi is a big contributor to making it easier to track your location.
Say you’re running a stock version of iOS. We know that it has Wifi, an LTE chip, and GPS. I spoke briefly on both location tracking via LTE and GPS already, but wifi is a huge contributing factor used in easily tracking your location. Your iPhone uses it’s WiFi antennae to track where other wifi access points are, and it knows how far away they are based on the strength of their signal. When you open something like Google Maps, and it can basically show you that you’re in your house, it does this using wifi & gps. When you walk into your home, your phone probably auto-connects to your home wifi network. So, how does it do this? Well, with the wifi function enabled, your phone is contantly sending signals out in the background that are searching for familiar wifi hotspots or access points or networks, whatever you want to call them. When these signals pickup a familiar network, it’s able to auto connect. This is done using MAC Addresses, or unique indetifiers used to, well, identify each individual electronic device in the world, I’m not going deeper into MAC addresses though right this second. Look it up if you need more immediate information. These continuous signals being sent out in the background of your phone aren’t necessarily a problem in and of themselves though. The huge problem is a combination of the wifi signals being sent out in conjunction with the GPS chip offering your precise location. So when your phone is sending these signals out searching for wifi hotspots/networks, it knows your exact location, and it also knows the approximate distance of nearby access points (familiar or not) based on their signal strength, and it then uploads this information to most likely Apple or Google, depending on what phone your using. Now THAT’S the scary part. Just by moving around, and carrying a phone with you wherever you are, you are basically contributing to the location tracking of everyone around you.
Bluetooth can also be used to track you, but I have less knowledge on this subject. Basically, it functions in the same way the wifi does. Sending out signals, searching for devices, knowing their distance from you via signal strength, and so on.
So if your phone has wifi and bluetooth enabled and your just walking around not connected to a familiar network or device, then it is just broadcasting information, and that information can potentially be correlated back to you to find your location.
Nobody should find any sense of security or privacy when using a mobile phone. It’s built into the design to be a literal tracking device that monitors you, profiles you, and learns behaviors unique to you, all while keeping you entertained to the point of possible addiction. However, there are ways to fortify the privacy and security on your phone, and I’ll be making an in-depth follow up guide that will explain, step-by-step, exactly what you should do within your phone’s settings to boost your level of security.
One last thing to keep in mind: Please remember, all of your phones setting capabilites are limited to being controlled on the user-interface level. So, as I mentioned previously, who really knows if turning a setting on or off does anything other than a cosmetic change to the user interface. However, whether we truly know if enabling or disabling our location on our phone actually works, I still feel as though it’s better to do it either way. Worst case scenario, you took the proper precautions and never had a reason to be grateful you did. Best case, a person or agency searching for you is either completely thwarted, or is held off, thus buying you more time to get the fuck outta dodge.
One more last thing: If you are anywhere besides your home right now reading this, and you still have wifi and bluetooth enabled on your phone for no reason, you should turn that shit off asap.