You leave your iPhone on the table while you go to the bar, but that’s okay — it’s locked, right? There’s no way your date, business associate or hashtag swag mates can access your information or post slanderous things about you on Facebook… right?
Wrong. Siri and Notification Center are the two biggest threats to privacy on most iPhones, purely because they’re able to give away a surprising amount of personal information unless your default settings are changed.
When Locked Doesn’t Mean Locked
By default, iOS allows full access to Siri and Notification Center when your iPhone is locked. Many of Siri’s features are restricted, and require a passcode or fingerprint in order to authorise them, but many more are not — and they pose serious privacy and security risks. It goes without saying you should already have a passcode on your iPhone; you can do so at Settings > Touch ID & Passcode.
From your lock screen you can ask Siri to show your recent calls, and a full list of recently-contacted individuals will be displayed. You can also ask Siri to show recent messages, and the assistant will find and read any unread text messages you may have on your phone.
What’s more you can ask for a list of your notes, and they’ll all show up on cue. Reminders are also accessible — you can even check them off from Siri’s lock screen interface. If you’ve saved an address to your own personal contact in your address book (yes, you have one), you can ask Siri to “show me home on a map,” and it will — right there, in your lockscreen.
Ask Siri for the address of any known contact, and it will also be displayed in your lockscreen. In fact, you can ask for any known contact information — phone numbers, email addresses, Twitter handles or simply ask for a list of contacts on the phone that match a certain query like: “Find people named Jones.”
Other functions accessible via Siri include many settings — like turning off Bluetooth or Wi-Fi and the ability to view and edit alarms. This is all before you get to the really juicy stuff like sending messages, making calls or posting to Twitter and Facebook (no passcode confirmation necessary).
With access to much of this information, an adversary could ruin you.
Notification Center & Lock Screen Replies
Of course, much of this information is available via the Notifications and Today screens anyway — which provides a comprehensive list of your incoming notifications, organised by app, including any apps you’ve specifically excluded from your lockscreen in Settings > Notifications.
Furthermore, iOS 8 allows you to reply to messages from the lock screen, by swiping left-to-right on the notification, tapping out a reply and sending it all without unlocking your device.
On the Today screen your widgets are accessible, so if you’ve enabled any that display personal information like Evernote or DayOne, this information is also viewable (the apps themselves are not accessible, and require your phone be unlocked). You can also see upcoming appointments on a calendar and check off reminder items from this screen.
Limiting what appears in Notification Center is the only way to customise what is displayed. That renders the feature useless even when your phone is unlocked, so you’re better off disabling lock screen access instead.
Preventing Unwanted Access
The best way to stop your iPhone from giving away your personal information is to turn off the offending features. You might never use these features, or if you do you might have little need for them on the lockscreen — and if you’re using an iPhone 5s or later, you have a fingerprint scanner which makes unlocking your device as effortless as picking it up.
Most of us can afford a few seconds delay to ensure privacy, so head to Settings > Touch ID & Passcode to disable any features you aren’t comfortable with. You can disable lock screen access to the Today screen, Notifications view, Siri, Passbook (which only appears when prompted anyway) and the ability to reply to messages without unlocking your phone.
With these settings disabled, you will still receive regular old notifications in your lock screen, which show up when you wake your phone. If you want to exclude any apps from your lock screen for privacy reasons, head to Settings > Notifications and tap the app name. In the menu that appears uncheck Show on Lock Screen.
What Can Apple Do?
With Notification Center and Siri disabled from the lock screen, you might think the problem is solved, but in reality Siri is a handy tool to have at your disposal. The recently added “hey Siri,” functionality enables hands-free usage, but when you disable the feature from your lockscreen it’s far less convenient.
Apple could allow users to decide what they are comfortable with Siri divulging while their phone is locked, allowing concerned parties to disable the sending of messages and other potentially problematic privileges.
Ultimately it’s up to you whether or not you disable these features, and much of that comes down to how often your phone is left unattended.
Have you disabled Siri or Notification Centre access from the lock screen? Was this for security, convenience, or something else?