A Twitter user recounted a familiar story of a lost iPhone that resonated with a lot of people just a few days ago. The person behind @afronomics_ said she found another woman’s phone in the bathroom. She noted,
I asked Siri what’s my name. It pulled up her info. Cool. I asked Siri who do I call most. Pulled up her recent calls. Cool.
The whole thread is good reading. (The account owner uses colorful language and may be inappropriate to peruse at a workplace.)
I tested the list of things she noted, and I had slightly different results, but no less concerning. Siri required that I unlock my phone when I asked, “Where do I live?” but when I said, “Directions to my home,” iOS provided those without a beat. When I asked my wife’s and kids’ names, I was told to unlock, but my most recent call came up without reservation, as well as telling me my name when I asked.
I hadn’t recently noted where I parked my car, but apparently that’s within the purview of results too. And that’s before swiping down to see the Today view and notifications, which I have enabled on the lock screen.
Maybe I shouldn’t only be advising you on information hygiene, but also take that advice myself?
It’s perfectly reasonable to want convenient access to a number of features without having to unlock your phone, even when that’s relatively easy with Touch ID. The lock screen features are more about pulling them up quickly than securing all your private data.
But as the person who left their phone in the bathroom found, it’s very easy to mine a lot of data and fast. This is also true in school and work environments, or even in ones where you’re dealing with siblings, or when you’re the adult child of invasive parents.
Although Apple generally positions itself rightly as privacy conscious vis-a-vis the information about yourself that it allows itself and others to see, there’s no one-stop-shop for dialing up or down what appears on the lock screen. You have to visit several places in Settings:
- Touch ID & Passcode
- Control Center
Touch ID & Passcode allows access to major features, and all the options are enabled by default. You can turn them off under Allow Access When Locked:
- Today View, the summary of what’s going on in your day plus widgets. (Some widgets show limited information while locked, such as Activity and Find My Friends.)
- Notifications View, the swipe-down view that’s a swipe left from Today View, which reveals the history of notifications. You can keep notifications active and adjust how much information is displayed, however, as discussed below.
- Siri, which won’t respond to everything, but does give away a lot. Disabling Siri in this fashion prevents the “Hey, Siri” option from working while locked.
- Reply with Message, allowing you to respond to an incoming message from the lock screen.
- Home Control for HomeKit-connected devices.
- Wallet, allowing the use of stored cards. You still need Touch ID to pay with Apple Pay, but other items in the Wallet are freely available with a double-click of the Home button, such as store-affinity cards. Someone with your phone could pay with your Starbucks card, for instance.
If you disable Siri, it also turns off Voice Dial, a feature that lets you call someone by name or by speaking a number. However, you can keep Siri on and turn off Voice Dial through a switch just above the Allow Access When Locked area.
Turning off Wallet on the lock screen prevents you from accessing cards, but still allows payments. You can also disable this via Settings > Wallet & Apple Pay. With Wallet disabled on the lock screen, you could put the Wallet app on your home screen or in your menu bar, so that when you unlock your phone it’s just a tap away.
Notifications can reveal varying amounts of information. As a general setting for each app with notifications enabled, you can go to Settings > Notifications > app name and tap Show on Lock Screen to off. Mail and a few other apps offer detailed previews on the lock screen, which can reveal too much. Mail offers a few different settings by category; here are the steps for switching off previews for senders you’ve marked as VIPs:
- Open Settings > Notifications > Mail.
- Tap VIP.
- Under Mail Options, tap Show Previews.
- Select When Unlocked.
Finally, Control Center has its own Access on Lock Screen setting. It’s useful, but it can also let someone play back your audio, change output devices, and potentially see a little bit more about you.
While you’re at, improve your passcode
Since we’re talking about unwanted or unintentional physical access to your phone, you should use this opportunity to improve your passcode. A colleague told me last year about visiting home and turning around to see her pre-adult sister tapping away on her lock screen and guessing her four-digit passcode, which was non-obvious. She suspected her sister might have seen enough of her unlocking the phone to guess the full number.
Security researchers say even the six-digit code Apple emphasizes now isn’t enough. Generate a short memorable phrase of words unlikely to appear together. If you’re using Touch ID, you don’t have to enter that passphrase often, but it’ll avoid the little sister and the casual snooper (or good guesser) problem.
And since an update in iOS 9, you’ll keep your passphrase more in mind, because iOS requires that after six days in which you haven’t entered your passphrase, you’re prompted to re-enter it after not using Touch ID for eight hours. This keeps you on your digital toes.
You may choose to avoid all this advice, but now you know what you might be exposing the next time (if ever) someone you don’t intend has your phone in hand.