Despite all the news coverage on Edward Snowden and the alleged government surveillance from the NSA and GCHQ, iOS users are posting a glut of personal information to Facebook, Twitter, Tumblr, WhatsApp and other social networks. There’s nothing especially wrong with that except most are unaware of privacy controls – Microsoft’s Consumer Safety Index survey revealed that just 30 percent of people have changed their social network privacy settings.
With that in mind – as well as claims that GCHQ has been recently accused of monitoring social media activity – here’s what you should do to ensure that your social media life remains private on iOS.
Be aware of what data will be shared on social networks
Keep an eye on the Privacy tab within the Settings of your iPad or iPhone. Here you’ll see the applications that have requested access to your Twitter account.
If you’re not happy with Facebook and Twitter collecting data maybe you need to rethink what data you want to share with these networks in the first place.
Your first port of call should be the privacy agreement. As an example, Facebook’s reveals that the social network can collect geolocation metadata when posting photos or videos, or receive data from or about the mobile device your using to access Facebook. This data may also include your IP address or phone number.
Twitter’s own privacy policy is similar – revealing the use of cookies, and the collection of log data, which can include the OS you’re running, the mobile carrier and the pages visited. Both policies can be easily accessed via their respective iOS apps.
It’s also worth noting that these social networks have a chequered history with privacy/security.
Facebook, Twitter, Instagram, Foursquare and Path and other iOS apps sent names, email addresses and phone numbers from the internal contacts book to company servers in 2012 – without user’s permission. More recently, Snapchat – supposedly a private mobile iOS and Android app –was exposed by an API app exploit, allowing hackers to steal and post a database of 4.6 million usernames and phone numbers online.
Keep an eye on third-party app security settings
Following on from last point, third-party apps can be a risk. Sure, they’re convenient for posting the same message to different services, but do you want them to have access to all that data?
To be safe, via the settings menu on iOS, select which apps can gain access to Twitter, Facebook, Vimeo or Flickr by sliding the slider from green to white. At one stage, I had 12 apps connecting to my Twitter account.
Keep passwords safe with iCloud Keychain
Ah, passwords – pretty much the bane of the digital existence. You can’t remember which one you used for which account, and a frightening number of people opt for guessable phrases like ‘password1234’ or their child’s first name.
Thankfully, Apple has made password management easier with iCloud Keychain (providing you’ve enabled it in iOS 7 or OS X 10.9 Mavericks), while adept password managers exist in 1Password and LastPass.
There are some caveats – as you’d expect from a fledgling technology – but iCloud Keychain is handy, saving and encrypting (AES-256) passwords and even credit card information across devices via iCloud.
It works for Facebook, Twitter and LinkedIn, and other websites, and can suggest unique passwords. All the information – and listed passwords – can be found in Safari settings
So use Keychain or 1Password – although you’ll need to ensure you have a strong master password for the latter. Alternatively, if you’re super worried about passwords being stolen, wipe passwords on Safari and stop Autofill – both which can be done from iOS settings.
Get the basics right
Facebook has a number of privacy settings that will allow you to decide who can see you and who can contact you.
It sounds obvious, but do all you can to ensure that you have the basics covered. That involves making sure your iPhone or iPad has the latest OS, runs an up-to-date web browser and has security software. Also avoid the temptation to jailbreak and make sure you only click on trustable links.
Phishing is a common attack method on email, but is spreading to social platforms as hackers recognise that it can be used for more sinister attacks – or even ID theft.
The recent social engineering attack concerning the @N Twitter handle showed that social accounts have value to cyber-criminals, while researcher Janne Ahlberg has found previous evidence of phishers trying to steal passwords from Twitter users by directing them to a bogus login page.
As such, treat posted links and direct messages with suspicion. You can block users and report spam from the icon of the person’s profile on Twitter for iOS. Similar options are available for Facebook, by visiting the ‘Report a Problem’ screen on the settings bar.
Furthermore, know what privacy restrictions you can impose from within each app. For starters, go to the Privacy Shortcuts on the Facebook iOS app to set who can see future posts, and send friends requests.
Embrace two-factor authentication
Two-factor authentication is designed to guard your privacy – it can protect against password breaches and phishing attacks – and has been adopted by Facebook and Twitter, as well as LinkedIn.
Facebook’s 2FA, called “Login Approvals”, sends a six-digit code via text when you try and login from a new machine. Login Approvals can also work with Google’s Authenticator app – available for iOS and Android.
Twitter’s two-factor authentication sends a six-digit code via SMS text message, and also gives back-up codes (accessible in the iOS app) should you misplace your phone.
You can turn on 2FA on Facebook via Facebook Security Settings, and turn on Twitter’s by going to Me > Settings > Security > ‘turn on Login verification’. LinkedIn and Tumblr have similar functions – Tumblr’s two-factor authentication can be turned on via Settings and clicking ‘Enable’. You can choose if you want to authenticate via SMS or the Google Authenticator app.
Think outside the box: Consider other apps & tools
If you’re concerned about using your favourite social media services on your iPhone or iPad, and the above recommendations aren’t doing the job, it’s time to think outside the box.
As mentioned on point #1, you may want to look at alternative methods of communicating – like Snapchat, Secret and Wickr – three ‘private’ social networking iOS apps, while AVG has released an application for iOS called PrivacyPix Family, which has the purpose of leading users through securing privacy settings on social networking sites.
Read more about security on the iPad and iPhone here: How secure is the iPhone, iPad, and iOS?
Author: Doug Drinkwater, Contributor
Doug Drinkwater has been writing about technology since 2009, and is currently the Senior Reporter at SC Magazine UK. His work has also appeared in TabTimes, PCWorld, International Business Times, Macworld UK and The Gadget Show Magazine plus numerous other titles that you've never heard of.