Hello, iPhone and iPad register the fingerprint, 1password, cloud storage, etc. I know that iOS has a function to erase all these data for those who are selling or returning their devices. Can the bad guys still retrieve those information?
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Do we need to worry about leaking of personal info if we sell our iOS devices later?
- Thread starter hajime
- Start date
- Sort by reaction score
The data on your iOS devices is encrypted. When you Erase All Content and Settings, the encryption key is erased, leaving no easy way to decrypt the data left on the device. For all practical purposes, your data has been "erased."
But when you ask "can the bad guys still retrieve those information..." there are no guarantees. If the "bad guys" have plenty of money and plenty of time, there may be a way to get your info - there are companies that charge huge sums for just such services.
Basically, if you're an average person, nobody is going to spend that kind of money or effort to crack into your former iPhone. I have to assume you are an "average person," because anyone whose information is valuable enough to make the effort profitable already have security departments to ensure that the information is properly protected. Those security departments will likely require the device be incinerated or turned to powder. They certainly would not allow that device to be traded in or given to someone else.
But when you ask "can the bad guys still retrieve those information..." there are no guarantees. If the "bad guys" have plenty of money and plenty of time, there may be a way to get your info - there are companies that charge huge sums for just such services.
Basically, if you're an average person, nobody is going to spend that kind of money or effort to crack into your former iPhone. I have to assume you are an "average person," because anyone whose information is valuable enough to make the effort profitable already have security departments to ensure that the information is properly protected. Those security departments will likely require the device be incinerated or turned to powder. They certainly would not allow that device to be traded in or given to someone else.
You don't have to use your thumb at all.
You can store up to 10 individual fingerprints in touchID.
You don't even have to use fingers.
I have one "finger" registered to my nose. It works every time that I try it. Looks (and feels) a bit odd, but it works.
If my nose works, a toe could certainly be used to unlock your device.
I think my nose would be more practical in most situations, rather than a toe -- but sure, use your toe. I think that will be challenging to get a good, usable print - but I have never tried that.
If the FBI had to use a special Israeli company to crack the San Bernardino terrosist couple's 5c pass id, I think your iOS devices should be secure enough if you wipe them before selling.
First and foremost, make sure you have a very secure Apple ID password. That means, using an obscure passphrase that doesn't make any sense, can't be easily known about you, and one that you can remember. If you haven't done so already, turn on Two Factor Authentication for your account. The advice applies to your 1Password account, and any other Apple Store apps that contain personal information.
If the aforementioned has already been done, make sure that your iOS device has a strong passcode. I suggest (at a minimum, a 6 digit passcode. I use a 12 digit code. Other people go even further and employ a long passphrase. If you are married, the only other person that needs to know your passcode is your wife.
Lastly, follow the advice of the seasoned members here, and you will be fine, in regards to passing your phone on, once it has been properly erased and you have signed the device out of iCloud.
Your toe? Why even use Touch ID then? It's supposed to be a way to have good security on your phone, but still convenience for daily use. I can't image using your toe print accomplishes this.
I also think that seems a bit odd, if somebody was really concerned about their security other then touch ID, alpha-numeric encyption would be the other suggested method.
Possibly. I still don't see how using a toe would be more convenient than a passcode.
In addition to the info provided on Secure Enclave, if I recall correctly, your "fingerprint" is not really the fingerprint. Your fingerprint scan gets converted to a numerical representation in the Secure Enclave. So if it WERE possible to extract information from an erased phone, Bad Guy could not recreate/use the fingerprint outside of iOS ecosphere (and even then, doubt it is useful).
As others have mentioned, erasing the iOS device causes the device to reencrypt the storage (ala full disk encryption). So, your old data was already encrypted with a now erased random key, and is now encrypted a second time with a whole new random key.
On top of that, each individual file on the device is encrypted with their own unique key, and that key is encrypted with a different key, and then that encrypted value is encrypted with yet another key.
Great read: https://www.apple.com/business/docs/iOS_Security_Guide.pdf
So many layers of security in place, that again as mentioned earlier, you need to be someone REALLY important and dealing with REALLY important information to invest the many $$$ and large amount of time to crack an erased iOS device.
Alpha-Numeric should always be ones choice.
I agree , but others won’t utilize alpha numeric as their primary sometimes because it’s too “Long of a password” or they simply “Can’t remember it.” Consumers want whats easiest and most convenient, which touch ID and Face ID are examples of seamless access, I would also say it depends how someone values their security and what method they choose.