Though it may not seem like it, notifications present some fairly big security concerns. This post will address iOS 10 Notifications and Control Center security concerns.
iOS 10 NOTIFICATIONS
Settings//Notifications: Because sensitive information is sometimes transmitted to your device via SMS (such as two-factor authentication codes, personal photographs, etc.) this information should not be visible on your lock screen. Additionally, numerous social media and dating applications will push notifications that show up on the lock screen which would reveal your participation in these networks. If this information is visible, anyone with brief physical access to your device may be able to learn a lot about you and your usage habits.
To manage Notifications navigate to Settings//Notifications. Selecting an app will open a menu allowing you to customize the notifications that are displayed and how they are displayed for that app. When considering these options think about the environment in which you use your device and how public or private it is, and whether or not your device is ever unattended and may be accessed by someone else.
Allow Notifications: It is necessary to allow notifications for many applications to function properly. If you completely disable notifications for the messaging app, for instance, you will no longer receive audible, tactile, or visual notifications that you have received SMS messages.
Show in Notification Center: When you swipe down from the top of your iPhone screen the Notification Center appears. Turning this option off will no longer put notifications from the app in the Notification Center. If you disallow the Notification Center in the lock screen this does not impact security. If you allow the Notification Center to be accessed from the lock screen it is vitally important that you closely control theses settings. The notification center can reveal a great deal of information about you and your usage.
Sound or Notification Sound: Do you want the app to signal audibly that you have a notification? If not, disable here by turning Sounds off. On some applications including FaceTime you must turn off all notifications to disable notification sounds.
Badge App Icon: The badge app is the red circle displayed at the top right of some applications indicating how many unopened messages you have in that application. If you do not want badges to be displayed you may disable this option here.
Show on Lock Screen: This is the most important option from a security standpoint. I do not allow any notifications to be shown on my lock screen. When your phone is locked it should not reveal any information about you or the apps you have installed. If you leave your phone unattended you may consider disabling some or all notifications on the lock screen.
Alert Style When Unlocked: This option simply allows you to choose how you would like to be alerted when the phone is unlocked. If you work in a very public place and fear being “shoulder surfed” selecting “None” can allow you to check incoming messages more privately in a time and place of your choosing rather than having them displayed unexpectedly.
RECOMMENDATION: Limit notifications on the lock screen, and in the Notification Center if you allow it to be accessible from the lock screen. Other Notifications settings are largely user preference.
iOS 10 CONTROL CENTER
Settings//Control Center: The iOS Control Center makes many convenient features of the iPhone available from the lock screen. In fact when it was first introduced several writers proclaimed the lock screen the “new home screen”. The Control Center allows you to toggle Airplane Mode, Wi-Fi, Bluetooth, Do Not Disturb Modes on and off, lock screen rotation, adjust brightness and volume, turn AirDrop on or off, use the flashlight, access the clock, calculator, and camera.
All of these functions are extremely convenient, but some of them can also compromise security. For example, the ability to turn Wi-Fi on can allow someone to capture your SSID probes, identifying the networks to which you have previously connected, which may compromise your residence, place of work, and other locations you frequent. The ability to turn on the flashlight could be used to deny your service by exhausting your battery. For most individuals these are probably not significant concerns, but they should be considered by those who leave their phones unattended for long periods.
Unfortunately, iOS does not allow you to control what settings may and may not be accessed in the Control Center. I would greatly prefer the option to choose which options were available but since this is not the case, the best practice would be to disallow Control Center on the lock screen. This isn’t as much of an inconvenience as you may think; I have never allowed it on the lock screen and have never missed it. On the other hand I do see the appeal of having these functions within such easy reach. If you do allow the Control Center to be accessed from the lock screen realize the threat it presents when leaving your phone unattended.
AirDrop: Enabling AirDrop is only available through the Control Center. AirDrop uses Bluetooth Low Energy (BLE) and Wi-Fi radios to transmit files between nearby iOS and Mac devices, and requires no internet connection to do so. AirDrop connections are encrypted using TLS encryption. Tap “AirDrop”. You will be give three options: Off, Contacts Only, and Everyone. I recommend disabling AirDrop when not in use. When it is necessary, I recommend selecting Contacts Only. This will ensure that your device is only discoverable to those in your contact list.
RECOMMENDATION: If you ever leave your phone unattended, disable Control Center access from the lock screen. All users should keep AirDrop turned off when not in use, and limit access to Contacts when in use.