Securing your data from thieves? Any suggestions regarding this article?

doug2 · April 22, 2025, 5:43am

I found this article interesting. Any suggestions from people here about best settings?

Halfsmoke · April 22, 2025, 6:16am

Key concept: avoid single points of failure and unnecessary risks.

Keep backups of all critical and sensitive data using multiple storage types (HDD, optical disc, cloud, etc) and software (Time Machine, Carbon Copy Cloner, etc).
Designate a Recovery Contact.
If you don’t need something—an app, a password, a file—on your mobile device, don’t keep it there (for example, I use my iMac for managing my stocks so I don’t have my brokerage’s app on my phone).

ddmiller · April 22, 2025, 11:15am

I think we’ve talked a lot about this before. For example, Turn On Stolen Device Protection in iOS 17.3

doug2 · April 22, 2025, 9:36pm

Thanks for that. I had overlooked that. Does everybody here have that turned on? I am not sure I have all the requirements met, like passcode or whatever.

If you’re not in a familiar location then even you with your biometrics cannot do certain things for an hour, right?

doug2 · April 22, 2025, 9:38pm

Good point. I do have a Time Machine and CCC backup in addition to iCloud.

Time Machine of late has gotten a bit hit-and-miss. I’ve changed the backup from hourly to daily which helps somewhat, but sometimes a single daily backup fails to backup also.

MacDrew2000 · April 25, 2025, 4:54pm

I turned on Stolen Device Protection as soon as it was available. I have recommended that all of my friends and family use it and also set the “Require Security Delay” option to “Always”. See: About Stolen Device Protection for iPhone - Apple Support

I could be wrong, but my understanding is that even with Stolen Device Protection enabled on an iPhone, you could still immediately change your Apple Account password using a Mac. So if I ever thought my Apple Account password was compromised, I could immediately use my Mac to change the password without having to wait for the 1 hour security delay.

That is good advice.

Nothing important or valuable should every be stored only on a single device–especially a portable device that is easily lost or stolen.
Syncing data from your iPhone (or iPad or Mac) to iCloud (or another cloud service) is not a real backup.
a. It is tremendously convenient (i.e., it allows you to access your files, photos, contacts, calendar, reminders, etc. on all your compatible devices and on the web). It does provide protection in the event that your iPhone (or iPad or Mac) is lost or damaged or is stolen while locked by someone who doesn’t know the device passcode.
b. But it provides no protection in the event that someone gains access to your iCloud account–whether through a successful phishing attack or, as in the cited article, by stealing both your iPhone and your device passcode.

Other suggestions:
1. Regularly backup iPhones/iPads to a Mac or PC, which are then in turn backed up to other devices/media/services. (For example, I regularly backup my iPhone and iPad to my Mac Studio using iMazing, and those backups are then included in the backups of my Mac Studio.)

2. Regularly export copies of Apple Notes, Reminders, Calendars, Contacts, Voice Memos, Photos, Messages, and any other important data stored in iCloud and save that exported copy some place it can’t be accessed through a stolen iPhone or other stolen device. (I have a recurring reminder to export copies of each of those items.)

3. Backup your Mac (or PC) and other data using the familiar 3-2-1 backup method (at least 3 copies, on two different media (e.g., hard drive and cloud backup service), with at least 1 copy offsite.
An easy and relatively affordable way to do that is to use Carbon Copy Cloner to backup your Mac (including the iPhone/iPad backups and the iCloud exports stored on your Mac but outside of iCloud) to two separate external drives (with APFS encryption). Keep one at home and another at a different location (such as at a friend or family member’s house or at your office if you don’t work at home). Then set a regular schedule to update the backup on the backup drive at your house and switch it with the backup drive at the other location. The worst case scenario would be that someone burglarizes your home and steals your devices (including the backup drive you keep at home) and obtains or guesses your passwords. They would be able to do a lot of damage, but your offsite backup at your friend’s house would still be safe and you would only lose whatever data was added or modified since the last switch of your backup drives.

Obviously, more backups, including daily or realtime cloud backups, would provide additional protection. But it is important to make sure that someone who stole your iPhone and your iPhone passcode would not be able to use that information to get access to your backups stored in the cloud.

ddmiller · April 25, 2025, 6:45pm

Unfortunately, for some people there is no choice - all that they have is an iPhone. They just don’t have the luxury of being able to afford having multiple devices. (Albeit that’s probably not an issue for most people who read Tidbits.) So there needs to be a way to get data backed up from that device, or synced with a cloud service, but that minimizes the risk of losing everything if the device is lost and the passcode is guessed by a thief.

Stolen device protection, with a recovery contact for an emergency, is probably everyone’s best bet for this case.

How do you do this? With a shortcut? Or do you manually select each note and export to PDF?

Also, how would an iPhone-only user do this for Calendars, Contacts, Photos, Messages? I can see how to do this with Voice memos, but not for the others. (Imagine that someone is traveling somewhere and doesn’t have any other device but the phone.)

neil1 · April 25, 2025, 7:33pm

Notes Exporter on the Mac App Store…works great. Not sure if it exports encrypted Notes as I don’t use those as the encryption scheme is unknown. They get stored in 1Password.

Oops…replied to the wrong post. I was trying to reply to the post about backing up Notes but iOS Mail was smarter than me…and it isn’t even cocktail hour yet so I can’t blame that. (Or maybe I could because as an old Navy guy I know it’s always 5 o’clock somewhere.

MacDrew2000 · April 25, 2025, 8:05pm

That’s a good point. In the United States, roughly 5% of households don’t have a computer (as of 2024 census), and the number is certainly higher in other countries. I did not have people in those situations in mind. (The people in the cited news story–a sales executive and the owner of a tech consulting firm–certainly would have had the means to backup their iPhones and iCloud data to a computer.) As with most things in life, fewer resources means fewer options, and the options that do exist are less convenient. I wish Apple would make it easier to export copies of iCloud data.

For most people, iCloud Backup + Stolen Device Protection + Recovery Contact should provide okay protection. (Using an alphanumeric password instead of a PIN to unlock the iPhone would also make it harder for someone to see the password you enter to unlock it.)

Google Photos is a reasonably inexpensive way to backup photos/videos from an iPhone (although if someone steals an iPhone with Google Photos and Gmail installed, they may be able to reset the Google account password too). Someone could also use a combination of free cloud storage services to backup their data (e.g., free storage from Google, OneDrive, Dropbox, Box, Filen, etc.).

On my Mac, I use the Exporter app. It exports the Notes in markdown or HTML format and includes the photos and other attaches. It has worked well. It does NOT export notes that are Locked.

Someone who has only an iPhone or an iPad could also export the notes individually by using the Share Sheet and sharing with various apps or copying/pasting. A better option is to do the following to export the notes in .rtfd format (credit to @alkalinecarrot on Reddit for sharing this tip):

In Notes app (iPhone or iPad), tap the three dots in the upper righthand corner.
Tap Select Notes
Select your notes, in groups of 10-20 (I was only able to select a max of 17 at a time the last time I tested)
Touch and hold the selected notes for about 2 seconds, and then without letting go, move your finger around the screen in a circular motion. This “pulls” the notes away from the app and makes them stick to your finger. Don’t let go of your finger from the screen.
With a finger on the other hand, press the Home button or swipe up from the bottom and go into the Files app and select a folder where you would like to export the Notes.
Release your first finger to let go of your notes that you have been “carrying” this whole time, and it will drop them into the folder as separate .rtfd files.

There are apps that can be used to backup Calendars and Contacts, though many of them are not reputable. The Cardhop app (free) can be used to export Contacts as .vcf files (which could then be e-mailed or uploaded to any cloud storage service).

There are ways (not very convenient) to download a some iCloud data (including Calendars, Contacts, and Reminders–but NOT Messages) using the iCloud website. See: Archive or make copies of the information you store in iCloud - Apple Support and Get a copy of the data associated with your Apple Account - Apple Support

Someone who only has an iPhone or is traveling and only has an iPhone could download copies of their data from the iCloud website to their iPhone and then upload those exports to some other cloud storage service.

Unfortunately, I don’t know any way to export Messages without using a computer to backup/export the data from the iPhone or iPad (or using a Mac that has Messages in iCloud enabled).