User profile for user: exigence
exigence Author
User level: Level 1
22 points

iPhone 4, hardware encryption, and "delete all settings and data"

I have an iPhone 4 which I will be getting rid of, and I would just like to confirm that my understanding of data removal on the iPhone 4 / iOS 4 is correct.


I was using a passcode for the phone, and I remember seeing "data protection is enabled" at the bottom of that screen. Prior to SIM card swapping, I hit "reset all settings and data" and let that run to completion, which now has me stuck at the iTunes activation screen on that phone.


My understanding is that when you're using a passcode (thus turning on data protection), tapping "reset all settings and data" deletes the key to the data which keeps the data encrypted on the phone, making it irrecoverable. I do remember seeing something something along those lines on an Apple support page, but my interest in encryption is way beyond my understanding of it.


I just want to make sure I'm not overlooking something as far as making sure that the data/settings/network settings/everything on the phone is long gone. Having come from phones which required zero-writes of flash memory and star/pound-codes to fully reset on CDMA networks, I'm not used to having just "securely" gotten rid of many gigabytes of data in three minutes.

Posted on May 7, 2011 7:08 PM

Reply
5 replies
User profile for user: modular747
modular747
User level: Level 6
19,674 points

May 8, 2011 9:01 AM in response to exigence

.

exigence wrote:


My understanding is that when you're using a passcode (thus turning on data protection), tapping "reset all settings and data" deletes the key to the data which keeps the data encrypted on the phone, making it irrecoverable. I do remember seeing something something along those lines on an Apple support page, but my interest in encryption is way beyond my understanding of it.


Correct. iPhone data is encrypted when using a passcode with iOS 4 - earlier iOS versions do not use the passcode as an encryption key. Note that the "simple" 4 digit passcode is less secure as an encryption key.


From the iPhone User Guide:


"Erase all content and settings: Connect iPhone to your computer or a power adapter. Choose General > Reset and tap “Erase All Content and Settings.”

This resets all settings, and erases all your information and media by removing the encryption key to the data (which is encrypted using 256-bit AES encryption)."


"Passcodes and Data Protection

You can set a passcode that you must enter each time you turn on or wake up iPhone.

Set a passcode: Choose Settings > General > Passcode Lock and enter a 4-digit passcode, then enter the passcode again to verify it. iPhone then requires you to enter the passcode to unlock it or to display the passcode lock settings.

Setting a passcode turns on data protection. Data protection uses your passcode as the key for encrypting mail messages and their attachments stored on iPhone. (Data protection may also be used by some apps available in the App Store.) A notice at the bottom of the Passcode Lock screen in Settings shows whether data protection is enabled.

To increase iPhone security, turn off Simple Passcode and use a longer passcode with a combination of numbers, letters, punctuation, and special characters. See “Passcode Lock” on page 195."

Reply
User profile for user: exigence
exigence Author
User level: Level 1
22 points

May 8, 2011 9:25 AM in response to modular747

Thanks for that. Now that you point it out, I do recall people talking about how "data protection" includes only mail and attachments, as is mentioned in the manual -- so if that's the case, what about SMS or anything else? Seems like a bit of an inconsistency from the first part stating that the encryption key seemingly applies to "all your information" as you'd expect.

Reply
User profile for user: modular747
modular747
User level: Level 6
19,674 points

May 8, 2011 9:43 AM in response to exigence

Yes, the User Guide is vague and inconsistent. There are actually 2 levels of encryption -hardware encryption covers ALL data on the phone, and "additional" encryption for email and attachments is enabled by the passcode data protection.


"Data protection enhances the built-in hardware encryption by protecting the hardware encryption keys with your passcode. This provides an additional layer of protection for your email messages and attachments. Third-party applications can use the data protection APIs in iOS 4 to further protect application data."

http://support.apple.com/kb/HT4175

Reply
User profile for user: exigence
exigence Author
User level: Level 1
22 points

May 8, 2011 10:17 AM in response to modular747

I see. So basically, even on an iPhone 4 not using a passcode, everything is hardware-encrypted as is -- meaning that a full reset of settings/data should wipe out the hardware keys, making everything irrecoverable regardless of data protection being enabled.


And, on an iPhone 4 which uses a passcode / data protection, has sensitive material on it, and has somehow fallen into the wrong hands without being wiped, its mail and attachments are protected from probing via computer because the passcode is standing in the way of what might otherwise be a recoverable hardware key. Though if that's the case, I don't quite the rationale in having data protection via passcode apply to only mail/messages -- so what about everything else?


Have I got all of this straight?


Thank you for clarifying.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

iPhone 4, hardware encryption, and "delete all settings and data"

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up