Is data protection enabled by default on the mobile devices

Data protection is at three levels--the passcode lock which is the primary lock, backup encryption, and Find my iPhone lost mode.

At setup, the setup wizard makes it really hard but possible to NOT have a passcode lock but it can be done. The wizard prompts you to make a passcode and you have to click multiple times to insist if you don't want a passcode lock. Nearly all phones have a passcode lock. User data is accessible on the phone to anyone with the passcode.

At backup, iTunes will ask you to create a separate encryption passcode to decrypt your data. If you have ever created an encryption passcode, all data except pictures are not accessible from the backup. Pictures are considered media and are stored separately. To disable backup encryption once set up the encryption passcode is required.

All data is encrypted on the iPhone (since iPhone 4) by default and can't be stored unencrypted. The passcode lock passcode is required to get the phone to decrypt and present the data on the phone.

For lost phones, if you have previously set up the Find My iPhone feature and tied the device to your iCloud account with AppleID and AppleID password then you can set a missing phone to lost mode where it will erase itself once it connects to the internet.

One thing I would add concerns the password you set. With the current iphones you normally use your fingerprint to unlock the screen (you can register up to 5), and soon with the iPhone X it will be facial recognition. So, the best security is to also set a complex password instead of a simple 6 or 4 digit Passcode. Just remember it - store it in your Mac’s keychain or write it down and lock it away somewhere if you must.

Also, under password and security settings set the lock to apply immediately. That means the passcode/fingerprint/facial recognition lock applies immediately upon the screen going blank, not after a delay. And use the power button to manually lock your screen when not using the device and when you don’t want to wait for the screen blank timeout.

Also, keep regular up to date backups in iCloud (these are encrypted, and iCloud uses end to end encryption during data transfers) and/or iTunes. There is no recovering data from a damaged iOS device with secure enclave encryption.

You got a really good answer already. One minor correction to Jessa's excellent information is regarding Lost Mode. Lost mode does not erase the phone; it lets you set a passcode if the phone did not have one already, and lets you display a message on the home screen, where you can say something like "this phone is lost. If found, please call 555-555-1234" There is a separate step after you set Lost Mode to erase the phone. In general, you do not want to do this unless you have given up all hope of finding the phone, as it also disables the "find" capability of Find my iPhone.

The one thing you should never do unless you get the phone back is to remove it from your account. If you do Activation Lock will be turned off and the finder or thief will be able to activate and use the phone.

Michael Black wrote:

There is no recovering data from a damaged iOS device with secure enclave encryption.

Good post Michael. I will make a tiny edit since data recovery is in my wheelhouse. There is definitely no STEALING data from a damaged device with secure enclave encryption, but data recovery is absolutely possible in most cases when the user has the passcode. iPhones are surprisingly tough little buggers and they fail in signature ways---certain non-unique chips with high voltage tend to 'attract' water, certain caps tend to become wires to ground after drop etc. You're right that there is no path to data without making the phone natively boot again, but often times bad caps can be found and replaced, and the unique chips to the board that are part of secure enclave are heavily protected and usually unaffected themselves by water damage--so replacing the non-unique chips can bring back many phones from the dead. There is no feeling in the world better than being able to give a grieving mom kicking herself for not getting around to backing up the phone the gift of saying "it's recovered" This is one of my favorite joys in life, and the reason I stare down a microscope at these boards for 18 hours a day to find these patterns. I hope that make sense.

Yes, if the device is functional and they know their screen lock passcode, some data recovery may be possible. Why I said a damaged device.

Regardless, having a backup, up to date and ready to restore, makes any and all of that moot to begin with.

That is my pet crusade - to just get people to realize a backup can solve most of the posts ever made here. I bought my own first computer in 1984. Since then I have owned, ... well honestly I don’t know how many personal computing devices (its over 50, desktops, luggables, laptops, tablets, cell phones, smart phones), the majority of them Apple. I have never once lost data - not to a hurricane, power outages, water damage, loss or theft. But I always, always have backups of all my devicees data or at least that submit of it I care about.

My current MacBook Pro uses 3 redundant backups (Time Machine, and two CCC clones, one kept in a fire safe) and all my iOS devices are backed up daily to iCloud, and weekly (or more frequently) to iTunes. Photos are transferred to my Mac and backed up with it. Contacts are archived on my Mac and iCloud. Passwords, security question answers, notes, recovery codes and so forth are in my iCloud keychain and independently in mSecure (which is backed up to the Mac and its backups).

While that may sound complicated, it’s really not once set up and used routinely. And it’s a heck of a lot easier to deal with than scrabbling to recover data (usually a futile effort) from a damaged or dead device.

Do you have any Grandma friendly documents on how to set this up? I'd love to point to a good, practical, 'this is exactly how to avoid this in the future' to our data recovery customers. We recover data every day from dead and damaged devices---my all time favorite was an iPhone that had been in a plane crash, dropped from a mile out of the air to a mile deep in the ocean and sat there for 9 months. Being able to fix that horrifically damaged board to show the family that it seems the couple had died peacefully with no frantic not sent texts or desperate voice memos or notes, and to give them the beyond the grave gift of her last dancing with her grandchildren two weeks before the crash.

Along with backing things up is the importance of thinking about how to handle your digital information in your will---so many families just don't have the passcode of their loved one and are not able to guess it. Very sad.

The legacy aspect is a big issue and one people just are not conditioned to think about. When my Mom died, I had her iMac admin password as I’d set the machine up for her. So I was able to clone her hard drive and then erase the machine to give to her neighbor for her kids. And I had all my Mom’s online account passcodes as I had insisted she write them down for me and kept them locked up for her. So we could get into her bank accounts and cancel automatic payments, manage incoming payments from pensions, and pay her final bills and cancel accounts and automatic withdrawals and so forth.

Estate password planning goes way beyond just allowing access to photos or email or texts. It’s about ensuring your executor(s) have access to accounts to ensure your wishes can be carried out. These days, our financial lives, charitable lives, and so forth all live online, secured by passcodes. People need to plan so those who need access and who they wish to have access to all that have it when needed.

As far as iOS device backups, those are really very simple - https://support.apple.com/en-us/HT203977. Even when traveling, I’ve just used free hotel or cafe wifi to backup regularly. Or brought a laptop with me for a hard wir d backup to iTunes.

As is OS X - Use Time Machine to back up or restore your Mac - Apple Support and CCC is also very easy to setup and use to make a bootable clone - Mac Backup Software | Carbon Copy Cloner | Bombich Software

All of these, once set up, can be automatic and in the background. Windows I don’t know though. My only windows machine is my work Lenovo and our IT guys set up the cloud service backup for it. I’m by no means clueless using Windows, but I have not used it for personal machines in years so do not know what automatic backup options are available for it.

good to know, thanks. The lost mode thing is a bit out of my wheelhouse.