A Practical Guide To Networking and Security in iOS 8
A Practical Guide To Networking and Security in iOS 8
NETWORKING
AND SECURITY
IN iOS 8
By Glenn Fleishman
$15
Welcome
Welcome to A Practical Guide to Networking and Security in iOS 8,
version 1.0.0, published in February 2015 by Aperiodical LLC.
This book describes how to use your iPhone, iPod touch, or iPad with iOS 8
on Wi-Fi and cellular/mobile networks securely, making connections with
ease while protecting your data. It also covers Bluetooth networking, track-
ing an iOS device, Personal Hotspot, two-step verification with Apple ID,
using AirDrop and AirPlay, and solving connection problems.
Visit our updates page to check for new versions and re-download any of
the ebook files. Use the password nimbleskull. Sign up for our announce-
ment email list, and you’ll be notified about free updates to this edition of
the book, as well as receive a note and a discount coupon when we release
future editions covering newer versions of Apple’s operating system. We will
not sell, rent, or share your information. Find us on the Web at http://glennf.
com/guides.
This book was written by Glenn Fleishman, edited by Jeff Carlson, and
copyedited and proofread by Scout Festa. The cover illustration is by
Christa Mrgan. (This is an update of a book originally published by Take
Control Publishing, and edited by Tonya Engst and Michael Cohen.)
If you have the ebook edition and want to share it with a friend, we ask that you do so
as you would with a physical book: “lend” it for a quick look, but ask your friend to
buy a copy for careful reading or reference. Aperiodical is a tiny independent publishing
company — just Glenn! (A print edition of this book can be ordered at the above link.)
1
Introduction
Networking should be simple, and security should be automatic. And money
should grow on trees. Despite how intuitive it is to pick up and use an iOS
device, requiring little thought as to how it connects to a cellular or Wi-Fi
network, it becomes quite complex as soon as you drill down to any details.
This is especially true when connectivity fails,and you try to troubleshoot.
The book is divided into two major sections, one on networking and one on
security, though there is, of course, overlap.
2
TABLE OF CONTENTS
NETWORKING
Connect to a Wi-Fi Network. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Join a Network. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Managing Wi-Fi Connections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Drill Down to Network Details. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Turn Wi-Fi Off. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Capture the Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Auto-Join and Auto-Login the Next Time . . . . . . . . . . . . . . . . . . . . . . 14
Wi-Fi Troubleshooting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Can’t See Wi-Fi Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
No Wi-Fi Signal Strength in the Indicator. . . . . . . . . . . . . . . . . . . . . . 17
Too Many Wi-Fi Networks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Correct Password Not Accepted . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
No Internet Service after Connecting. . . . . . . . . . . . . . . . . . . . . . . . . . 19
Check a Web Page with Safari. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Check or Ask about the Base Station. . . . . . . . . . . . . . . . . . . . . . . . 20
Check IP Address Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Make a Mobile Hotspot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Turn On Personal Hotspot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Turn On in iOS 8. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Turn On via Another Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
You Can’t Always Use Cell Data while Talking. . . . . . . . . . . . . . . . . 25
Set a Wi-Fi Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Name Your Wi-Fi Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Consider Turning Off Certain Radios. . . . . . . . . . . . . . . . . . . . . . . . 29
Connect to Personal Hotspot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Access via Wi-Fi. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Tether with USB in Mac OS X . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
3
Choose to Use Cellular Data or Wi-Fi. . . . . . . . . . . . . . . . . . . . . . . . . . 42
Which Network Are You On? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Select Which Service to Use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Manage Cell Data Usage. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Keep Usage Restrained. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Tracking Cellular Usage on an iPhone. . . . . . . . . . . . . . . . . . . . . . . 45
Check Cellular Usage an an iPad . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Turn Cellular Data On Only When You Need It . . . . . . . . . . . . . . . . 48
Limit Your Activities on the Cell Network. . . . . . . . . . . . . . . . . . . . 50
Airplane Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
What’s Airplane Mode? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Turning Radios Off Separately. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Set Up Bluetooth. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Bluetooth Basics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Pairing Any Device. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Hands-Free Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Audio Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Exchange Files with AirDrop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Configure AirDrop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Share with AirDrop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Share from Yosemite. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Receive a File in iOS 8. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Receive a File in Yosemite. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Stream Music and Video via AirPlay. . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Select AirPlay Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Ways to Use AirPlay. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Configure AirPlay for an AirPort Express. . . . . . . . . . . . . . . . . . . . . 71
Configure an Apple TV for Audio and Video. . . . . . . . . . . . . . . . . . . 72
Send Audio with Airfoil. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Mirror an iOS Screen. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
4
S EC U R I T Y
Connect to a Secure Wi-Fi Network. . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Connect to a Small Network. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
What’s Behind Simple Wireless Security. . . . . . . . . . . . . . . . . . . . . 77
Security on a Base Station. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Connect to a Corporate or Academic Network. . . . . . . . . . . . . . . . . . . 78
Outdated Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Viewing an Apple Base Station’s Stored Passwords . . . . . . . . . . . . . . 80
Use Two-Step Verification. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Dancing a Two Step. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Turn On Two-Step Verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Log In with Two-Step Verification. . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Logins at Other Sites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Recovering Account Factors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Lost Your Password. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Lost One, but Not All, of Your Trusted Devices . . . . . . . . . . . . . . . . 89
Lost Your Recovery Key. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Transfer Data Securely. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Protect Particular Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Umbrella Protection with a VPN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Find a VPN Service and Install an App. . . . . . . . . . . . . . . . . . . . . . . 93
Configure a VPN Manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Make a VPN Connection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Protect Your Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Set a Passcode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Use Touch ID. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
When Your Device Goes Missing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Find My iPhone (and Other Devices) . . . . . . . . . . . . . . . . . . . . . . . . . 107
How It Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
Enable Find My iPhone. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
View Your Device’s Location. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
Take Remote Action . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
5
NETWORKING
It’s true that an iOS device can be used without a live network connec-
tion, but its natural state is always hooked up. In the first part of the book,
you’ll learn how to work with the three types of iOS wireless communica-
tion—Wi-Fi, cellular, and Bluetooth—for general connectivity, with personal
hotspots, for audio/video streaming, and for file transfer.
6
Connect to a Wi-Fi
Network
Wi-Fi works quite simply in iOS, but there’s a lot of hidden detail. In this
chapter, you’ll learn how to interpret the Wi-Fi settings view, manipulate
custom network settings, and troubleshoot common problems.
Join a Network
Open the Settings app and tap Wi-Fi to view nearby networks. Tap a net-
work name to join it.
The first time you tap a network name to connect, your device joins
the network immediately unless encryption is enabled on the network.
In that case, you are prompted for a password; once you’ve entered the
password and tapped the Join button, you join the network.
Note: For more on connecting with a password or other methods, see Connect to a
Secure Wi-Fi Network in the Security section of the book.
Tip: Are you tired of your device popping up a list of nearby Wi-Fi networks while
you’re trying to do something else? Turn off Ask to Join Networks, described a couple
of pages ahead.
Once your iOS device joins a network, the network name and any associ-
ated login information is added to an internal network list. Unlike in Mac
OS X and Windows, you can’t examine this list and remove entries. The
device uses this list to re-join a network when it is in range.
7
Tip: You can remove a stored network’s entry only when you’re connected to it.
See Forget This Network.
The Wi-Fi view always has three elements, with an optional fourth:
■■Wi-Fi switch: Tap this switch to disable and enable the Wi-Fi radio.
■■Choose a Network: In this area, you may see a list of networks. Each en-
try in the list has three or four elements:
8
▸▸ Network name: A network uses this name to advertise itself to Wi-Fi
adapters that are looking to make a connection. The network name is
also called the SSID (Service Set Identifier) in some of the geekier base
station configuration tools.
▸▸ Lock icon: A lock may appear, indicating that there’s some form of
protection on the network.
▸▸ Signal-strength indicator: One, two, or all three radio waves in the
indicator are black (starting at the bottom) to show the strength of the
signal being received by the device.
▸▸ Information: Tapping the info button—carefully, because it’s
a small target—reveals technical details about the network, as well as
an option to forget the network. For more about these details, see Drill
Down to Network Details, a few pages ahead.
■■Set Up an AirPort Base Station: This option appears only if your device
detects a nearby unconfigured Apple-branded base station. (I talk more
about that in Take Control of Your Apple Wi-Fi Network, a guide to wireless
networking with Apple base stations and hardware, published by Take
Control Books.)
■■Ask to Join Networks: With this switch, you can choose whether to be
alerted about nearby networks to which the device hasn’t previously con-
nected.
Tip: If Ask to Join Networks is off, you won’t be alerted about new networks nearby
when a known network isn’t available. However, the Choose a Network list always
shows all named networks around you.
9
The resulting view has the network name at its top and three or four
configuration areas, depending on the network (Figure 2). Let’s look at
each in turn.
Figure 2: You can view or set network connection values. (Top of view at left; bottom
at right.)
Auto-Join/Auto-Login
As described in Auto-Join and Auto-Login the Next Time, these options
appear only for hotspot networks for which the device has retrieved cer-
tain settings that allow it to make an automatic Web-based login behind
the scenes.
10
IP Address
The IP Address section covers TCP/IP values used for the Internet’s ad-
dressing and routing system, divided vertically into sections. You start
with three kinds of standard network connection methods, which you
can see as the DHCP, BootP, and Static buttons near the top of Figure 2,
above. Tap a button to display the related choices underneath. You should
almost never need to change these values. DHCP (Dynamic Host Configu-
ration Protocol) is the most common method of obtaining an address.
DHCP lets your mobile gear request a network address from a router on
the network, and then use it to interact on the local network and beyond.
When your device uses DHCP to get an address on the local network, you
can’t change the IP Address, Subnet Mask, or Router fields, as those val-
ues are provided by the DHCP server on the router.
11
Tip: Unfortunately, you can’t set DNS globally for iOS—you can set it only for individual
network connections. It may not be worth the effort to set it for connections you use
infrequently, but it’s worthwhile for a network that you use often, such as your home
Wi-Fi connection.
For certain network configurations that you will never have to enter for a
public Wi-Fi network, you may need to tap the Static option and enter
settings for IP address, subnet mask, router, and DNS. Those values
would be provided by a system administrator or an ISP. Likewise, BootP
is almost never used anymore, but remains for backward compatibility.
HTTP Proxy
This option, located at the bottom of the detail view, is typically used
only in companies and schools. It redirects Web requests that you make
to the Internet at large to a local server that handles them indirectly. It
also allows the use of a caching proxy, in which recent pages retrieved by
anyone in an organization are fed to you from this server instead of from
the remote Web site. This reduces bandwidth consumption.
12
battery life, turn off Wi-Fi by tapping Settings > Wi-Fi and then setting
the Wi-Fi switch to Off. (See Airplane Mode for more details.)
You’ll find these types of networks in public places such as cafés, librar-
ies, and airports. After you connect to the network, which appears as
open and unprotected, you’re required to launch a browser and view a
hotspot connection page (also called a captive portal) before you can use
the Internet.
Normally, to reach the captive portal, you must try to visit any Web site
in a browser, and have your browser be redirected by the network to the
login page. Instead, iOS (and Mac OS X since Lion) does a test that de-
tects such redirections whenever you connect to a Wi-Fi network.
Immediately after your iOS device joins a Wi-Fi network, it tries to con-
nect to Apple’s Web site. If it doesn’t get through, it assumes that it has
reached a captive portal. Then, the next time anything happens on the
device that requires Internet access (like Mail retrieving messages), iOS
displays a special screen that shows the portal’s Web page as if it were in
the Safari browser.
The hotspot network’s captive-portal page will typically ask that you do
one of the following (rarely more than one):
■■Read a set of terms and conditions for use and tap an Agree button; enter
an email address and tap an Agree button; or check a box that says “I
agree” and tap a Submit button.
■■Require that you register an account to use the network at no cost. With
an account, you can log in and use the network.
■■Require that you either pay for a connection to the network using a credit
card, or enter login information for an active account on the network or
an active account of a roaming partner.
13
After you carry out any of those actions, iOS should close the special
screen and Wi-Fi service should be available. These pages are still often
absurdly not customized for mobile devices, and the type and buttons are
tiny. You’ll need to pinch to zoom in almost all of the time.
14
access. This can lead to problems if that information is no longer valid or
if the device doesn’t present it correctly.
In my testing, iOS often shows the same screen for login again without
automatically filling it, especially if there’s an Agree button to tap in or-
der to avoid you agreeing to terms that might have changed.
You can disable joining and logging in to the network again in this
fashion by turning off Auto-Join or Auto-Login for the connection, an
option that is available only when you are connected to the Wi-Fi net-
work, even if you haven’t logged in or proceeded past the connection Web
page (Figure 3).
Figure 3: When you connect via a portal to a hotspot, the detail page provides
additional options.
15
Time-Limited Hotspot Access
Some hotspots limit your use to a specific period of time. This might be implicit, using your
unique network adaptor’s ID—its MAC (Media Access Control) address—or another bit of
tracking information based on when you first accepted a network’s terms of services.
Some locations with hotspots give you a network code to enter at a portal page, which
grants you access for a fixed amount of time. In those cases, you should turn Auto-Login off;
otherwise, the next time you connect, it may attempt to enter a one-time use code that’s ex-
pired, and it may be difficult to connect properly with a new code.
16
Wi-Fi Troubleshooting
While Wi-Fi generally works well, you may at times be unable to get a live
network connection. Here is troubleshooting advice for common cases.
■■Swipe from the bottom to reveal the Control Center (or launch Settings)
to be sure that Wi-Fi isn’t turned off. This has happened to me more
times than I’d like to admit.
■■It’s possible that you are out of range. Move the device closer to where
you know (or think) a base station is located. Although every iOS device
sports an excellent Wi-Fi radio, Wi-Fi reception can be blocked by thick
obstructions, such as solid stone and brick walls, or by walls made of
chicken wire covered by plaster.
Note: It’s also possible that the base station, not your handheld, is in trouble. And I
have seen the Wi-Fi radio in an iOS device fail intermittently or completely, requiring
that the device be entirely replaced.
17
Try connecting again. If that fails, restart your device: Press the Sleep/
Wake button until you see a red slider for powering down. Slide it, wait
until the spinning indicator disappears and the screen goes entirely
black, and then hold down the button again for a few seconds. An Apple
icon appears and the device starts up.
1. Launch Settings.
2. Tap Wi-Fi.
3. Slide down until you can tap the Other button (Figure 4).
Figure 4: The Other Network option lets you enter a network name and optional
password from scratch.
18
Tip: If you don’t know the kind of network security on the network you’re trying to
join and you have a Mac nearby, hold down the Option key and select the Wi-Fi menu,
then hover over the network name. A small popup displays the security type.
■■Check whether you were given the password with correct capitalization,
which counts in Wi-Fi passwords as in others.
■■Spaces can be part of WPA2 passphrases, but are often hard to indicate if
someone has written down the password. Confirm you’re not missing a
space.
■■If you are redirected to a login page, follow the instructions. You may
need to pay for access, or you may have connected to a network that re-
quires a password; consult Capture the Page for more information.
19
Remember to forget: Because you’ve connected successfully to the Wi-Fi
network, even though you haven’t been granted access to the Internet, you
need to remove the network from the list of those you’ve previously joined
or you’ll have this problem every time you’re in range. Tap Settings >
Wi-Fi, tap the info button beside the network name, and then tap Forget
This Network. Confirm.
In some cases, a base station can continue to provide service to users who
are already connected, but not properly allow new users to connect. Some
have limits, as low as five or 10 connected devices, and that limit may
only rarely be hit.
If the IP address starts with 169, then iOS wasn’t able to obtain an ad-
dress from the network. The 169 address range is self-assigned, meaning
the device gave itself an address that can’t be used on the network, and
stopped checking.
20
Here are several ideas for fixing the IP address:
■■Tap Renew Lease; this causes iOS to ask again for a network address. If
successful, the IP address will change from a number starting with 169 to
an address starting with another range, typically 192.168 or 10.
■■In the main Wi-Fi view, tap the Wi-Fi switch to Off, wait a moment, and
tap it back to On. Tap the network name’s info button to see if the ad-
dress is now assigned.
■■If you’re at an event or a hotspot venue, ask the network’s operator, the
front desk, or whomever. The router may have crashed. (You can look
around and see if other people look frustrated, too.)
■■Restart the device. Press the Sleep/Wake button until a red slider appears.
Slide to power off. Wait until the spinning indicator disappears and the
screen turns black. Hold the button down again for a few seconds. An
Apple icon appears, and the device starts up.
21
Make a Mobile Hotspot
Every iPhone and every “Wi-Fi + Cellular” iPad has, in addition to a Wi-Fi
radio, a built-in data modem that lets the device access high-speed mobile
data networks. The logical question in the iPhone’s early years was: why
can’t we use that same modem with our laptops (or other devices) when
we’re traveling instead of having to buy a separate cellular modem or router
and pay a separate monthly service fee?
Fortunately, Apple followed the suit of other smartphone makers and added
Personal Hotspot, which lets you use your phone or tablet as a conduit to
the mobile Internet. While the name implies a Wi-Fi hotspot connection,
which is one component of it, you may also use Bluetooth or USB with
desktop computers and other devices to extend access. All three methods
may even be used simultaneously.
In America, the four largest carriers all include mobile hotspot use in their
current plans, and count bandwidth consumed just as they do any other
data used by an iPhone or iPad.
Which models? In previous releases, some models that could install the
latest iOS version couldn’t use every Personal Hotspot feature. But every
iPhone model and Wi-Fi + Cellular iPad model that can use iOS 8 can use
every option.
22
Note: In this chapter, I talk about a mobile hotspot or Personal Hotspot to refer to
all the features, but I use the term tethering when the discussion is specifically about
Bluetooth or USB.
Whenever you use these methods, the device that turns on the Personal
Hotspot then automatically connects to it.
Turn On in iOS 8
Enable it in Settings > Cellular Data (iPad) or Settings > Cellular (iPhone).
Tap Personal Hotspot to open the Personal Hotspot screen. Now you can
switch the hotspot on and set a Wi-Fi password. The screen is also full of
connection information (Figure 5).
After the first time you tap On, Personal Hotspot appears as an option on
the Settings app’s left pane (iPad) or main screen (iPhone) so you can ac-
cess it quickly.
23
Figure 5: The Personal Hotspot view lets you turn access on or off as well as set a
Wi-Fi password.
Figure 6: Instant Hotspot puts an iOS device into your Wi-Fi menu in OS X.
24
On another iOS device, launch Settings, tap Wi-Fi, and choose the device
in the Personal Hotspots list (Figure 7).
Even if you’re not planning to connect, you can see the battery life,
signal strength, and connection strength of your iOS device as a compact
set of graphics in the menu or list.
25
Digital cell technology is divided up into second-, third-, and
fourth-generation (2G, 3G, and 4G) standards, plus some interim ones
like EDGE (2.5G) and 3G+ (often called 4G). 2G was the first to carry dig-
ital voice, and all forms of it allow either data (at dial-up modem speeds)
or voice, but not both at once.
The 3G standard that GSM network operators picked could carry voice
and pure data at once, but Sprint and Verizon opted for a flavor of net-
work that would carry data only over 3G. Some non-Apple CDMA phones
have two radios, to allow a 2G voice call and a 3G data connection at the
same time.
■■Verizon, Sprint, and most CDMA networks: Data use, including Personal
Hotspot, is immediately suspended.
■■AT&T, T-Mobile, and GSM networks: Data use continues, but is shunted
to a 3G, 3G+, or pre-LTE 4G network.
If you don’t answer a call or when you hang up, data use returns to the
highest-speed available network.
26
■■Carrier must have deployed. This sounds obvious, but it’s hard to sort
out. AT&T has deployed part of its VoLTE footprint and plans to finish
in 2015. Verizon and T-Mobile have upgraded their LTE networks
completely. Sprint plans to wait for a future carrier interoperable version
of VoLTE.
If you meet these requirements—and the moon is half full and it’s a
Tuesday—receiving a call or placing one will happen over VoLTE, vand
your Personal Hotspot or other data use will continue at full LTE speeds.
Note: Alongside VoLTE, carriers have been rolling out HD Voice, a higher-quality com-
pression algorithm for voice calls. It sounds more like a Skype-to-Skype or FaceTime
Audio call than a cellular call. Most VoLTE rollouts are happening alongside HD Voice,
which also doesn’t work across different carrier networks. Sprint is rolling out HD
Voice alone.
You can’t decide not to use a password at all, but you may choose to
compose your own. You have to pick one that’s eight characters or more,
although you can make that 12345678 if you must. Tap to enter your own
password.
For this kind of connection, where it’s not a base station in a fixed lo-
cation that someone might try to access, I suggest thinking of an eight-
or nine-letter word and adding two punctuation marks to the end, like
emorable?%.
m
27
Extra Security with Personal Hotspot
Using USB, Bluetooth, or Wi-Fi to connect to a hotspot device provides a strong layer of
security around your connection, which is reassuring if you’re at a location like a coffee
shop, where the network may not be well secured. USB is a physical connection and can’t be
monitored. Bluetooth has its own strong automatic security. Apple’s required use of WPA2
Personal for Wi-Fi ensures protection there, too. (See Connect to a Small Network.)
Although the backhaul to the mobile broadband network isn’t impregnable, it does require
either a dedicated effort to crack your particular communication or a wiretap at the carrier to
intercept data. Personal Hotspot lets you secure the local link at a location where you would
otherwise use Wi-Fi but where I would recommend using a VPN (virtual private network) to
prevent interception by those around you.
Figure 8: The Wi-Fi network name (left) is identical to the name of your device, which
you can see in iTunes (right) or in Settings.
To change the name, visit Settings > General > About > Name and enter
a new name. Or, with the device connected to iTunes via either USB or
28
Wi-Fi, click the device’s icon in the top bar in iTunes, then click its name
to select it, which highlights the name. Type a new name, and click again
or press Return.
You need to turn Personal Hotspot off and back on for the new name
to be broadcast.
To turn off Bluetooth, tap Settings > Bluetooth and slide the switch
to Off. To disable Wi-Fi, tap Settings > Wi-Fi and slide the switch to Off.
With either or both Bluetooth and Wi-Fi turned off, the Personal Hotspot
feature pops up a warning when it’s switched on (Figure 9).
Figure 9: If any networking type used with Personal Hotspot is off, iOS prompts to
turn it on.
29
You can also change the Personal Hotspot Wi-Fi password to prevent
devices that previously connected from gaining access again (see Set a
Wi-Fi Password, slightly earlier).
■■Wi-Fi: Any Wi-Fi–equipped device can connect just as if the iOS device
were a wireless router. Up to five devices can connect via Wi-Fi. (Verizon
and Sprint used to limit this to three, but that appears to be lifted.)
■■USB: Plugging your computer into your iPhone or iPad gives you a high-
speed data connection that you know works as long as the cable isn’t
bad. The downside? Being literally tethered.
■■Bluetooth: This method requires more steps to make a connection ini-
tially, but it gives you cable-free flexibility. Most Bluetooth-equipped
devices can connect through this method, including iPhones, iPod
touches, and iPads. No more than three devices may connect via Blue-
tooth at the same time.
Tip: Wi-Fi can use more battery power than Bluetooth, so you might opt for Bluetooth
tethering. However, the data rate isn’t stellar: Bluetooth 4.0, found on the iPhone 4S
and later and on the 3rd-generation or later iPad, has a raw data rate of 3 Mbps for
continuous connections, and an effective throughput of 2.1 Mbps. That’s far below
GSM 3G/4G rates and well below LTE rates.
30
Figure 10: A banner lets you know whenever your device is acting as a cellular modem
for a computer via USB, Wi-Fi, or Bluetooth.
Note: Windows computers, Android phones, and other devices can also connect via
Wi-Fi; many devices can also connect via Bluetooth; and Windows at least can also
tether via USB. The process is identical on those platforms to hooking into a Wi-Fi,
Bluetooth, or USB shared network, and it neither needs special software nor displays
any special indicators as in iOS and Mac OS X.
Figure 11: The Lock screen also shows whether the hotspot is active, with a tiny
superscript numeral revealing how many clients are connected.
31
Access via Wi-Fi
Using Wi-Fi to connect to a Personal Hotspot is the easiest case because
no special setup is required. You use whatever method you normally
employ to connect to a Wi-Fi network from the device, and I provide di-
rections for several common operating systems just ahead. The name of
your iOS device is the name of the Personal Hotspot network.
32
Figure 13: In iOS 8.0 and earlier, the Personal Hotspot’s network name appears in
the Wi-Fi menu’s networks list.
33
You’re now connected. Your Mac will stay connected as long as the Per-
sonal Hotspot feature is active. The next time you turn on the Personal
Hotspot, your Mac will reconnect if you stored the password and if your
Mac isn’t already associated with a Wi-Fi network.
34
Figure 15: Look for the chain icon or in the Personal Hotspots section.
2. Choose the network from the list. Personal Hotspot networks are shown
with a special chain icon in iOS 4.3 and later.
3. Enter the password when prompted.
You are now connected. The chain icon appears at the left of the iOS
status bar instead of the normal Wi-Fi icon.
Automatic reconnection
As long as the password is stored for the iOS network and isn’t changed,
your iOS device will reconnect automatically whenever it’s in range and
the Personal Hotspot Wi-Fi connection is active. To stop using the mobile
hotspot right away, choose another network from the list or turn off the
Wi-Fi adapter.
35
You can also block all existing connections from client devices by chang-
ing the Wi-Fi password on the Personal Hotspot screen. This will also
prevent devices with a stored password from reconnecting automatically
or manually until you provide the changed password.
Mac OS X automatically activates a tethered link and turns that red dot
green.
Not active? If you’re not seeing this, you may need to launch iTunes the
first time you tether. iTunes doesn’t seem to have anything to do with USB
tethering except initial activation.
To halt the active USB tethering connection, disconnect the USB cable.
Alternatively, you can disable the iOS adapter profile. In the Network
system preference pane in Mac OS X, select the iPhone USB or iPad USB
adapter, and then from the gear pop-up menu, choose Make Service
Inactive. Click Apply in the lower-right corner.
36
Once you’re sure it’s enabled, you can make a Bluetooth connection from
Mac OS X or iOS, as I describe next.
Bluetooth uses less power than Wi-Fi, almost nothing in standby mode,
so a Bluetooth connection could allow both an iOS device and a paired
piece of hardware to work longer without AC power.
Note: I cover Bluetooth in more detail in Set Up Bluetooth if you’d like to learn more.
3. A pop-up dialog appears with a 6-digit code. On the iOS device, a similar
confirmation dialog pops up (Figure 18).
37
Figure 18: The Mac and iOS device both display the same code.
6. In the adapters list at left, you’ll notice a new Bluetooth PAN entry; PAN
stands for Personal Area Network, and it’s the kind of network that Blue-
tooth creates. Your device should be selected in the Device pop-up menu
(Figure 20). Click Connect.
7. On the Mac, you’ll see the Status label set to Connected (Figure 20), and
if the Bluetooth system menu icon is showing, it will have dots bisect-
ing it horizontally. On your hotspot device, the Internet tethering banner
will appear.
To disconnect Bluetooth tethering, you can do any of the following:
■■In the Network preference pane, with Bluetooth PAN selected in the
adapters list, click the Disconnect button.
38
Figure 20: The Network preference pane lets you manage the connection over USB.
■■On your hotspot device, in Settings > Personal Hotspot, tap the Personal
Hotspot switch to Off.
■■Turn off Bluetooth networking. In iOS, tap Settings > Bluetooth; on the
Mac, look in the Bluetooth system preference pane or the Bluetooth
menu on the menu bar.
39
Figure 21: The Personal Hotspot appears in the Devices list; here, it’s “Executive
Privilege.”
To disconnect from the Personal Hotspot, you can do either of the fol-
lowing:
40
You might want to discard a stored Bluetooth pairing from the Devices
list if, for instance, you’re using a friend’s device or you don’t want
someone else using your iOS device with the paired connection. To re-
move the pairing, tap the info button next to the device name and
then tap Forget This Device.
Figure 23: You can share your Wi-Fi connection via the Bluetooth PAN to iOS devices.
If you don’t see Bluetooth PAN in the To Computers Using list, open the Network preference
pane. Click the plus button at the bottom of the adapters list, and choose Bluetooth PAN
from the Interface pop-up menu. Click Create, then click Apply. When you return to the
Internet Sharing option in the Sharing preference pane, the Bluetooth PAN will be there.
41
Choose to Use Cellular
Data or Wi-Fi
There are plenty of good reasons to pay attention to whether a cellular iOS
device is accessing the Internet via a Wi-Fi network or mobile broadband.
You may need greater bandwidth than the cellular network can provide, be
budgeting data on a low-bandwidth plan, or be away from your home car-
rier territory and want to keep usage low.
Whatever the reason, you can determine which network you’re on and set
the type of network to which your device connects.
42
Table 1: Deciphering Indicator Icons
E Connected via EDGE, a 2.5G standard (GSM Roughly 200 Kbps downstream
only). (all GSM iOS devices); 40–50 Kbps
upstream
GPRS Connected via 2G using either GPRS (GSM) or Roughly 40–50 Kbps.
1xRTT (CDMA).
43
To enable or disable cellular service:
■■To use a cellular connection solely and avoid Wi-Fi, perhaps to keep a
continuous VPN connection or for security reasons, either:
▸▸ Swipe up to show the Control Center and tap the Wi-Fi icon to disable
it.
▸▸ Tap Settings > Wi-Fi, and then set the Wi-Fi switch to Off.
Avoid a flaky Wi-Fi network: If a Wi-Fi network is acting flaky, you can
avoid the problem by switching off Wi-Fi. Or, use the method noted in
Forget This Network to forget the network.
■■To rely only on Wi-Fi, accepting that you may have times during which
you have no Internet connectivity, tap Settings > Cellular Data (iPad) or
Settings > Cellular (iPhone), and then set Cellular Data to Off. (In the
case of an iPad, this disables all features related to using the mobile net-
work; however, for an iPhone, voice calling, voicemail, and messaging
remain available.)
WARNING! There’s one odd situation to look out for. When you’re using
ersonal Hotspot, you can connect from an iOS device to a Wi-Fi network
P
while also sharing via Bluetooth or USB to a computer. However, while the
iOS device connects to the Wi-Fi network, the shared Internet connection
is still pulling from cellular data, even though your iPhone or iPad shows a
Wi-Fi icon.
44
Manage Cell Data Usage
When Apple introduced the iPhone, it also managed to get AT&T and then
other carriers to offer unlimited data plans in the United States and in a few
other countries. That didn’t last, especially as networks became congested
with heavy data use.
There are still millions of people grandfathered into old plans that allow un-
limited data use, but most of us—and all new users and network switchers—
are either on plans that have a fixed amount of data included in each billing
period and then charge fees for overages, or on plans that allow “unlimited”
usage, but after a certain amount of data is consumed, the connection is
throttled from Mbps to Kbps for the remainder of the billing period.
I’m on a family plan with AT&T that allows 10 GB of use per month among all
our cellular-enabled devices, and then charges $15 per additional gigabyte.
After many months on this plan, we haven’t exceeded our allocation.
45
■■It’s not guaranteed to be accurate. Your carrier’s records are definitive
(Figure 24). In practice, it’s pretty close.
■■It isn’t aligned with your billing period. Rather, it’s a total of all data
consumed since the last time you tapped Reset Statistics at the very bot-
tom of the Cellular or Cellular Data view.
Figure 24: AT&T’s online data statement is the only one you can rely on for billing.
You can, of course, visit your carrier’s Web site and get usage informa-
tion that’s typically accurate to within 24 hours, sometimes much less.
46
Figure 25: Tap Reset Statistics to zero out your current cellular data numbers.
Figure 26: You can discover Personal Hotspot’s portion of overall cellular data
consumed.
47
Figure 27: A Wi-Fi + Cellular iPad only shows information via Settings > Cellular
Data > View Account, and only for the current billing plan period.
■■To turn off data only, in Settings > Cellular Data (iPad) or Settings >
Cellular (iPhone), set the Cellular Data switch to Off (Figure 28). This
disables the data link only. On an iPad, that’s the entire link to a mobile
broadband network; for an iPhone, you can still place and receive voice
calls and send and receive SMS/MMS text messages.
48
Figure 28: The Cellular Data switch lets you turn all mobile broadband access on or off.
Data Roaming affects use outside your home service area.
■■To shut off the entire cellular connection, set Airplane Mode to On in the
upper left of the main Settings screen, or tap the Airplane Mode button
in the Control Center. Airplane Mode turns off all radios, not just cellular.
See Use Airplane Mode for details. It also dramatically extends your bat-
tery life in most cases.
You can also control other cellular data parameters:
■■Setting Enable LTE to Off will eliminate use of 4G LTE networks and
rely on slower 2G and 3G networks. This is useful when LTE networks
near you are spotty and you’re having trouble staying connected as your
device swaps back and forth between 2G/3G and 4G LTE. This can also
reduce battery consumption in some cases.
■■In some markets, the Enable LTE option may read Voice & Data, and let
you pick 2G, 3G, or LTE as network options.
■■Data Roaming can ensure that you don’t consume cell bytes while you’re
outside the home area for your carrier. In some cases, you might have
limits; in others, you might be charged. For instance, Sprint and Verizon
allow roaming across their networks in areas they don’t serve, but limit
use to no more than 300 MB per month.
49
Limit Your Activities on the Cell Network
Unless you are connected with Wi-Fi, limit your Internet-related
activities to those that don’t use much data, such as checking email
or viewing Web pages.
Various items in Settings let you limit whether cellular data can be used
for an app or activity, including:
Figure 29: Opt out of cell data for certain iPhone apps.
■■In the Safari settings, you can disable syncing the reading list, which is
relatively low bandwidth depending on how you use it.
■■In iCloud > iCloud Drive, swipe to the bottom and you can disable syncing
all items in the list over cellular.
■■In iTunes & App Store, you can choose whether or not to use cellular data
for automatic downloads (four different options for things you’ve pur-
chased and updates), iTunes Match, and iTunes Radio.
50
■■You can also enable or disable cellular use via settings within certain
apps. For instance, the podcast app Overcast has a cellular data switch
in its Downloads area to let you grab a specific episode or download any
available episode via cellular whenever it’s available (Figure 30).
More generally, you should avoid using or disable the cellular use in
Settings for:
Note: The Maps app used to consume lots of data because Apple loaded image data
from Google to power its software, even after Google switched to offering vector data
for plain maps. Vector data uses scale-independent points and arcs and straight lines
between them to represent maps, using vastly less data. Apple’s own Maps app and the
revised Google Maps app both use vector data. In looking at heavy usage of Google
Maps for a three-month period, my iPhone shows only 94 MB of data consumed over
cellular.
Note: Your cellular iOS device will warn you if you start running out of data or start to
near your current plan limit during a billing cycle.
51
Airplane Mode
Before you’re flying so high with some guy in the sky, you need to disable
radio communications on your mobile device. The Airplane Mode switch
makes this simple.
Until recently, the FAA enforced a kind of commercial urban myth: that the
cellular radios in cell phones as well as personal electronics could cause
interference with the avionics (electronic flight systems) on commercial air-
craft.
This was out of an abundance of caution even years after it was clearly
proven that there was no such risk—and after it was shown that cell phones
are routinely left on, or even used, in flight without any adverse effects.
The latest flight rules in the U.S. allow the use of handheld personal elec-
tronics below 10,000 feet, even though laptops and other large devices
are supposed to be stowed so they don’t become projectiles. (1,000-page
books are still OK, bizarrely.)
Cellular radios remain banned, and one ostensibly isn’t supposed to use
Bluetooth at all, and should not turn on Wi-Fi unless in a plane equipped
with Wi-Fi service.
52
Saves battery life, too: If you don’t need to use any of the radios for net-
work access, peripherals, or location, Airplane Mode is an effective way to
extend battery life, too.
When you turn on Airplane Mode in the Settings app, iOS turns off four
separate radio systems on an iPhone or cellular iPad: cellular, GPS, Wi-Fi,
and Bluetooth. On a Wi-Fi–only iPad or any iPod touch, Wi-Fi and Blue-
tooth are disabled.
Sleep doesn’t disable radios or activity: When you push the Sleep/
Wake button on the top or side of your iOS device to put it to sleep, you
might think the entire device is suspended. But this standby mode is pretty
active. Certain background operations continue, and a cellular iPad and any
iPhone can receive email and other updates via push over a cellular data
connection. iOS also maintains Wi-Fi connections on a minimal continuous
level. Sleep is more like lightly daydreaming for an iOS device.
When you turn Airplane Mode back to Off after leaving a plane, all your
previous settings for access are flipped back on.
Tip: Airplane Mode can also help avoid international charges, because when an iP-
hone has its radios off, it cannot receive calls. Also, you can neither inadvertently place
a call nor use data. Unfortunately, because the mode turns off GPS with no separate
way to re-enable positioning, you lose the ability to use navigation software that has
built-in maps.
53
Turning Radios Off Separately
You can choose to separately turn off both radios in a Wi-Fi–only iPad or
any iPod touch and three of the four radios in an iPhone or cellular iPad
without engaging Airplane Mode:
■■Wi-Fi: Swipe up to reveal the Control Center and tap the Wi-Fi icon; or,
in Settings, tap Wi-Fi, and set Wi-Fi to Off.
■■Bluetooth: Swipe up to reveal the Control Center and tap the Bluetooth
icon; or, in Settings, tap Bluetooth, and set Bluetooth to Off.
■■GPS: Tap Settings > Privacy > Location Services, and set Location Services
to Off.
Is GPS really off? GPS is a receive-only system; with Location Services off,
ostensibly, the GPS receiver isn’t powered up and attempting to find data,
so it’s “off” in that sense.
WARNING! Disabling Location Services prevents iOS from using GPS, Wi-Fi,
and cell-tower based information to provide location data to apps and the
operating system.
There is no way to disable the cellular radio separate from Airplane Mode,
however. You can opt to disable various cellular modes, as discussed in
Manage Cell Data Usage.
54
Set Up Bluetooth
Bluetooth wireless networking lets you connect peripherals like
battery-powered headphones, earpieces, headsets, and keyboards to
an iOS device for listening to music and entering text.
Read this chapter to learn how to set up and manage Bluetooth devices.
Bluetooth Basics
The Bluetooth SIG, a trade group, certifies devices as Bluetooth compliant
for particular profiles, which include things like text entry, stereo audio,
file transfer, and modem access. Apple’s iOS devices work with any de-
vice that meets the Bluetooth spec for several profiles, including audio,
peer-to-peer transfer, and external keyboards.
Bluetooth is handled from the Bluetooth view (Settings > Bluetooth). This
view lets you turn Bluetooth on and off and displays a list of Bluetooth
55
peripherals under My Devices and Other Devices. The My Devices list
shows any devices that have been previously attached to the device and
the current status of such devices. The Other Devices list displays any
discoverable devices within range.
56
Figure 31: An unpaired device (my MacBook Air) is discovered.
▸▸ Show a Pair button: In some cases, you don’t need to type a pairing
code, but you get a dialog like the one in Figure 32 on each device.
Compare the code, and tap Pair on each to confirm.
Figure 32: iOS devices and Macs just ask you to confirm.
57
▸▸ Show a field in which you enter a code: The code will either be provided
by the other device or—in the case of a peripheral without a way to
choose or display characters—noted in its manual. It’s typically 0000.
▸▸ Display a code that you enter on the other device: Your iOS device
generates a PIN (called a “passkey” here) to be entered in the pairing
device.
The paired device is now shown as Connected in the list.
iOS shows a Connected label for paired devices that are turned on
and available, and Not Connected for those that aren’t in range or are
turned off (Figure 33).
Figure 33: The MacBook Air is paired and connected; the iPad is paired but not
connected.
Tip: To remove a pairing, select the peripheral in the Devices list, tap the info but-
ton, and then tap Forget This Device.
58
After re-enabling Bluetooth on the iPhone, I turned the keyboard off and then back on to see
which device it associated with. The Mac grabbed it first. From the Mac’s system menu bar, I
opened the Bluetooth menu and chose Disconnect from the keyboard’s submenu.
Then, on the iPhone, in the Bluetooth settings, I tapped the keyboard’s item in the My
Devices list, and the iPhone associated with the keyboard. This is a little tedious, I know, but
it’s manageable if you want to use the keyboard with multiple devices.
WARNING! If you walk away from a Bluetooth keyboard while it’s still on, it
can maintain a connection over a long distance. I was mystified as to why
I couldn’t get an onscreen keyboard to appear on my iPad when two rooms
away from an Apple Wireless Keyboard until I recalled I hadn’t turned it off.
Hands-Free Profile
The Hands-Free Profile in Bluetooth lets you have audio conversations
using the mic and headphones (or speakers) on a variety of devices, such
as over-the-ear or in-ear headsets. You pair a device just as described in
Pairing Any Device, earlier.
On an iPhone, you can answer incoming calls by tapping the answer but-
ton on the headset. When you place a call, the last chosen mic/headphone
is used, but you can pick from the available options, even as the call is
underway, by tapping the Audio button. In the example in Figure 34, I
could choose among the headphones/headset combo I have from Sony,
the iPhone’s earpiece/mic, or the speakerphone option on the iPhone.
Figure 34: When placing a call, you can choose a Bluetooth device.
59
Picking an audio source also works to let you use a headset for other pro-
grams, such as Skype or FaceTime, that don’t require a cellular network
or an iPhone.
Full support: Apple has supported this profile in all iPhones, in the iPad
since the iPad 2, in all iPad minis, and in the iPod touch starting in its 4th
generation model.
Audio Devices
iOS supports two of the three common audio playback profiles for Blue-
tooth: one for stereo audio playback, and another that allows remote
control (pause, play, and stop).
Note: The technical names for these two profiles—useful if you’re examining the spec
of Bluetooth gear to buy—are the Advanced Audio Distribution Profile (A2DP) and the
Audio/Video Remote Control Profile (AVRCP).
Once you’ve paired stereo headphones, you can use them just as
you would headphones plugged into any iOS device. You can tap the start,
stop, and other controls in an app playing back audio, or, if your Blue-
tooth headphones or headset has these controls, you can handle those
options remotely.
Tap the icon to pick an audio destination, which includes the device itself
(to use its built-in speakers), one or more active Bluetooth headphones,
and any Apple TVs or AirPlay speakers connected to your network
(Figure 35).
Only one output source may be selected from the list at a time. Tap a
device to choose it. Audio continues to play throughout and seamlessly
switches whenever you tap.
60
Figure 35: Tap the AirPlay button in the audio playback controls to choose among
available audio output destinations.
You can stop using Bluetooth headphones with one of three methods:
61
Exchange Files with
AirDrop
AirDrop was introduced in Mac OS X 10.7 Lion to let you trade files, URLs,
contact cards, and a few other kinds of things among Macs on the same
Wi-Fi network. It was later added to iOS 7, but the iOS version only worked
with other iOS devices!
Finally, with iOS 8 and Mac OS X 10.10 Yosemite, Apple upgraded to allow
both intra- and inter-platform AirDrop support.
Configure AirDrop
AirDrop is one of the simplest pieces of iOS technology. There’s only one
set of choices to make (Figure 36).
62
▸▸ Everyone lets anyone on the local network see that you’re available to
receive files.
Figure 36: The Control Center is where you set AirDrop access.
Figure 37: You can pick how AirDrop advertises itself on a network.
To share over AirDrop, tap the Share icon and then select the user. The
recipient will either automatically receive or tap or click to accept or re-
ject the file, as described below.
63
Figure 38: The Share sheet shows all available AirDrop users.
When a file or other item is accepted or received, the label Sent appears
on the icon for the person to whom you transmitted the item (Figure 39).
64
Figure 39: The Sent label appears to confirm delivery.
65
Receive a File in iOS 8
In iOS, you are always prompted whether to accept the AirDrop transfer
(Figure 42), whether or not the same iCloud account is logged in to on
the sending device.
■■Image files are added to your Photos collection, the Photos app is
launched, and the image is opened.
■■URLs are opened in Safari.
■■Other files are opened by the appropriate app, or an Open In pop-up/
pop-over menu appears from which you can select the appropriate app.
66
■■Same iCloud account: The file, URL, or other item is received automati-
cally. If it’s a URL, the Web page is opened. A small notification appears
and a punctuated chime sounds (Figure 43).
Figure 43: OS X automatically accepts files from iOS devices signed in to the same
iCloud account. Progress is shown as a colored circle that fills the avatar’s circumference.
■■Any other user: The recipient is asked to Save, Decline, or Save and Open
a file (Figure 44).
Figure 44: In this case, shown on the sender’s computer, the recipient declined the file.
67
Stream Music and Video
via AirPlay
Apple’s AirPlay technology lets you stream audio and video from Apple
equipment to a variety of other hardware, including stereo receivers,
computers, the Apple TV, the AirPort Express base station, and more.
What’s just as good is that Apple licenses the specification so that other
companies can extend AirPlay to be more useful. In this chapter, you’ll learn
how to set up AirPlay, but also how to use it more broadly than with Apple’s
software and hardware.
Every iOS device that can install iOS 8 can use AirPlay.
68
▸▸ Bluetooth-capable audio devices are shown with an audio Bluetooth
icon.
▸▸ Other audio-capable devices are shown with a stereo speaker icon.
▸▸ Video-capable devices are shown with a TV icon.
4. Tap Done.
Within individual apps, like the Overcast podcast player, you might have
the option to select an AirPlay device as well. The same options appear,
only in the form of a sheet with the option to select an item or tap Cancel
(Figure 46).
69
Figure 46: The pop-up menu in an app shows Cancel rather than Done.
Your iOS device retains media control, so you can use volume up/down
buttons and onscreen controls such as pause and rewind.
With that out of the way, let’s look into uses of AirPlay.
70
Configure AirPlay for an AirPort Express
Apple’s own hardware lets you stream AirPlay. In fact, in its original
form as AirTunes, it worked only with the AirPort Express. The AirPort
Express oddly remains the only Wi-Fi base station with streaming audio
support; the Apple TV offers both audio and video output.
An AirPort Express has a combined analog/digital audio port. You can use
any standard 1/8-inch stereo plug, or a special digital fiber optic con
nection that has Toslink (an audio standard) on one end and a special
compatible 1/8-inch plug on the other.
Figure 47: AirPort Utility in OS X allows AirPlay configuration for an AirPort Express.
71
Configure an Apple TV for Audio and Video
Bring up your Apple TV’s display on a TV set and use either its dedicated
remote or the Remote app for iOS. Navigate to Settings and then select
AirPlay (Figure 48). You can now:
Figure 48: Apple TV lets you set AirPlay’s name and whether security is active.
72
Second is Airfoil Touch for iOS (free), which acts as a remote control for
Airfoil for Mac or Windows, and lets you stream audio using a proprietary
protocol from Airfoil to your iOS device.
Figure 49: Airfoil lets you stream audio from any app or the system to one or more
AirPlay or proprietary Airfoil destinations.
Note: Airfoil can stream to any AirPlay device, including Airfoil Speakers for Mac OS X
and Windows. It can also stream to Airfoil Touch for iOS and Airfoil Speakers for An-
droid and Linux, which use its proprietary standard and don’t appear as AirPlay devices.
73
Being able to stream your full iOS experience is useful for demonstrations
and for recording movies of what you’re doing to show other people later.
Tip: You can also record or show your iOS 8 screen in Yosemite using QuickTime
Player without invoking AirPlay. With an iOS device connected to your computer via
USB, launch QuickTime Player and then select File > New Screen Recording. From
the wee tiny downward-facing arrow, select the iOS device. The window now shows
an active preview of your mobile device, and you can then click the big red button to
record. This feature also works inside ScreenFlow ($99), a screencast capture and edit
program, to let you bring in iOS “video” directly.
74
SECURITY
Security encompasses many forms: How do you deal with a device being
stolen? How do you protect its contents when it’s out of your control? How
do you prevent people from snooping on your network sessions? In this half
of the book, you’ll get answers that will make you feel better when using a
device in all situations.
75
Connect to a Secure
Wi-Fi Network
Most home networks are now secured, and nearly all businesses networks
employ some way of keeping outsiders out. Connecting to these secured
networks is often as easy as entering a password, but not always. This
chapter helps you handle any difficult security situations that you might
encounter.
Also, if you’re setting up Wi-Fi security for a network, this chapter discusses
what sort of security to set up and how users with iOS devices will connect
to it.
Wi-Fi security divides into three main types: methods used for small net-
works, methods for large ones, and outdated methods that still exist but
that you should avoid.
Note: Cellular networks have their own security methods, which are partly based on
the Subscriber Identity Module (SIM) for GSM networks and on a unique set of identifi-
ers for CDMA networks.
76
Connect to a Small Network
Nearly all home and small-office networks that have wireless security
enabled require the entry of a short password or passphrase. Enter the
password when prompted, tap Join, and, if entered correctly, you’re done.
The password is stored for the next time you’re near the same network,
and it’s automatically supplied by iOS 8. If you don’t want to join the
network automatically the next time you’re nearby, or don’t want to
store the password on your device, launch Settings, tap Wi-Fi, tap the
info button next to the network, and tap Forget This Network. (This
only works while you’re connected to the network, however.)
WPA2 comes in two forms: personal and enterprise. (I talk about enter-
prise just after this section.) The personal part refers to protecting the
network with a password—sometimes called a passphrase since it can
comprise multiple words. It can be up to 63 characters long and include
punctuation, letters, and numbers. The passphrase is run through math-
ematical churns to produce something stronger.
77
A base station’s administrator sets the passphrase and then provides it to
anyone who needs to connect to the network. If you’ve set up the net-
work yourself, you’re the person who picks the passphrase.
You should consider enabling only WPA2, even if there’s a choice for
mixed old-style WPA and new WPA2 encryption, unless some hardware
that needs to use the network is too old for WPA2, such as a pre-2003
Apple iBook.
78
Username and password login
In the simplest setup, you must enter a username and a password pro-
vided by the network administrator or IT department to connect your de-
vice to a WPA2 Enterprise network. Often, these are the same credentials
you use for file service, email, and other network resource access, such
as your email mailbox name (the part to the left of the @) or full address
(user@domain.com) for that network.
WARNING! Some networks may have policies that limit these sorts of logins
to specific days and times, among other parameters. That’s rare outside of
high-security corporate networks, though.
Certificate-based login
Some networks rely on digital certificates to handle logins. A digital cer-
tificate combines an encryption key with information that helps to val-
idate the identity and integrity of that key. That is, the certificate lets a
system make sure that the key hasn’t been tampered with, and that it
was created by the party that the certificate says created it. Digital cer-
tificates are used to provide a verified identity for server software, like a
mail server, or for an individual.
79
Outdated Methods
Wired Equivalent Privacy (WEP) was the first Wi-Fi security method,
born in the same standard that unleashed Wi-Fi on the world (as 802.11b
in 1999). But the standard had severe security compromises that were
exploited by white hats (researchers who try to find flaws to fix them)
and black hats (thieves, villains, and exploiters) alike.
Apple has slowly phased out the ability to use WEP from iOS, in OS X, and
in its base stations. It’s unlikely you’d only be able to connect to a base
station via WEP, although iOS devices can technically work with WEP.
Plain WPA (not WPA2) replaced WEP, allowing hardware made as long
ago as 1999 to upgrade one step, and some base stations are configured
to handle older WPA and newer WPA2 at the same time.
In iOS
1. Launch AirPort Utility. (It’s a free app, if you don’t already have it in-
stalled.)
2. Tap the base station in the graphical view.
3. If this is the first time you’ve used the app, or you opted on a previous
use to not save the password and it’s been a few minutes since the last
80
time you entered it, the Enter Password link appears. Tap it, enter the
password, and then tap OK.
4. Tap the Edit button and then go to Advanced > Show Passwords. The
Show Passwords view displays the network password at top and then the
base station password (which you had to know to get this far).
Note: If you tap the network password, the WPA Pre-Shared Key is revealed. Wait…
the what?. It’s the full underlying hexadecimal encryption key that your passphrase is
converted into. I’ve never, ever had to enter this 64-character string into anything, but
there’s always a first time.
In Mac OS X
1. Launch AirPort Utility (found in Applications/Utilities).
2. Select your base station and click Edit.
An edit dialog appears in the main window.
3. From the Base Station menu, choose Show Passwords.
4. From the dialog that appears, write down or copy the text for the WPA
Password (Figure 50).
Figure 50: The Equivalent Network Passwords dialog gives you the hex key value of a
text network key.
Now that you have the password, you can enter it on your iOS device in
order to join the Wi-Fi network. Email or text the password to your iOS
devices so you can copy it and then paste it instead of retyping it.
81
Use Two-Step
Verification
Apple’s two-step verification for iCloud lets you secure your account with
a password plus something extra that you have under your control. In this
chapter, you learn how to set up two-step verification, how to secure your
extra pieces against discovery or loss, and how to reset an account.
The way around this is to use what Apple calls two-step verification, also
known generically as two-factor authentication (2FA for short). A factor
is a bit of proof that you are who you say you are. Requiring two factors
of different sorts makes it more likely that you’re the legitimate owner of
an account or have authorized access for a service.
82
In Apple’s implementation, when you enable two-step verification, you
keep your existing password on your Apple ID, and add a phone number
that can receive SMS (text) messages, and one or more trusted iOS de-
vices. It also generates a 14-character Recovery Key that you must keep
secret and secure.
WARNING! Once two-step verification is enabled you must have two of three
elements to access your account: the password, a trusted or SMS device, and
the Recovery Key. If you lose or lose access to two of those three things, your
account is unrecoverable forever. You have to create a new Apple ID, and
you lose access to purchases, unsynced items, backups, and the like.
Wait for up to three days: At this stage, Apple may choose to have you
wait up to three days, especially if a password or other element of your ac-
count was changed. They will send you an email telling you to wait, and
then another email telling you that you can proceed. Return to Step 1 and
continue through below.
83
8. Set up an SMS device. Apple requires at least one SMS-receiving phone
number per two-factor account, and that number may only be used once
across all Apple IDs.
a. Enter the SMS phone number.
b. On the receiving device, you receive a text with a four-digit code.
c. Enter the code on Apple’s site.
9. Set up trusted devices, which are iOS devices associated with this account
(and only this account).
a. Select a device and click Verify.
b. On the device, you receive a code. (You have to unlock the device to
view the code, if it’s locked.)
c. Enter the code on Apple’s site.
10. Click Continue.
11. Apple generates your Recovery Key. Print this out and keep it somewhere
secure that you can find later. In fact, you may want to keep copies in
multiple secure places.
Note: I store mine in a password vault protected with a strong, unique password as an
extra backup stage. No one with access to my computer can decrypt the vault without
its password, which makes it both less risky (I have access everywhere) and more risky
(someone could conceivably figure out my password).
WARNING! If you lose this Recovery Key you’re sunk if someone attempts to
hijack your account and Apple performs a security lock. When a security lock
is in place, your password is deleted, and the account can only be unlocked
and a new password set with the Recovery Key and a trusted device.
84
Log In with Two-Step Verification
Two-step verification presents itself in different ways in different
places. In practice, it typically manifests itself as entering a password
and then being asked which trusted device you want to receive the con-
firmation code.
Let’s walk through logging in to the Apple ID site, as that uses all the
pieces and allows direct recovery if you’ve lost one.
Figure 51: Pick a trusted device. The phone number’s last two digits are obscured here.
5. On your trusted device, you’ll receive the four-digit code in one of two
ways, depending on whether it’s an iOS device (named in the Verify Your
Identity list) with Find My iPhone active, or an SMS device (shown as
Phone Number Ending In):
▸▸ An alert message with the code (Figure 52). If your device is locked, the
code isn’t shown on a lock screen; you have to unlock the device to see
the code (Figure 53).
▸▸ An SMS message with the code.
85
Figure 52: The code appears as a modal notification that is delivered via Find My
iPhone.
Note: If you click Unable to Receive Messages on Any of Your Devices, you’re
prompted to enter your Recovery Key (Figure 54). Entering the key correctly then lets
you link new trusted devices.
86
Figure 54: Entering the Recovery Key at this stage lets you link new trusted devices.
WARNING! An SMS code can be seen on the lock screen of an iOS device
unless you’ve disabled notifications on the lock screen.
6. Enter the code at the Web site and click Continue (Figure 55).
Figure 55: Apple lets you enter the code. Clicking Send a New Code generates and
transmits a new one.
87
Logins at Other Sites
Because calendaring (over CalDAV) and email can be used with non-
Apple software, you can generate special app-specific passwords for
discrete purposes via the Apple ID site.
WARNING! As noted earlier, lose two of your three factors and you’re sunk
forever. Apple secures your account information in such a way that it can’t
recover it—for you, a government agent, or anyone.
88
Lost Your Password
Visit the iForgot site (https://iforgot.apple.com/) and Apple will prompt
you for your Apple ID, request your Recovery Key, and confirm via a
trusted device. Then you can set a new password.
WARNING! I’d heavily suggest adding new devices before removing old ones
to avoid being locked out of your account if something goes wrong before
you’ve tested the new setup.
89
Figure 56: The Apple ID site maintains the list of trusted devices and lets you add and
remove them.
90
Transfer Data Securely
The data that travels to and from your iOS device isn’t secure even when
you’re connected to a Wi-Fi network with a strong password. Any data you
send that’s not encrypted could be sniffed by anyone else on that network.
The same is true for any point between you and your data’s destination or
wherever you’re running an active session, whether you’re using a protected
Wi-Fi network, an open one, or a cellular data connection: any party in be-
tween, for unencrypted services, can see exactly what you’re doing.
But you can avoid this problem with secure services or a comprehensive
solution called a virtual private network. I explain both in this chapter.
Why Encrypt?
When the previous edition of this book came out a few years ago, it was still necessary to
explain the value of security and encryption. After dozens of corporate breaches, network
attacks, and the disclosures of government snooping around the world (in democracies and
dictatorships alike), the value is clear.
Encrypting our data in transit enables us to make decisions about how our data is being used
and who sees it, preventing criminals, relatives, and government agencies from overstepping
our rights.
91
■■Always use SSL/TLS email connections. There’s no good reason not to
employ SSL/TLS (Secure Sockets Layer/Transport Layer Security). If your
mail host doesn’t provide secured email for your incoming email (POP or
IMAP; almost always IMAP in iOS) and for your outgoing email (SMTP),
find a new host. Without security, email programs may send passwords
in the clear or with weak encryption, and likely send all data in the clear.
iOS will always attempt to configure your mail settings securely.
■■Secure access to Web sites. You can usually make a secure connection to a
Web site.
▸▸ Most Web sites, including social networks like Facebook and Twitter,
have switched from using plain-text http connections to secured SSL/
TLS or https connections. You log in securely (which is true on almost
all sites), but then remain securely connected at all times.
▸▸ If you’re not sure, look in the security settings for a Web site where it
notes something like “Always use https” or “Always use secure con-
nection” and check that box. (A login is almost always secure, so your
account name and password is rarely at risk.)
▸▸ For other Web sites, try to always use the secured flavor by typing in or
bookmarking https instead of http as the start of the URL. Many sites
offer SSL/TLS sessions as an option reachable just by entering the URL
in this fashion.
■■Transfer files securely. When making an FTP connection, use only a
secured alternative to plain FTP, such as the SSH-based SFTP or one
of several SSL/TLS-protected methods. FTP programs otherwise send
passwords and data in the clear. Transmit for iOS is the app of choice for
secure file transfer ($9.99).
Tip: On a Mac, enable Remote Login and File Sharing in the Sharing preference pane
to allow SFTP over a local network or via the remote Back to My Mac service.
Note: Most services with iOS apps that transfer data, such as Dropbox, CrashPlan,
Facebook, and Twitter, secure the connection using SSL/TLS or something better.
92
Umbrella Protection with a VPN
A virtual private network connection is a nifty way to prevent any sniff-
ing of your local network hookup. A VPN encrypts all the data coming
and going from a device, such as an iPad or iPhone, creating an encrypted
tunnel that extends between the device and a VPN server somewhere else
on the Internet, traversing with protection any local network and hubs as
well as every node on the Internet between the two points.
For corporations, VPNs can extend the aegis of corporate security to re-
mote devices. For individuals, that’s less the case. With a company, the
VPN server is within the corporate network and any data leaving that
server is protected by company firewalls and intrusion prevention.
But if you’re using a VPN just to protect your local link (the connection
between your device and the hotspot), data remains encrypted only un-
til it hits the VPN server, usually located in a data center. From that data
center to its destination, data is unprotected (unless wrapped in an en-
crypted method, like SSL/TLS on the Web, describe earlier), but that’s
typically just fine. The main locus of risk is the local link.
And because major Internet sites—like Google, Apple, and the rest—have
distributed sets of computers and even private links to big data centers,
the hop from the VPN server to the destination network may be within
the same building or close by.
Before you can set up a device, however, you need to find a VPN service.
93
There are many such services to choose among, some of which offer apps
and some of which require manual or partly manual configuration. I’ve
had experience with two that I can recommend because:
■■I’ve had personal experience with them, and tested them. (You can read a
Macworld column of mine about how we trust companies.)
■■They offer an app, which is the simplest way to configure and connect in
iOS. (They both offer Mac OS X apps, too.)
■■They let you subscribe using a single subscription that works across all
your iOS devices or across iOS and Mac OS X hardware you own.
■■Their software is elegant and works well.
■■They offer a “transporter” option that lets you terminate in another
country, which allows viewing media or accessing resources that other-
wise require being physically present in that country.
Note: I used to recommend VPN-for-hire services that typically required manual con-
figuration. Now, I’d prefer to recommend app-based services, as they require less fuss
without any greater cost.
After installing the app, you have to accept an iOS profile that encapsu-
lates all the VPN configuration details (Figure 57). This is nice because
94
you don’t need to deal with the fiddly bits described in the manual setup
section below. And if the profile needs to be updated because the ser-
vice’s details change, they can push a fresh one through their update,
rather than asking you to reconfigure by hand.
Figure 57: The VPN apps prompt you to install a profile, which includes all the
configuration details for their services.
To install a profile:
1. Launch the app, which will detect that no profile is available and request
to install it (Figure 58). (In Cloak, there’s a round-trip via Safari to its
Web site to generate an appropriately tailored profile.)
2. Enter your passcode when prompted.
3. Read the Warning screen that explains what the profile will be able to do,
and then Tap Install.
4. Tap the red Install button.
5. Tap Done, and you’re returned to the app.
Tip: If you ever have trouble connecting with the app, try deleting the profile from Set-
tings > General > Profiles and then launching the app, which will walk you through the
steps above again.
95
Figure 58: TunnelBear needs your permission to dig a den in your device.
After installing a profile, you can use the Settings > VPN view to start or
end a connection. A label will appear in the status whenever the
connection is active. You can find more information about these options
in the next section, Make a VPN Connection.
Figure 59: Cloak uses the Settings > VPN section for connections (left). TunnelBear can
be managed there, or via its app. Rowr.
96
Both services can also initiate a VPN connection “on demand,” too, when
you reach out to the Internet (and both can disable it during idle times).
Opt in via either app’s configuration options.
Cloak also lets you pick trusted Wi-Fi networks to bypass enabling a
VPN, and opt to automatically connect on all others.
Note: Whenever you make changes to Cloak’s settings, it will note in the app that “set-
tings are out of sync.” Tap that message, then tap Sync Settings Now. Cloak connects
via Safari to produce a newly updated profile, which you’re prompted to install.
97
service in question and back. It can also bypass content-distribution net-
works (CDNs), which push media to you with the fewest possible Internet
hops.
Netflix and other services that you can pay for, but are limited to the U.S.
or a few countries, are another matter. They rely on licensing agreements
that restrict access. However, Netflix alone reportedly has many millions
of customers outside its service area who use a U.S. registered credit card
and VPN access.
Eventually, all national licensing barriers will have to fall because of such
absurdities, but consult your internal ethical compass.
As a result, plans may seem expensive, but they’re typically priced very
reasonably relative to both the value and the hard costs the company has
to pay to keep its software and security up to date.
The deciding factor between these two services might be your particular
number of devices, data usage, and interest in—or fear of—bears.
98
Cloak
Cloak sells time-limited passes as iOS in-app purchases, and passes and
recurring subscriptions from its Web site. Every account may be used
with an unlimited number of devices by a single person across iOS and
Mac OS X.
The fees range from $3.99 for a week to $99.99 per year for non-recur-
ring passes, all with unlimited data. A monthly subscription costs $2.99
with 5 GB of data included; unlimited monthly and yearly plans are $9.99
and $99.99, respectively.
TunnelBear
TunnelBear has a slightly different approach. In iOS, you can purchase
non-recurring passes that work only in iOS, not across platforms, for
from $2.99 (one month) to $29.99 (one year) with unlimited data.
Via the Web site, you can sign up for a free plan that includes 500 MB
per month, or for unlimited data across up to three devices for $4.99 per
month (recurring) or $49.99 per year (either recurring or for a single
year).
Note: Two VPN types that use SSL/TLS, one by Cisco and one by Juniper, are also
available (https://support.apple.com/en-us/HT201533). However, to use either of
these types, you must have your devices managed by an IT administrator who uses
software from Apple called Apple Configurator.
99
Almost any server operating system that offers VPN software at all can
support one of these protocols, including Mac OS X Server and Microsoft
Windows Server.
1. Launch the Settings app, and tap General > VPN. (If you’ve configured a
VPN before, it may show up in the top level of Settings.)
2. Tap Add VPN Configuration. The Add Configuration view appears
(Figure 61).
Figure 61: Enter the details provided by a for-hire service or a network administrator.
100
3. In the Add Configuration view, fill in the settings:
▸▸ Pick L2TP, PPTP, or IPsec, as appropriate. The choice here affects
which options appear below the header.
▸▸ The description appears in the VPN view after you create the configura-
tion; enter something short and expository.
▸▸ Server, Account, and Password tells iOS which Internet host to connect
to using which credentials.
▸▸ RSA SecurID (L2TP and PPTP) should always be off unless your em-
ployer provided you with a physical key fob.
▸▸ Secret (L2TP and IPsec) is a shared bit of text that’s used as an extra
level of security.
▸▸ Use Certificate (IPsec only) is enabled when you have a stored certifi-
cate to validate your identity.
▸▸ Group Name (IPsec only) is set if a network administrator provides a
group.
▸▸ Encryption Level (PPTP only) is typically left set to Auto.
▸▸ Send All Traffic (L2TP and PPTP) is typically left on. If it is off, you can
filter which traffic is not encrypted and which is.
▸▸ A Proxy option can be ignored unless you’ve been told otherwise.
4. Tap Save.
You now have a configuration profile that you can use.
101
■■A indicator appears in the status bar.
■■A Status entry appears in the Settings app’s main view that reads Con-
nected.
WARNING! VPNs are typically disrupted when you move between networks.
If this happens to you, flip the VPN switch to Off and back to On to reset the
connection.
To check the status of your VPN connection, tap the info button to the
right of the currently active VPN configuration profile in Settings > VPN
(Figure 62). The Server IP Address field provides a clue to the facility at
which your VPN terminates. You can also switch on or off Connect On
Demand in this view.
Figure 62: Connection details reveal a little more information about where the VPN
terminates.
102
Protect Your Device
Now that you know how to keep your data from being intercepted in transit,
how can you prevent your stored data—on an iOS device—from being rifled
if your device is out of your control?
Apple has two robust ways to secure a device: with a passcode and, for
newer hardware, with a fingerprint-recognition system called Touch ID.
All devices that support iOS 8 include robust hardware encryption. When a
device is on and locked, its data is inaccessible until a passcode is entered
or Touch ID accepted, which unlocks the encryption keys needed to read
stored information.
WARNING: If you lose the passcode and Touch ID isn’t available (such as af-
ter a reboot), your data is lost forever.
Set a Passcode
Your best single protection against anyone unauthorized having access
to data is enabling the passcode lock. This allows you to set a four-digit
code required to wake and gain access to the device.
103
You can also enable the passcode lock remotely if you have an active
iCloud account and Find My iPhone enabled on the device. See When Your
Device Goes Missing, ahead.
Tip: Is four digits not good enough for you? Turn off Simple Passcode. Then you can
enter anything you can tap on the full iOS keyboard. If you use Touch ID, you may
need to enter your passcode so seldom that you could create a long entry, which re-
duces the potential that someone could, through brute force, recover your passcode.
■■Immediately means you’re asked for the passcode any time the device
wakes up. You can put your handheld to sleep manually, of course, by
pressing the Sleep/Wake switch, but you can also set it to sleep automat-
ically, with the Settings > General > Auto-Lock.
■■Longer intervals let the device be unlocked without a passcode for up to
the time duration you’ve chosen from the list.
Figure 63: Choose the duration between when you’re asked again for your passcode.
104
You can also set which services are available when your device is locked
in this view, which is a good way to prevent leakage of information, such
as appointments, being able to present barcodes for scanning at stores or
an airport, or using Messages to reply.
Use Touch ID
Apple’s Touch ID lets you turn to your fingertips to secure your device.
Touch ID lets you train several later models of iPhone and iPad to recog-
nize up to five fingerprints. It can be used not only to unlock your phone,
but to use Apple Pay (on supported devices) and make iTunes/App store
purchases as well.
Note: Your results may vary. With the iPhone 5s—the first device to offer Touch ID—iOS
seemed to “forget” one of my thumbs after a while, but the other was fine. After an iOS
7 update, it got better. With an iPhone 6, I rarely have any trouble with recognition.
Tip: Touch ID in iOS 8 can be used to authenticate third-party software. 1Password and
Authy are two apps I use that allow Touch ID for unlocking.
You select which of the Touch ID associations you want in Settings >
Touch ID & Passcode, and then tap Add a Fingerprint. iOS guides you
through enrolling a fingerprint. When it’s finished, it names the entry
Finger plus a number. As this isn’t descriptive, tap that entry, then name
it with something you remember. In that way, if iOS “forgets” your fin-
gerprint, you can delete the appropriate entry and retrain it.
105
Even with Touch ID enabled for all tasks, you will still be prompted to
enter the passcode in a number of circumstances:
When using Touch ID, it’s important to remember that while it increases
the relative security of your data while improving the speed and simplic-
ity of use, you also open yourself up to your device being unlocked via
coercion. If someone—a government agent, criminal, abusive spouse, or
other party—can force your finger onto the sensor, they can gain access
to at least some of your information.
106
When Your Device
Goes Missing
Your mobile device is a desirable item for thieves. It’s compact, it has a high
retained value, and there’s a huge market for used models.
Without freaking you out about theft, I want to tell you how you can protect
your data when your device has disappeared, make it impossible for a thief
to use your device, and find your device if it’s stolen or lost.
You can find the last reported position of any iPod touch, iPhone, iPad,
or Mac by enabling the feature, which requires an iCloud account. You
can also play a sound on the device, lock the device with a new four-digit
passcode while displaying a message, or delete all its data!
Finding a device’s current location and taking a remote action can be ac-
complished via the iCloud Web site or the free Find My iPhone app.
One name for clarity: For simplicity’s sake in the text ahead, I’m calling
the service Find My iPhone.
With Family Sharing turned on, anyone in the family group can see
where an iOS device is, unless the owner has disabled letting that per-
107
son or anyone see his or her current location. With that user’s password,
all Find My iPhone features are available through other Family Sharing
members’ accounts.
Note: There are third-party tools available in iOS that track an iOS device, too, using
the background location tracking feature added a few iOS versions ago. Most involve
a subscription fee. The advantage to these apps is that some can be set to take photos
of whoever has your device. However, none offers the fully baked-in locking, tracking,
erasure, and other options of Find My iPhone.
How It Works
The feature relies on a device sending Apple’s servers a regular update of
location information derived from Wi-Fi, cellular, and GPS signals and
data. All iOS devices and most Macs (provided they’re running 10.7 Lion
or later) use the built in Wi-Fi; iPhones and Wi-Fi + Cellular iPads add
cellular radios and GPS.
With Find My iPhone active, a device with GPS and cellular regularly
sends updates derived from its GPS receiver and from ranging informa-
tion it has about nearby cell phone towers that allow it to trilaterate.
Note: You may be more familiar with the term triangulation, which relies on using
known fixed positions and measuring angles. Trilateration uses the intersection of
geometric areas, such as the radius of signal strength from cell towers.
All iOS (and OS X) devices also scan for nearby Wi-Fi networks and send
a snapshot of that information to an online system run by Apple when-
ever the device has an Internet connection. This system approximates
a position based on network details that it knows about from previous
scans sent by other devices, including the name and some less-apparent
unique hardware identifiers. The position is inferred based on the relative
signal strength of the Wi-Fi base stations detected.
108
and send Wi-Fi–based position information, as well as to respond to
queries from Apple’s servers.
Note: Apple caches some information about location on the phone for up to 7 days
to avoid frequent network access to look up information, or to use Wi-Fi positioning in
an area you’ve been recently even if you don’t have current Internet access.
WARNING: Since iOS 7, Apple requires that you enter your iCloud password
to disable Find My iPhone. This prevents a thief or other unauthorized party
who has access to your unlocked phone from using it while also removing it
from being tracked.
Note: To enable Find My Mac, enable the Find My Mac checkbox in the iCloud system
preference pane. If your Mac has Wi-Fi turned off with an active Internet connection
(such as cabled Ethernet), it can still be contacted to perform actions, but it can’t dis-
play a location.
109
Find My iPhone on the Web
To find your devices via a Web browser, follow these steps:
1. Go to https://icloud.com/find.
2. Log in with the correct Apple ID.
In the Find My iPhone Web app, click the All Devices button at the upper
center to reveal all your equipment (Figure 64). All Devices is the default
selection, revealed in the map at whatever magnification level is required
to show all the devices at once.
In the All Devices list, the dot beside each device name indicates the sta-
tus: gray means trying to connect or offline, and green means on-
line. It may take Find My iPhone up to 3 minutes to fix a precise location
for a device.
Figure 64: The Find My iPhone Web app shows devices in a drop-down list at center
and their locations on a map.
110
Find My iPhone shows the location of the device on the map as a green
dot. For GPS-enabled devices that have obtained a strong location fix,
only the dot is shown. When the GPS information isn’t good or it’s a
device without a GPS, the green dot is surrounded by a green outline,
the radius of which indicates the amount of confidence in the location
(Figure 65). With hardware relying on a GPS signal, the outline may
appear briefly while a better fix is being obtained.
With All Devices chosen, click the All Devices label or click anywhere
on the map to hide the drop-down, and then click any green dot on the
map. A popover menu appears with options for actions, described a few
paragraphs ahead, and the last time a fix was made on the location.
Figure 65: The shaded green circle shows the degree of confidence. In this case, my
MacBook Air might be half a block away (though the green dot is, in fact, accurate).
If the device was previously found but can’t be found now, you may get a
message that says, “Your device is no longer locatable.” The last-known
location of the device should be displayed for 24 hours, along with the
time showing the last moment it was known to be located there. Clicking
the green dot on the map representing the device brings up a popover
with a Refresh button you can click to force another attempt to locate it.
Battery life: The Web app, but oddly not the iOS app, shows the remaining
battery life on devices that are battery powered.
111
Find My iPhone app
You don’t have to use a Web site to run Find My iPhone. Instead, you can
download the free Find My iPhone app to an iOS device, launch it, and
then enter your account and password. The app works similarly to the
Find My iPhone Web app, although its interface is a little different in lay-
out when a device is selected.
The default view shows all devices in a list at the bottom and their lo-
cations in a map shrunk to fit them all at the top. Tap any device in the
list, and it’s selected and zoomed in on in the map. Tap the All button at
the upper left to return to the full device list.
Tap the device in its green circle or tap the Actions button at the bottom
to show the options for remote action (Figure 66).
Figure 66: The Find My iPhone app lets you tap a device on the map and then perform
remote actions.
112
You can tap the automobile icon at lower left, and the Maps app is
launched with the device’s location preloaded as a destination.
Password not stored: The app doesn’t save your password, and it caches
it for only a short time. If you borrow someone’s iOS device to run Find My
iPhone, you don’t have to worry about that person finding your iOS devices
in the future. And, to reverse the situation, if a thief steals your iPad, the
thief can’t use the app to locate more of your devices—or figure out where
you are!
Tap one of the options and see the section below that corresponds to Play
Sound, Lost Mode, and Erase Device. (For Macs and iOS 5 devices, the
earliest ones supported, Lost Mode is replaced with Lock.)
Figure 67: The three remote actions: Play Sound, Lost Mode, and Erase Device. Note the
battery life shown in the upper-right corner in the Web app version.
113
WARNING! If you know your device was stolen, consider taking location
information to the police—call an officer if you have a report already
opened—before trying to entice the thief to give it up. Although electronics
are stolen all the time, reports from all over indicate that law enforcement
responds favorably to being given a map and other data. That can, in turn,
lead police to find a cache of other stolen hardware.
Figure 68: Even an offline device can have an action applied when (or if) it comes back
online.
Play Sound
When you can’t find a device but think it may be nearby, the Play Sound
option should help you locate it. Tap or click Play Sound, and a loud
pinging noise will play for 2 minutes on the device, which also displays
the message “Find My iPhone Alert” (Figure 69).
114
Figure 69: iOS shows this message when Play Sound is triggered.
Whether the device is offline or online, the next time it connects through
Find My iPhone to Apple’s servers, you’ll receive an email message, see a
banner when you sign in to the Find My iPhone Web app, and get a pop-up
alert on iOS devices with Find My iPhone active.
Figure 70: Devices without a location can trigger alerts when they acquire a location.
The sound will override any mute settings on the device. The sound can
be stopped on the found iOS device by tapping OK if it’s unlocked. If the
passcode lock is active, enter it to stop the dratted noise.
115
Lost Mode
This option is designed to help you recover a lost device. You can offer a
reward and provide your phone number. It also puts the finder on notice
that you know approximately where it is. (“I’m a block away, coming to
pick it up. There’s a reward.”) Were your hardware stolen, this is a way
to tell a thief that you have her location and other data, and advise her to
give it up.
Note: Lost Mode immediately disables Apple’s side of Apple Pay for devices that are
both capable of it and have the feature enabled. Thus, if your device is lost and some-
one has the passcode and attempts to unlock the phone when it’s not connected to a
network to pay for something, Apple will not pass the transaction on for approval.
1. After tapping or clicking Lost Mode, you have to confirm by tapping Turn
On Lost Mode (Figure 71).
2. If a device doesn’t have a passcode set, you are prompted to enter and
verify a passcode (Figure 72).
116
Figure 72: If a device doesn’t already have a passcode in place, you are prompted to
enter one and then verify it in the next step.
3. Optionally, set a phone number for a call back (Figure 73). On an iPhone,
the phone may be used to call only that number. On other devices, the
call-back number is displayed but can’t be used.
117
Figure 74: Choose to add a message.
After you activate Lost Mode, the action is passed to the device, and
an email message is sent to the email address for the Apple ID account
you’re using for Find My iPhone, confirming what you’ve done.
■■If the device is connected to a wireless network and asleep, the next time
it’s woken, a passcode must be entered to gain access.
■■If the device is online and in use, iOS drops the user into the Lock screen
where the passcode-entry dialog or keypad is shown.
■■If the device is offline, the next time it accesses any network with an In-
ternet connection, the passcode lock is put into place.
Lost Mode also enables tracking the next time the device is online, which
appears in a map as a dotted red line (Figure 75). This lets you see wher-
ever a device has gone—so long as it remains online. Even neater, if
Location Services has been turned off, Lost Mode re-enables it so that
you can track your device.
Erase Device
The last resort in some cases (or first in others) is a remote wipe, in
which all the user data on the iOS device is erased.
118
Figure 75: While Lost Mode is enabled, the path a device takes as long as it has
connectivity is recorded and shown as well. (Figure via Apple.)
Since iOS 7, an erased device that has Find My iPhone enabled before
erasure and remains associated with an Apple ID cannot be unlocked
without the account password. The Erase Device option lets you provide
a phone number and message so that a person who found (or stole) your
device can get in touch. The iOS device is essentially useless to them
without the password.
Note: You can remove a device from your Find My iPhone list after erasing it by follow-
ing Apple’s instructions at http://support.apple.com/kb/PH2702.
1. In the Web app or the iOS app, tap Erase (Web) or Erase Device (iOS).
2. You’re warned that everything is about to be erased. Tap or click Erase,
but there are more steps ahead (Figure 76).
119
Figure 76: This step seems like you’re about to erase your device immediately, but
there are more steps ahead (left: iOS; right, Web).
4. Enter a phone number at which you can be reached after it’s erased, and
tap Next (Figure 78).
120
Figure 78: If you want to provide a number, enter it at this step.
5. Enter a message you want to appear along with the phone number
(Figure 79). You’ll notice there’s a Done button. Tap that, and the remote
device is erased—there’s no going back!
121
If the device is online, the Erase action immediately wipes all your data
off it. If it’s offline, the erase begins as soon as it next comes online
through any networking method.
Note: Because Find My iPhone works with older versions of iOS, you might see slightly
different options if you have iOS 5 or iOS 6 installed on an older piece of hardware.
Note: Macs with FileVault 2 (starting in 10.7.2 Lion) can similarly have their boot drives
rendered unreadable: an encryption key is deleted, making the drive’s encrypted con-
tents irretrievable. (The drive can still be erased and a new system installed, however.)
However, wiping your device isn’t as bad for your data as it sounds.
All iOS devices are set by default to back up the unique data that’s stored
on them, like settings, passwords, and documents created by or asso-
ciated with apps. These backups can be either local to iTunes on a par
ticular computer or remote to iCloud.
Tip: You can also make both kinds of backups by manually switching between the
options in iTunes when an iOS device is connected: do a backup with one, switch, and
back up with the other.
Any media and apps kept on an iOS device are not stored in the backup.
Instead, they are stored in some combination of a copy of iTunes (for
your own music, videos, ebooks, and purchased movies) and iCloud (all
apps or any media that you’ve bought from Apple, and your own music
uploaded or matched using iTunes Match).
If you erase your device, and then either recover it or obtain a new de-
vice, you can restore from your most recent backup. If you were syncing
any items to your device through iTunes, you can then sync them back to
122
the device. Or, for items stored in iCloud, the restore process downloads
them again.
123
About the Author
Glenn Fleishman was trained as a typeset-
ter, received a degree in art, and works as a
journalist and programmer. Glenn is a regular
contributor to the Economist, where he has
filed hundreds of online stories, including a
four-year stint as one of the lead writers of its
Babbage blog, and dozens of print features.
124
Acknowledgments
I dedicate this book to my wife, Lynn, and sons, Ben and Rex. They keep
me sane and happy, and keep me from spending my entire day thinking
about and using digital devices.
Thanks to editor Jeff Carlson, who made sense of this thorough overhaul
of the book for iOS 8. Thanks to Scout Festa for her eagle eye in proof-
reading. And many thanks to longtime collaborators Adam and Tonya
Engst, along with Michael E. Cohen, who saw this book through earlier
editions.
125
Copyright and Fine Print
A Practical Guide to Networking & Security in iOS 8
Copyright ©2015, Glenn Fleishman. All rights reserved.
http://glennf.com/guides
Ebook edition: This electronic book doesn’t use copy protection because copy protection
makes life harder for everyone. So we ask a favor of our readers. If you want to share
your copy of this ebook with a friend, please do so as you would a physical book, mean-
ing that if your friend uses it regularly, he or she should buy a copy. You have our per-
mission to make a single print copy of this ebook for personal use. Please reference this
page if a print service refuses to print the ebook for copyright reasons.
All editions: Although the author and Aperiodical LLC have made a reasonable effort to
ensure the accuracy of the information herein, they assume no responsibility for errors
or omissions. The information in this book is distributed “As Is,” without warranty of
any kind. Neither Aperiodical LLC nor the author shall be liable to any person or entity
for any special, indirect, incidental, or consequential damages, including without limita-
tion lost revenues or lost profits, that may result (or that are alleged to result) from the
use of these materials. In other words, use this information at your own risk.
Many of the designations used to distinguish products and services are claimed as trade-
marks or service marks. Any trademarks, service marks, product names, or named fea-
tures that appear in this title are assumed to be the property of their respective owners.
All product names and services are used in an editorial fashion only, with no intention of
infringement of the trademark. No such use, or the use of any trade name, is meant to
convey endorsement or other affiliation with this title.
This title is an independent publication and has not been authorized, sponsored, or oth-
erwise approved by Apple Inc. Because of the nature of this title, it uses terms that are
the trademarks or that are the registered trademarks of Apple Inc.; to view a complete
list of the trademarks and of the registered trademarks of Apple Inc., you can visit
http://www.apple.com/legal/trademark/appletmlist.html
126