How to secure iPhone data with pair locking and supervision

Updated

In this article we're going to take a closer look at an obscure but highly effective way of increasing your phone's security: pair-locking.

What is pairing?

Pairing creates a trusted connection between your iPhone and a computer. For example, when you connect your iPhone with a USB cable, you are asked to grant full access and once accepted, pairing takes place and a trusted key is kept for future connections. A connection is created between your iPhone and your computer so that applications like iTunes can communicate with your device. The bad news is that forensic applications which might harvest your data can use the same connection key to remotely communicate with your iPhone.

Once an iPhone is paired with a computer, that computer will have full access to all the personal information stored on your device. This means the computer will have access to all photos, notes, videos, messages, and -- with the right knowledge -- hackers can even break passwords from third-party applications. Your iPhone can be accessed even when it's locked with a PIN code.

What is pair-locking?

By pair-locking your iPhone you're basically blocking any forensic application that tries to communicate with your iOS device, by preventing new pairings. You're pairing it with a single computer -- yours -- and preventing it from ever pairing with any other.

Is your iPhone paired with your computer already?

A private key is being created when paired your iPhone. This key is stored both on your iPhone and on the computer you have paired with. You can find a pairing record of your device easily, like this:

  • On macOS, open Terminal and paste the following: open /var/db/lockdown
  • If you are using Windows, go to %ProgramData%/Apple/lockdown in Explorer

Steps you need to take to pair-lock your iPhone

  1. Download Apple Configurator from the App store on your Mac and open it

  2. Click "Prepare"

    Apple Configurator's "Prepare" button
    Apple Configurator's "Prepare" button

  3. Choose any name you would like and toggle on "Supervision"

  4. Uncheck the box "Allow devices to connect to other Macs"
  5. Create a new profile by clicking on the plus sign at the bottom of Apple Configurator

    Creating the pairing profile in Apple configurator
    Creating the pairing profile in Apple configurator

  6. You can use any name you would like for this profile, then click on "Restrictions" and on "Configure"

    Restrict your iPhone
    Restrict your iPhone

  7. Uncheck "Allow pairing with non-Configurator hosts" to disable pairing, then click "Save"

    Enable pair-locking for iPhone or iPad
    Enable pair-locking for iPhone or iPad

  8. Select your newly created profile and click on "Prepare"

    Sync pair locking profile
    Sync pair locking profile

  9. Fill in the organization information: only the name field is required, and you can input anything you would like on phone, email and address

  10. Connect your iPhone or iPad and click "Done"
  11. You'll get a warning message asking if you are sure you want to apply these settings to all connected USB devices, click "Apply" and your device will only be accessible from the computer you've paired with

    Apply changes to USB devices with Apple configurator
    Apply changes to USB devices with Apple configurator

Just remember: if you do this, you won't be able to sync or connect your iPhone with any other computer. But neither will the bad guys.

About the author

Alexandra Petruș served as Reincubate's VP of Product for a number of years and remains a friend of the company. She's recognised as a Google Developer Expert for Product Strategy, and is a co-founder of Bucharest AI.

Reincubate's CEO at Buckingham Palace

Pictured above are members of Reincubate’s team meeting HM Queen Elizabeth Ⅱ at Buckingham Palace, after being awarded the UK’s highest business award for our work with Apple technology. Read our position on privacy, safety and security.

How can we help?

Our support team are here to help!

Our office hours are Monday to Friday, 9 AM to 5 PM GMT. The time is currently 6:55 PM GMT.

We aim to reply to all messages within one working day.

Go to support section › Contact support ›
Our awesome support team

Can we improve this article?

We love hearing from users: why not drop us an email, leave a comment, or tweet @reincubate?

© 2008 - 2019 Reincubate Ltd. All rights reserved. Registered in England and Wales #5189175, VAT GB151788978. Reincubate® is a registered trademark. Privacy & terms. We recommend 2FA. Built with in London.