Much of the focus in the field of information security focuses on remote threats. The rule of thumb among security experts is that if a person has physical access to your machine, all security bets are off. That’s because security experts know that the designers of today’s hardware and software understand humans are fallible and build in ‘reset password’ functionality for local users who either know the trick or have the requisite piece of software.
Security experts tend to aim their measures at the worst-case-scenario. They figure that people who are concerned about security are worried about expensive, exotic and well-informed threats. However, the most common form of information leakage is casual snooping, such as getting a hold of someone’s phone or computer, possibly with no password or pin on it and rifling through it. To deter this form of prying, a vast array of apps have sprung up. On the Apple App Store alone, the search term “private” yields over 5600 apps, while “hide” reveals over 800 and “secure” brings up 1700 apps that you can buy or download for free. Google Play also has many.
While it is beyond the scope of this article to make even a cursory survey of the apps involved, they can be divided into certain categories. Keeping photos hidden is a popular option, while apps to keep encrypted notes is another. Hiding contacts is another popular function that certain apps target.
Unfortunately, there is no way to password-protect the Mail app separately on iOS, but if one is concerned about that, one can use webmail instead which would require logging in. Just make sure to remove all accounts from Mail’s settings. One method of hiding apps exists that I hesitate to mention. This is the “Restrictions” sections of the Settings app in iOS under the General subheading. It allows one to restrict apps based on the age setting or to restrict all downloaded apps, which causes them to disappear. Experiments have shown that using this function and then unrestricting it later can cause your home screen to become jumbled compared to your previous arrangement, so I can’t really recommend it. Hopefully this behavior will be fixed in future versions.
The thing to remember is that these applications are useful against local unsophisticated attackers. A forensics expert in possession of your phone can have your entire phone downloaded in a few minutes, PIN or no, and can then root through your images as if they were his own hard drive. You also need to consider whether or not you trust the programmers of the app. Perhaps they created it to harvest private photos or passwords from users and then transmit them to the author over the network. There’s no real way to tell without watching wireless network traffic with a packet sniffer for suspicious behavior or reverse engineering the app itself. But, if you’re mostly concerned with people you know and care about gaining posession of your data, these privacy apps are a solid option.