Some years ago, soon after the original iPhone took firm hold of the public's imagination, an iPhone-using friend of mine went through a messy breakup. He was the instigator and his partner was, well, the breakup-ee. In the following weeks, my friend's ex kept sending him creepy messages with more knowledge about his activities than any ex should have. The ex also would show up, unannounced, in situations an ex shouldn't know anything about. And that was just the beginning.
Through his iPhone, this crazy ex had gained access to my friend's activities and communications. This wasn't possible in the old feature phone days, and my friend thought that not making his life public on social networks would keep him safe from stalkers. A few freaked out phone calls, a bunch of settings changes, and one restraining order later—we all learned otherwise.
I was reminded of this story again recently after seeing this reddit thread (the original contents of which have since been removed). The poster had been watching his ex-girlfriend's whereabouts on her iPhone—not with some agreed-upon permission in Find My Friends, but from within her own iCloud account using Find My iPhone. The poster also admitted to changing the names of contacts in his ex-girlfriend's address book so that numerous text messages from her would go to him instead of to her friends. He would also change other people's contacts to match his own number so he could text, masking himself as another friend. He had originally set up her iTunes password and so was able to access everything about her—as her.
These stories are becoming common as smartphones proliferate. Non-techies have few problems using the devices, but many aren't familiar with the intricate ways in which they can be stalked by someone who is (or was) close to them. Someone who had physical access to your device at some point could have set things up so that you're more stalkable than you thought, creating the potential for some scary situations.
While most Ars readers aren't likely to have their accounts abused, everyone has less-technical friends and family who may have had a shady ex-spouse or friend set up their iPhones. They could now be at risk because of it.
Our anti-stalking guide for iPhone users spells out the subtle (and often invisible) ways in which someone could track you via your own phone, and it teaches you how to change your settings to keep yourself in control. If you face a situation like my friend's, then this may not be the only step you'll have to take in order to protect yourself—but it will certainly help. (A similar guide for Android users is on the way.)
Change your Apple passwords (yes, all of them)
Passwords provide the most obvious place to start. Change all of them—this includes the Apple ID that you use to log into iCloud as well as your iTunes ID (if it's different, which it may or may not be). The reason? Especially in the case of the Apple ID, anyone who might have had access to your account in the past might still be able to sign in as you. They can then see where you are and who you've been in contact with. For example, even if you don't use Find My Friends (an app that we'll address specifically in the next section), someone with your Apple ID might still be able to sign in as you through iCloud in order to see your location using Apple's Find My iPhone.
Someone with your Apple ID password can even change the names and info of people in your contact list in order to trick you (just like the example in our intro). Trust us—if anyone in your life knew your password at one point or another, that person can remember your password and use it against you. Even if you don't think you know someone capable of this, it's wise to keep your password to yourself. Change it immediately if someone else ever learns of it.
Let's start with your Apple ID. Go to Apple's "My Apple ID" website, where you can log in with your current account by clicking "Manage your account" on the right hand side. Sign in with your user name and password—this is what you usually use in order to log into iCloud.com and probably to buy songs on iTunes or apps from the App Store. Click on "Password and security" in the left-hand column once you log in.
From here, you can change your password and also set or change your security questions. If anyone has ever had access to your account in the past, it might be wise to reset both to something new (better safe than sorry). And for what it's worth, you should try your best to give false answers—but still ones you'll remember—to your security questions. Anyone who knows you is likely to also know your security questions, so keep that in mind.
Once you do this, you may also want to ensure that your password verification e-mails and other communications from Apple aren't going to any shady e-mail addresses that you don't recognize. Click on "Name, ID, and Email Address" in the left-hand column to see all the addresses you've associated with your account:
If there are any in the list that shouldn't be there or you don't recognize, delete them. Make sure to click the blue "Save Changes" button after you're done cleaning up your account.
If someone else set up your accounts for you, there is a chance that your iTunes log in and password is different than your iCloud/Apple ID log in and password without you being aware of it. The reason for this is somewhat moot for this piece, but it's related to how Apple started using Apple IDs for different accounts once iCloud was launched. Regardless, you can check by opening up the iTunes application on your PC or Mac, then clicking on your user name in the upper right-hand side of the iTunes Store. Log in with your usual iTunes password and click the "View Account" button.
From here, you should see your Apple ID e-mail address at the top of the screen with a blue "Edit" button to the right. Clicking this button will take you to a screen to change your password. Chances are, you've already changed your password via the instructions we gave you above. But if you have any reason to believe that your iTunes and iCloud passwords are not the same, you can change it again here.
By changing your passwords in all the right places, you are taking the first (major) step in protecting yourself from a tech-savvy stalker gaining access to your location and other personal information without your knowledge. Although this guide is to help you avoid being stalked via your iPhone, you may want to also consider changing your e-mail passwords (if you don't use Apple's e-mail service through iCloud) and any other passwords you might use on the Web, like Facebook, Twitter, and Google.
reader comments
46