If you have an iPhone running iOS 9, you should be aware that it may be possible to access your photos and contacts on a locked device, even with a passcode and/or Touch ID enabled. I’ve always ignored reports on this sort of security flaw, because they always seem to pop up with every iOS iteration, and almost always require a user to jump through what seems like a million hoops.
But for some reason—call it boredom, or call it poor judgement—I got curious, and decided to try this out for myself. As it turns out, it’s not that hard to do, and it certainly seems like a security flaw in iOS to me.
I debated on whether to post this, because obviously it’s going to bring attention to a security flaw that might let people access information that they shouldn’t be accessing.
For starters, please don’t get bent out of shape over this. This does not expose any other contents of your iPhone outside of Contacts and Photos. People still can’t unlock your device, read your messages, watch videos, etc. This only allows users to view your contacts, and look at your photos (not videos) through a limited interface. Photos cannot be forwarded or shared from your iPhone.
My hope is that a). this informs users that a passcode or Touch ID security isn’t necessarily enough to keep unwanted eyes off your photos and contacts, and b). Apple will see this and provide a fix. c). show you how to prevent the issue.
The thing is, this information is already out there, and the people who will use it for the bad probably already know about it. Consider this post an attempt to educate those who do not know about this iOS 9 security hiccup. Hopefully, it’ll allow users to make smarter decisions about their iPhone’s security.