Security considerations while restoring iPhone

Security considerations while restoring iPhone

Well it happened. I was at the airport ready to fly off to Las Vegas when my iPhone quit working[1]. Upon arriving in Vegas I went strait to the Apple store in the shops at Caesars Palace, and within 10 minutes was issued a brand new phone. The new phone allowed my phone number to work, but didn't have any of the applications and contacts that I had on my old phone. I felt out of touch with all of my social networking applications missing.

When I got home I decided that I was going to document the authentication information that was restored form the backup I had of my phone the day before it broke. I wondered which applications stored authentication information during a backup.

List of security related items that PLEASED me after the restore:

• Apple Mail - both gmail and my companies (both imaps) services didn't have stored credentials. No emails where backup (good in my opinion).
• Facebook Application - same thing, the program normally has the name and password cached in some capacity, but I was required to re-authenticate after the restore.
• App Store (iTunes authentication) - Re-authentication was required.
  
• iTunes Store (I purchased a song to test this out, and will not disclose which one :-). Re-authentication required for iTunes account which is good. Apparently not shared somewhere under the OS covers with App Store (good).
• All programs needed to request location information again.
• Twinkle needed to be re-authenticated. It did have cached tweets from the backup.

List of security related items that BOTHERED me after the restore:

• Anything web based! All of my google mail sessions where still there. Any sort of session data that was on the system at the time of backup was restored into Safari. I question the value of this.
• All of your Safari web history is restored.
  
• Notes Application - all notes where still there. Since notes didn't require authentication before it didn't now. Be careful putting sensitive data in your notes.
• I had to re-enable erase after 10 failed authentication attempts feature. <-- on a broken screen phone that is still responding (via "vibrates" when auth failed attempt) can be used to start destruction of data.
• Passcode lock was NOT restored. (4 digit number used to unlock the screen).

[1] Quit as in the screen was pure white. Hard restart didn't fix. Phone still responded evident in that it would vibrate on a failed authentication attempt.