← Patterns / SP-024

iPhone Pattern

OpenSecurityArchitecture (OSA) distills the know-how of the security architecture community and provides readily usable patterns for your application. This is a free framework, developed and owned by the community.

Release: 08.02 Authors: Russell Updated: 2025-07-05

Click on controls in the diagram to view details. Download SVG

When to Use

Always apply the above suggested security measures if phone has private or confidential data on it.

When NOT to Use

None.

Threat Resistance

Unless attacker is able to shield phone from data connections the combination of remote-wipe and data encryption gives the user a short time window to activate the remote wipe after phone has been detected as stolen.
The above methods protect the user from criminals with low technical understanding. Targeted attacks against a person’s iPhone with the apriori intent to steal data from exactly this person and this iPhone will require additional protection mechanisms.

Assumptions

The recommendations below are suggested on top of accepted best practices that are independent of the device type.

Mapped Controls (8)

AT: 1IA: 1PL: 1PS: 1SA: 2SC: 1SI: 1

AT-02 Security Awareness
IA-07 Cryptographic Module Authentication
PL-04 Rules Of Behavior
PS-06 Access Agreements
SA-03 Life Cycle Support
SA-07 User Installed Software
SC-13 Use Of Cryptography
SI-03 Malicious Code Protection