paint-brush
Google's Advanced Protection Program with iPhone and iPadby@0x0ece
1,134 reads
1,134 reads

Google's Advanced Protection Program with iPhone and iPad

by Emanuele CesenaDecember 13th, 2017
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

This is the first in a series of blog posts about my experience with <a href="https://landing.google.com/advancedprotection/">Google’s Advanced Protection Program</a>, recently launched to strengthen the security of your Google account. In this post we’ll focus on how it works with iOS&nbsp;devices.

Companies Mentioned

Mention Thumbnail
Mention Thumbnail

Coin Mentioned

Mention Thumbnail
featured image - Google's Advanced Protection Program with iPhone and iPad
Emanuele Cesena HackerNoon profile picture

This is the first in a series of blog posts about my experience with Google’s Advanced Protection Program, recently launched to strengthen the security of your Google account. In this post we’ll focus on how it works with iOS devices.

Advanced Protection is primarily intended, as Google suggests, for “journalists, activists, business leaders, and political campaign teams.” I think it’s a great tool for everyone, especially if you’re concerned about the security of your Google account, such as if it’s the recovery email of your bank account, or if you use a regular gmail account for your projects or small business.

In short, if you have an iPhone or iPad and you want to enable Advanced Protection:

  1. You have to buy two security keys, and I recommend you the Feitian MultiPass and/or the DIGIPASS SecureClick ($50–80, read more below on “How do I buy the right security key.”)
  2. On your iPhone/iPad you have to install the Google Smart Lock app, and use that to log in into your Google account.
  3. You have to use a regular gmail account — company accounts aren’t yet supported.

Before you get started, though, you may also want to know that after enabling Advanced Protection:

  • You’ll be logged out from all devices, so make sure you do so when you have time to log back in.
  • You’ll have to use Gmail (or Inbox) and Google Calendar. Other apps like Apple Mail and Calendar, won’t work anymore. Personally, I was already using the Google apps, but if you aren’t, you may want to give them a try in advance and see if you like them.

How does it work?

Go to Google’s Advanced Protection Program page, click “Get Started,” and follow the steps to register your two security keys, and enable Advanced Protection. Once it’s on, Google will ask you to enter your password and then physically tap a security key every time you log in from a new device or browser. This means you’ll always want to have a security key with you, for example on your key ring. Note that you just need one key to log in. The other one is a backup that you can keep safely at home in case you lose or break the first one.

Why do I need it?

You need Advanced Protection to protect you against targeted online attacks, and in particular phishing. You’ll be protected from phishing sites that attempt to steal your login credentials, and from malicious sites that try to get access to your Gmail or Google Drive data.

On the left, a phishing website pretending to look like Google to steal my login credentials. On the right, a malicious website requesting access to my Google Drive data. Advanced Protection blocks both attacks.

How is this different from two-factor authentication?

Advanced Protection is a form of 2FA, in fact the strongest one. Other mechanisms like SMS or time-based codes don’t protect you against sophisticated phishing.

What if I lose or break my security key?

That’s why you have two.

What if someone steals my security key?

That’s why you ALSO have a strong password. You can revoke your lost security key anytime, and replace it with a new one.

How do I buy the right security key?

For iOS, the only security keys I was able to find and test are the Feitian MultiPass, the same recommended by Google, and the DIGIPASS SecureClick, recommended in this survey.


Yubikeys don’t work with Advanced Protection on iPhone and iPad(I discovered it only after I bought them already — I should have read more carefully.)

In the list below I’m summarizing the main options, with pros and cons of each one.



  • Feitian MultiPass, $25Pros: It works on desktop, Android and iOS devices.Cons: It doesn't have a usb-c connector (e.g., for the new Macbook Pro.)



  • DIGIPASS SecureClick (my choice, mostly aesthetic), $39Pros: It works on desktop, Android and iOS devices.Cons: It doesn’t have a usb-c connector (e.g., for the new Macbook Pro.)



  • Yubikey NEO, $50Pros: It's nicer looking and fits better in a key ring than the Feitian.Cons: It doesn't work on iPhone and iPad. It doesn't have a usb-c connector.



  • FIDO U2F Security Key (Yubico), $18Pros: It's the cheapest.Cons: It only works on desktop devices, no phones & tablets.



  • Yubikey 4C, $50Pros: It has a usb-c connector.Cons: It only works on desktop devices, no phones & tablets.

How does it work on iPhone?

Below is an example of me adding my Gmail account on my iPhone after I’ve enabled Advanced Protection. To reiterate, you have to log in using Google Smart Lock, and then you have to you the Gmail app (or Inbox) — Apple Mail won’t work anymore.

From left to right: launch Smart Lock and add a new account, enter your email address, enter your password, tap on the security key (the very first time you use the security key with your iPhone you’ll be asked to pair it by long pressing for a few seconds.)

If you tried Advanced Protection on iOS, I’d like to hear how your experience was. Did you try other security keys? Did you, like me, buy the wrong ones? :) Did you find other apps to be tricky or not working? Feel free to use the comments below or reach out to me on Twitter @0x0ece.

P.S: And if you’re interested in security and authentication, you may also want to check out MemPa, a new password manager that I just happened to release.