iOS Privacy

Apple charges a premium to tell you privacy matters. They also paid $95 million to settle a class action lawsuit because Siri was recording your private conversations and sharing snippets with advertisers. Configure these settings regardless of the marketing.

Face ID & Passcode

Path: Settings > Face ID & Passcode

• Set a strong alphanumeric passcode — not a simple 4 or 6-digit PIN
• Review what features use Face ID — disable any you don’t actively use
• Allow Access When Locked: Disable Notification Center, Control Center, Siri, Reply with Message, Return Missed Calls, USB Accessories — anything that exposes data without unlocking
• Enable Erase Data after 10 failed passcode attempts (use with caution if others use your device)

Find My iPhone

Path: Settings > [Your Name] > Find My > Find My iPhone

• Enable Find My iPhone — allows remote location, lock, and wipe
• Enable Send Last Location — device sends its location to Apple when battery is critically low
• Review Share My Location — only share with people you genuinely trust

Sign-in & Security (Apple ID)

Path: Settings > [Your Name] > Sign-In & Security

• Enable Two-Factor Authentication — critical; your Apple ID controls iCloud, App Store, and device recovery
• Review trusted phone numbers and devices
• Use a strong, unique Apple ID password

Advanced Data Protection

Path: Settings > [Your Name] > iCloud > Advanced Data Protection

By default, iCloud backups are encrypted in transit and at rest — but Apple holds the keys. Advanced Data Protection flips that. It enables end-to-end encryption for iCloud Backup, Photos, Notes, Reminders, Safari Bookmarks, Siri Shortcuts, Voice Memos, Wallet passes, and iCloud Drive. Apple can no longer read this data, and neither can anyone who compromises Apple’s servers.

• Turn ON Advanced Data Protection
• You must set up at least one recovery method first: a recovery contact (a trusted person with an Apple device) or a recovery key (a 28-character key you store securely offline)
• If you lose access to your account and your recovery method, Apple cannot help you — that’s the tradeoff. Worth it.
• Not available for Managed Apple IDs or child accounts

Privacy & Security

Path: Settings > Privacy & Security

Location Services:

• Review every app’s location access
• Set most apps to “While Using” rather than “Always”
• Set System Services → disable: Significant Locations, iPhone Analytics, Routing & Traffic, Improve Maps
• Significant Locations: Turn OFF — Apple is storing a map of everywhere you go frequently. That’s not a feature you need.

Tracking:

• Allow Apps to Request to Track: Turn OFF — blanket denial of all cross-app tracking requests
• Review any apps already granted tracking permission and revoke them

Analytics & Improvements:

• Disable Share iPhone Analytics
• Disable Improve Siri & Dictation — this is what the $95M lawsuit was about
• Disable Share iCloud Analytics

Apple Advertising:

• Personalized Ads: Turn OFF

App Privacy Report:

Path: Settings > Privacy & Security > App Privacy Report

• Turn ON App Privacy Report — it logs which apps accessed your camera, microphone, location, contacts, photos, and media library, and how often
• It also shows network activity — which domains each app contacted. If your weather app is calling ad networks every 30 seconds, you’ll see it here.
• Review this weekly. Revoke permissions from apps that are reaching for data they don’t need.

Safety Check:

Path: Settings > Privacy & Security > Safety Check

• Safety Check lets you immediately revoke all shared access — location sharing, photo sharing, signed-in devices, app permissions — in one place
• Emergency Reset revokes everything at once. Use this if you need to cut someone off from all shared access immediately.
• Manage Sharing & Access gives you granular control to review and revoke specific sharing, one item at a time
• Critical for domestic abuse situations, stalking, or any scenario where someone you previously trusted now has access they shouldn’t

Lockdown Mode

Path: Settings > Privacy & Security > Lockdown Mode

Lockdown Mode is extreme protection for high-risk individuals — journalists, activists, executives, dissidents, anyone with reason to believe they are a target of state-sponsored or sophisticated surveillance (think NSO Group’s Pegasus).

It blocks: most message attachment types (including link previews), FaceTime from unknown callers, incoming invitations for Apple services, wired connections when the phone is locked, configuration profiles, and MDM enrollment. Safari disables some web technologies like JIT JavaScript compilation. Each restriction shrinks the attack surface.

Not recommended for everyday use — it significantly limits functionality. But if you are a target, or think you might be, turn it on. The inconvenience is the point.

Safari

Path: Settings > Safari

• Prevent Cross-Site Tracking: Enable
• Hide IP Address: Set to “From Trackers” minimum — “From Trackers and Websites” for maximum privacy
• Block All Cookies: Consider enabling — may break some sites but significantly reduces tracking
• Fraudulent Website Warning: Enable
• Privacy Preserving Ad Measurement: Disable (this still shares some data with advertisers)
• Check for Apple Pay: Disable if not using Apple Pay on the web
• Clear History and Website Data periodically: Settings > Safari > Clear History and Website Data

iCloud Private Relay (iCloud+ Feature)

Path: Settings > [Your Name] > iCloud > Private Relay

Private Relay routes your Safari traffic through two separate relays. The first relay (operated by Apple) sees your IP address but not what you’re browsing. The second relay (operated by a third-party partner) sees the destination site but not your IP address. Neither relay has the full picture.

• Turn ON Private Relay if you have iCloud+
• Works only in Safari and DNS queries — does not cover other apps or browsers
• Not a full VPN replacement. It won’t mask your traffic from your employer’s network or change your apparent country for geo-restricted content. But it prevents your ISP and the sites you visit from correlating your IP with your browsing history.
• If a site breaks, you can temporarily disable Private Relay for that site via Safari’s address bar menu

Hide My Email (iCloud+ Feature)

Path: Settings > [Your Name] > iCloud > Hide My Email

Hide My Email generates unique, random email addresses (like q7x9k@icloud.com) that forward to your real inbox. When you’re done with a service, delete the alias. Your real address stays unexposed.

• Use it for every new account sign-up, newsletter, or form that asks for your email
• Create aliases directly from Safari, Mail, or the Settings app
• Each alias is unique per service — if one gets leaked in a breach, only that alias is burned
• Requires iCloud+ subscription
• Delete aliases you no longer use: Settings > [Your Name] > iCloud > Hide My Email

Mail Privacy Protection

Path: Settings > Mail > Privacy Protection

• Enable Protect Mail Activity — blocks email senders from knowing when you opened their email, and hides your IP address from email trackers
• This prevents marketing emails (and surveillance emails) from confirming your location and read time

Siri & Apple Intelligence

Path: Settings > Siri & Search and Settings > Apple Intelligence & Siri

• Listen for “Hey Siri”: Disable if not needed — always-on microphone activation
• Press Side Button for Siri: Consider disabling
• Siri & Dictation History: Delete and disable — Apple paid $95M for recording private conversations
• Show in App Library: Review which apps suggest content via Siri
• For each app under Siri & Search: disable “Learn from this App,” “Show App in Search,” “Show Suggestions”

Apple Intelligence (iOS 18+):

• Review Apple Intelligence settings if enabled — on-device processing is safer, but review any options that send data to cloud servers for processing
• Disable any features that process data off-device unless you have a specific need

Apple Watch

Path: Settings > Privacy & Security > Health, or the Watch app on your iPhone

• Health Data: Review which apps can read/write health data — revoke access to apps you don’t actively use
• Heart Rate notifications: Can be left on (health benefit)
• Location on Watch: Review location-enabled watch apps
• Siri on Watch: Disable if not using — same microphone concerns as iPhone Siri
• Watch Faces with Complications: Some complications pull personal data (calendar events, activity) — review what’s visible when someone glances at your watch

Minimum viable hardening: go to Settings > Siri & Search and delete your Siri & Dictation History. Then go to Settings > Privacy & Security > Location Services > System Services and turn off Significant Locations. Then enable Advanced Data Protection under Settings > [Your Name] > iCloud. Those three actions address the most egregious data collection on this device. Everything else on this page is gravy — but do it anyway.