Improving Your iPhone Privacy
At least, as much as you can
I have to immediately begin by pointing out the obvious - smart phones, but perhaps especially iPhones, are very difficult to make very private. There is, for instance, the simple fact that your phone is likely online and on your person nearly every waking hour. The relevant locational data alone presents a huge threat to user privacy.
Of course, that is not to say that constant location data will necessarily stored in a meaningful way. Websites visited typically won’t bother to track location over time, meaning if your phone itself doesn’t log that information, it will likely only be available in full to your service provider and to Apple. This is, of course, still a very real privacy concern, particularly when that data is mishandled. Unfortunately, to a sizable degree, that’s the price of doing business. There are certainly more secure/private smart phones, such as a Google Pixel running GrapheneOS, but there’s no quick fix to prevent Apple from having sensitive data on you. (And even the “best” case for phones is far from perfect!)
Having said all of that, there’s a wide range between the minimum and maximum amounts of data your iPhone could be giving away. This article is meant to be a brief guide to take you down close to that minimum amount of data. My PC privacy article may prove helpful for those interested in greater depth, and my De-Googling article provides additional app replacements and the like.
Privacy and Security Settings
Apple does offer a good amount of transparency in recent updates, so there’s a lot available under Privacy and Security. There are two tools here to help you look at your privacy - Safety Check and the App Privacy Report. Safety Check will run you through people and apps you’re sharing info with and have you approve or deny the sharing. It’s a great way to get thinking about what you’re sharing, but if you already know what you want to disable, maybe not the fastest. The App Privacy Report, on the other hand, will log every domain that apps contact starting from when you enable the report. This makes it an extremely helpful tool for seeing which apps are trying to talk to companies like Facebook and how often they’re trying to do it.
In general, you should be disabling access to everything under Privacy and Security that you can. Do those different apps really need access to all of your photos? To your microphone? Where access isn’t outright denied, it should be “limited” or “ask” or “while using”, and where it is fully allowed, it should be well justified. You’ll have to run through those specific app permissions on your own; I don’t know your apps or your use cases.
Now, that being said, there’s a whole lot you can disable right out of the gate. Shut off everything under Analytics and Improvements and Apple Advertising. Under Tracking, disable Allow Apps to Request to Track and disable permissions for all the apps that requested it. Make note of and consider removing these apps, as they are openly trying to track you.
Under Location Services, review which apps have access and disable or limit any unnecessary ones. Next, at the bottom of Location Services you’ll want to go into System Services. You can disable the vast majority of these services. Emergency Calls and SOS, Find My iPhone, and Share My Location should probably be left enabled for most people. Disabling Networking and Wireless can potentially impact performance, since you may not always be connected to the closest tower. Personally, I haven’t noticed a difference. Everything under Product Improvement (iPhone Analytics, etc) should be disabled as well.
Lastly, still under System Services, I would also highly recommend disabling Significant Locations. This feature logs locations you visit in order to determine the titular “significant” locations, allowing it to effectively have map pins for your home, work, favorite grocery store, friends’ apartments, etc. To my knowledge, this is remains local on your phone (if iCloud is disabled, at least), but even assuming that no third-party has this information, this is a ridiculous amount of information that someone in possession of your phone could potentially gain. I’d recommend both disabling and clearing it, though clearing it does clear saved Apple maps locations.
iCloud
Obviously, anything in your iCloud can potentially be accessed by Apple. Thankfully, Apple does offer end-to-end encryption for iCloud, though it is disabled by default. Be aware that enabling it means that if you ever fully get locked out of your phone / iCloud, Apple will not be able to retrieve your stuff. That is the point, of course, but I feel the need to stress that that particular luxury will become unavailable.
Under iCloud, disable anything you don’t need backed up (and consider that that could mean everything). iCloud Backup in particular could be good to disable. You may also want to consider disabling Access iCloud Data on the Web at the bottom. Most crucially, enable Advanced Data Protection.
Random Hardware Address
Phones, just like PCs, have hardware addresses that can uniquely identify them - like an IP address, but across multiple networks. Modern iOS, like Windows, has an option to present random hardware addresses to networks. Unlike Windows, thankfully, iOS does enable this by default…sort of.
Go to Wi-Fi, then select the i by your local network. Scroll down to Private Wi-Fi Address. Set this to Rotating if it isn’t already, and below it enable Limit IP Address Tracking. While your iPhone generally will, by default, generate a different address for each network, it may not be set to randomize on the same network. Rotating is generally better, but for networks that force you through a portal (like hotels), it may make you sign back in each time. (This is why, you’ll note, these settings are individual to each network).
Camera and Photos
As with other permissions, limit camera and photo access wherever you can. More to the point, however, is location data. By default, as you likely know, iPhones capture the location of each picture taken. This location data is also shared by default, posing a potential privacy risk. You can disable the location logging feature under the aforementioned Location Services, and when you send photos to people, you can switch location off.
Additionally, however, I’d point to Scene Detection under Camera settings. I was not able to find much discussion on this setting, but it is some kind of AI image improvement feature. I say some kind, because I haven’t been able to find much about the privacy implications of this setting. As far as I understand, though, at least, your pictures will quickly be sent through image recognition / tweaking in order to sharpen the subjects of the photo. That would mean that at least for an instant, an AI model of Apple’s has possession of your potentially sensitive photo. I’m extremely inclined to believe any AI feature is privacy-violating (because most of them are), so I’d highly recommend disabling this feature.
Under Photos, disable all Siri and Search access. Disable iCloud Photos, or at least enable Advanced Data Protection for iCloud. Disable both Show Featured Content and Enhanced Visual Search, as like Scene Detection, this involves “privately” processing your photos. I should be clear - Apple does have an ok track-record at handling user data well, but that isn’t to say they couldn’t get worse, or that they should have all the data they do.
VPN / DNS Providers
The Domain Name System (DNS) is a service that associates domain names (URLs, in other words) with IP addresses. This is generally handled by your ISP, but ISP DNSs are often less private, potentially leaking some of your browsing activity. Virtually any VPN will have one or more DNSs to choose from, so you don’t necessarily have to seek a DNS provider out separately. Given my own experience with VPNs on iOS, however, having a DNS to fall back on if the VPN is having issues is a good idea.
The most popular and widely recommended options are Cloudflare, Quad9, and Mullvad. Of these, only Mullvad DNS is exclusively encrypted and has a zero data collection policy, making it my recommendation. It has some good block lists as well. Quad9 is more likely to be provided by default by a VPN, and really isn’t terrible either. Really, any “private” provider is likely to be a slight improvement over your ISP DNS. See Mullvad or the chosen provider’s page on how to set the DNS up on your iPhone. It’s less complicated than it looks, but be sure (in Mullvad’s case, at least) to individually navigate to Files and open the downloaded profile there, or the button to add it won’t appear in settings.
Virtual Private Networks (VPNs) route your traffic through a server before accessing any content. In other words, to the website, you appear to be the VPN server, which slightly anonymizes you and can help circumnavigate locational blocks. I should stress that VPNs (especially on their own) are not as private as advertisements may have you believe. As with DNS providers, finding a trustworthy provider is crucial. Even then, a single hop still leaves a significant amount of room to potentially de-anonymize you, especially if your phone is leaking other locational data.
Having said that, VPNs can still be useful tools, particularly in hiding your location from the websites you visit. A small victory, perhaps, but a significant one. I’d put forth IVPN, Proton VPN, and Mullvad VPN as the main iOS options. I have IVPN myself, and it can be a little buggy. Mullvad has the same average rating (4.1 stars) as IVPN in the App Store, though with several times the number of ratings. Mullvad VPN also has a few slightly better features, so I’d recommend it over IVPN. I have some personal misgivings about Proton VPN, but their protocols are solid, and their VPN has the best ratings in the app store. I can attest myself that Proton is smoother than IVPN, at least. So if you’re willing to trust Proton VPN, it is probably the best option for iOS.
Browser
If a VPN seems insufficient, you can, in fact, use Tor on iOS. Tor routes your connection through three relays, making your traffic extremely difficult to intercept and fingerprint. Your Internet Service Provider (ISP) will know who you are and that you’re using Tor, but not what you’re searching. You can use Onion Browser combined with Orbot to effectively use the Tor browser. In my experience, it is slow (as to be expected of Tor) and buggy at times. Not great for regular use.
I’ve been conflicted about what iOS browser to recommend - up until a recently added Safari extension, that is. The problem with iOS browsers is that Apple limits the capabilities of every browser that isn’t Safari, so even the best browsers are handicapped. Even the often recommended replacements - Firefox, Brave, DuckDuckGo - come with telemetry and other annoying settings by default, so I can’t easily recommend one for good default settings either.
Firefox Focus is a decent out-of-the-box privacy browser pick, but may not be for everyone, given that it doesn’t retain any browsing history. To my knowledge, however, there’s still a little telemetry to disable, and again, it is limited in function by Apple.
My recommendation for everyone, at the end of the day, is Safari, with several steps to improve it. Privacy Guides details 90% of what I would recommend (except enabling FaceID - I do not recommend FaceID). After following their steps, install uBlock Origin Lite from the App Store and enable it in Safari. uBlock Origin Lite is sadly not quite as powerful as its gold-standard version, uBlock Origin, but it’s extremely helpful nonetheless. Between Apple’s own features and this extension, your Safari will have significant fingerprint-avoiding and blocking capabilities.
Messaging
While iMessages are generally encrypted, regular text messages (i.e., ones not to iOS users) may not be. And, of course, if Apple has a backup of your messages that isn’t end-to-end encrypted (“Advanced Data Protection”), then they could access that information too.
Apps like WhatsApp and Telegram distinguish themselves as marginally more private/secure than texting, but the undisputed best option in this realm is Signal. Signal uses end-to-end encryption, allows you to add others by username, and features self-destructing messages, among other things. I recommend Soatok’s write-up if you’re interested in really diving into all the specifics of Signal’s design.
The only issue with Signal, of course, is that you need to convince your friends to use it too. Consider it as something to pressure more people into when you can. I hear tales of people getting their friend-group to move over to Signal, and I think that those people must have extremely compliant friends. I don’t expect a full move to happen for most people.
Exif Removal
Exif (Exchangeable image file format) is a standard that specifies metadata formats for image and sound files. Cleaning metadata is good practice for any such files that you plan to post online, as the metadata will contain location, time, and system information. This likely isn’t much of a concern for most people’s social media posts, as one can assume that much of your online presence there is already quite de-anonymized. I would, however, highly recommend cleaning any files that you want to remain pseudo-anonymous. Nudes, for example, particularly any shared with strangers or shared publicly online. A cheeky un-sanitised picture could easily turn into a full doxx if it wound up in the wrong hands.
Having said all that, there are three options for iOS - pseudo-trustworthy apps, websites, and Shortcuts. My personal recommendation would be using Shortcuts; this Privacy Guides forum post has instructions for creating the shortcuts. Note that you’ll need separate shortcuts for photos, videos, and GIFs. Making a GIF shortcut is very similar to the photos shortcut, but instead of using Convert, you use Make GIF. Once you have those three shortcuts, it is very easy to strip metadata from photos or videos en masse, though not both types simultaneously. GIFs must be done one at a time, unless you want to combine two GIFs. All and all, its not too hard to setup, free, private, and pretty convenient for the most part.
There are also apps and websites that claim to keep your files private; be extra cautious towards trusting them. In particular, ExifFree and PrivMeta both claim to be completely offline. The former is a paid app and the latter is a free, open-source website. As far as I can tell, PrivMeta is true to what it claims and so should be equally private to the Shortcuts method. I have not used it extensively myself, but I’d say its certainly easier to get started and to do a few files, but Shortcuts might be easier for bulk. PrivMeta should be a fine option if you don’t want to setup Shortcuts.
Maps
The major options are not really that different in terms of privacy and utility. You can use OrganicMaps, an offline maps app, to slightly improve your privacy, with a cost. Since OrganicMaps is offline, it does not have any traffic data or live updates. And as a consequence of it being volunteer-built, some areas are not thoroughly mapped and may be out of date. It’s a good option to have, but frankly, not a replacement.
The Sobering Conclusion
As you may have noted, what is available for iOS privacy is better than expected, but still frustratingly limited. Apple offers several tools to monitor and improve your privacy, but they also limit what apps are available and what, for instance, non-Apple browsers are capable of.
The fact remains that as you walk around with your phone in your pocket, it’s leaving a digital trail of your location for your ISP. Particularly for activists or anyone who may have reason to fear the government (as more people, frankly, should), an iPhone will never be a sufficiently private device. For this reason, the best advice I’ve heard when it comes to phones is this - cut your reliance on them. Use fewer apps, use the whole thing less, and perhaps most importantly, be willing to leave it at home.
I can’t well claim perfect practice myself, but that’s the ideal, anyway. If, for instance, you usually keep your phone with you, but leave it at home for a protest, the abandonment of your phone could itself be a data point. As with everything, just be aware, and don’t assume your privacy level is higher than it really is.