Disclaimer: I have neither been nor will be paid by any third party for referral in this article.
In the following I’m giving an in-depth description of my proposed process for improving an iPhone’s privacy protections. You can find a summary of the necessary steps at the bottom of the page.
Privacy is arguably my biggest concern whenever I decide whether and how to use technology. I ended up with an iPhone not because I trust Apple’s privacy pledges more than those of its rivals, but simply because I believe its business model compels it to treat me as a customer first and data-mining resource second, instead of the other way round. (Obviously this is just my personal view, so feel free to disagree in the comments.)
Each new iteration of the iPhone’s operating system iOS usually gives me more reasons to think Apple’s business incentives are working in my favour: For example, from early 2021 it will be mandatory in iOS 14 for apps to ask for permission if they want to engage in cross-party tracking. This led Facebook to announce it will remove this kind of tracking from its iOS apps altogether and “it may not make sense” to keep providing it to other iOS developers. There are a number of other examples, some of which we’ll get into below.
However, just like any cellphone an iPhone is a tracking device by design, and as such it’s always going to compromise your privacy more or less severely, depending on the precautions you take. So let’s look at some ways to easily improve your iPhone’s privacy protections in iOS 14. These are based on my own experience as a regular user who wants to stay as anonymous as possible without significant performance and usability drawbacks — whether you follow all, some or none of my recommendations is completely up to you.
Throwing Out the Bad App(le)s
For my first recommendation there’s no need to get into your iPhone’s settings yet. Because let’s be clear: Privacy tweaks won’t do much to protect you from apps that don’t respect your privacy. The only way to be sure such apps aren’t tracking you is to not have them on your phone. Unfortunately, apps that violate your privacy are also designed to do so outside your awareness. So how can you separate the bad apples from the good ones?
Get Rid of Unused Apps
For starters, you should assume there are no good apples. Any app could potentially be extracting private information against your will, so your best bet is to remove all non-essential ones. Whether you regard an app as non-essential is subjective, of course, but as a rule of thumb, if you use it occasionally at best you probably don’t need it.
Screen Remaining Apps
Once you’ve thrown out the first bunch, go back to the remaining apps and look at their publishers: Are they corporate, governmental or non-profit? Do they make money with the apps and how? Also check the apps’ privacy policies and ‘privacy labels’ (available from late 2020) in the App Store to see how they utilise your personal information. If, for instance, an app is released by a private corporation, doesn’t involve any obvious monetary exchange and accesses information seemingly unrelated to its purpose, I strongly recommend you remove it. It goes without saying this applies to the vast majority of free apps.
Remember, if it’s free, probably you’re the product — or rather, as shown in Shoshana Zuboff’s The Age of Surveillance Capitalism, the source of raw material: behavioural data that’s used to predict and modify your online and real-world behaviour to the benefit of whoever pays the bill. Lots of apps are nothing more than camouflaged ‘digital excavators’ scraping this raw material from whatever you’re doing in them, whether it’s checking the weather or catching Pokémon.
Use Mobile Websites Instead of Apps
After sifting through your apps, in all likelihood you’re still left with some you want to keep using despite their tracking capabilities because you depend on them in your daily life. While I suggest reconsidering, for example, whether social media really benefits you more than it benefits from you, I recognise renouncing certain platforms completely would mean passing up too many private and professional opportunities for most of us. Thankfully, there is a way to use such platforms much in the same way you would use their apps without actually installing them on your iPhone.
To do this, simply access the platforms through your browser. Their mobile websites usually offer the same functions as the apps (some of them are even web apps that remove the browser interface), but instead of granting them permanent access to information on your iPhone you’re only exposing yourself to their publishers’ surveillance for as long as you’re on them. To get even closer to the app experience you can use e-mail notifications and, in Safari, add an app-style icon to your home screen by selecting “Add to Home Screen” in the share menu. (This is also useful for services without dedicated apps such as the DeepL Translator.)
I should note there has been some controversy on the privacy implications of substituting apps with websites. For example, a 2016 study comparing the “leakiness” of the apps and websites of 50 free online services found that “in 40 percent of cases websites leak more types of information than apps.” In any case, I personally feel more comfortable exercising a higher level of control over how often this leaking occurs. You can decide for yourself whether you want to follow my logic.
Getting the Good Stuff
Now that you’ve cleaned up your app library, let’s move on to the good stuff: apps that protect your privacy as well as privacy-respecting alternatives to commonly used software. I encourage you to use these apps based on my own preferences as well as recommendations by PrivacyTools and mobilsicher.de (German-only website), but I invite you to do your own research as well. Please note this isn’t an exhaustive list but an exemplary selection of essential apps any iPhone owner should find useful.
- Firewall: Lockdown is the only on-device, open-source firewall for iOS as well as a content blocker for Safari. It prevents apps and websites from making all kinds of unwanted external connections for tracking and other purposes. All of the processing is done on the iPhone instead of an external server. Lockdown is developed by former Apple engineers and relies on subscriptions to its optional VPN service for monetisation.
- Password manager: Bitwarden is an open-source password manager. It makes money off premium subscriptions for advanced users.
- Browser: Firefox and Firefox Focus (Klar by Firefox in Germany) are open-source web browsers developed with a strong emphasis on privacy by the Mozilla Corporation, which is fully owned by the non-profit Mozilla Foundation. While Firefox offers a full-fledged browser interface, Firefox Focus / Klar by Firefox is a stripped-down version double-acting as a content blocker for Safari. I recommend using it for this feature alone as you’ll probably still end up using Safari occasionally with Firefox as your main browser. Mozilla is funded by donations and royalties.
- E-Mail: ProtonMail is an e-mail service based in Switzerland. According to ProtonMail, all user e-mails and data stored on its servers are zero-access-encrypted, so not even the company can mess with them. E-mails between ProtonMail addresses are automatically end-to-end-encrypted while e-mails to non-ProtonMail addresses can be encrypted manually. Additional features can be unlocked via a premium subscription which is used to monetise the service.
- Maps: Apple Maps, in my opinion, is a reasonable choice for those who want to use a more privacy-respecting maps app without sacrificing too much usability. Apple claims the app doesn’t share any personally identifiable information, and while it’s still lacking in some areas it’s being improved continually with new features such as the cycling and electric vehicle routing options introduced with iOS 14. The app is offered for free (and ad-free) to drive Apple device sales.
- Messenger: Signal is an open-source messenger developed by the non-profit Signal Foundation (and endorsed by Edward Snowden). Both direct messages and group chats are end-to-end-encrypted by default. The Signal Foundation is funded by donations.
Building From Baseline
If you’ve taken my previous recommendations to heart, your iPhone should now contain a relatively small and privacy-friendly base of apps on which to build in the next step: adjusting your actual privacy-related settings. Open the Settings app to get started.
Content & Privacy Restrictions
Go to Screen Time > Content & Privacy Restrictions. Toggle on the main switch, then do the following.
- Allowed Apps: In this section, deactivate all Apple apps you don’t use.
- Advertising: Set this to “Don’t allow” to deny all apps access to Apple’s advertising platform.
Back on the Settings start screen, tap on “General”. There are three settings here that you should check.
- AirDrop: Set this to “Receiving off” or “Contacts only” to avoid your iPhone being visible to any Apple device in the vicinity.
- Background App Refresh: Leave Background App Refresh on but disable it for all apps that don’t need to run continuously in the background. (For orientation, I’ve left it on only for my Corona contact tracing and emergency warning apps as well as Lockdown.) Turning off Background App Refresh won’t affect apps’ ability to send you real-time notifications.
- VPN: If you use a firewall like Lockdown or a VPN, its configuration needs to be selected and active. Also tap on the small ‘i’ next to the configuration and make sure Connect On Demand is toggled on. (The Lockdown firewall isn’t a VPN but uses the iPhone’s VPN ‘slot’. You can only use it in combination with a VPN if you pay for Lockdown’s own VPN feature.)
Now on to the obvious part: your privacy settings. Go to Settings > Privacy to make the following adjustments.
- Location Services: Here you’ll see a list of all apps with the ability to access your location. For each entry, ask yourself whether the app detecting (and likely sharing) your location and movements is required for you to enjoy its essential features. If yes: Choose “While Using the App”. (iOS 14 also added the option to only let apps access your approximate instead of your exact location by toggling off “Precise Location”. This is enough, for example, to let camera apps geotag your photos or weather apps provide forecasts for your current region.) If no or you aren’t sure: Choose “Never”. (You’ll still be asked for location access in case you use the app in a way that requires it, so the “Ask Next Time” setting is redundant.) At the bottom of the list, tap on “System Services”. Without going into detail, you can safely toggle everything off here except Compass Calibration, Emergency Calls & SOS, Find My iPhone, Setting Time Zone, and Share My Location. Turn on the Status Bar Icon if you want your iPhone to indicate if one of the services is accessing your location.
- Tracking: Next up in your Privacy settings is the Tracking section. As mentioned earlier, from early 2021 any app that wants to track you across other apps and websites will have to show a pop-up asking for your permission to do so. (Needless to say you should never give that permission if you care about your privacy.) You can block these tracking requests altogether by toggling off “Allow Apps to Request to Track”. I recommend keeping it on, though, as it can help you identify apps that are designed to monitor your behaviour — can help, because: (1) You’ll only receive requests for tracking outside of the app in question. You may still be tracked inside of it without a separate request. (2) For this very reason, iOS developers are removing cross-party tracking from their apps (good) in what can only be a strategic ploy to keep their in-app surveillance outside of users’ awareness (not so good). Ergo, don’t let Apple’s new tracking policy give you a false sense of security, and keep choosing your apps wisely. For those you do choose, you can prevent some of the in-app tracking with Lockdown.
- Access permissions: The next couple of entries in your Privacy settings are apps’ permissions to access some of your iPhone’s hardware and software features. Again, ask yourself which apps depend on these features for you to use them in the way you want. Turn off access for all apps that don’t need it or whenever you aren’t sure. In the case of the Photos permissions, iOS 14 introduced a very useful option to give apps access to individual photos only. To do this, set them to “Selected Photos”. Once you’re asked to pick the photos, I recommend you don’t select any. You can then unblock photos individually whenever you want to use them in an app.
- Analytics & Improvements: Switch everything off here as long as you want to share as little information as possible with Apple.
- Apple Advertising: If you don’t want to receive personalised ads from Apple, make sure they’re turned off here.
App and Website Settings
This bit’s going to take some time. Go back to the Settings start screen and scroll down until you see a list of Apple and third-party apps. There’s no way I can discuss each and every possibility here, so I’ll just leave you with the task of opening each entry to check all privacy-related settings. Do the same inside the apps themselves as well as all of your user accounts on websites. To give you some consolation, you’ll only have to do this once for such a large number of applications as your settings will be saved even when you switch to a new iPhone.
Keeping Your Guard Up
Congratulations, you’re probably running a more privacy-oriented setup than most iPhone users now! However, this is just one side of the coin — the other is making sure your privacy stays protected as you use your iPhone day-to-day. Here are some basics you should keep in mind at all times.
Use Privacy-Friendly Search Engines
To avoid profiling and filter bubbles based on your web searches, you should choose a privacy-friendly search engine as your browser’s standard one. (For Safari, you can do this in Settings > Safari, for Firefox and Firefox Focus / Klar by Firefox, in the in-app settings.) I personally use DuckDuckGo as my main search engine and Startpage.com, which displays Google search results, in the rare case I can’t find what I’m looking for.
Few people know what they really ‘agree’ to when they click or tap on the “Accept all” buttons that make those annoying pop-ups on websites go away. Most of the time, it’s what Nick Couldry describes as “data colonialism”: the aggressive taking, inference, commodification and uncontrolled sharing of highly sensitive personal information, most of which isn’t required to improve the service for users but to make them more susceptible to external influence.
This information is so valuable that most websites break EU law to obtain it by means of intransparent cookie forms that make it very easy for users to ‘consent’ and very hard to refuse. Don’t let this deter you from exercising your right to privacy: Take the time to find the option to reject all non-essential cookies on any given website (it’s usually hidden in a submenu), and if you can’t figure it out, leave the site.
Keep an Eye on Your Privacy Settings
If you’ve followed my advice so far, you’ve adjusted the privacy-related settings for all your existing apps and website accounts. Keep in mind to do the same whenever you start using a new service. For apps, relevant settings may be located both in Settings and the apps themselves.
Don’t Log in to Apps and Websites
Whenever possible, I recommend using apps and websites without creating a user account and/or logging in. Logging in makes you easier to profile as you’re actively identifying yourself as the same user across different sessions. Always ask yourself if this is the price you’re willing to pay for the benefits of using an account such as pre-filled forms and more personalisation (a. k. a. manipulation).
Cover Your Front Camera
Pointing a camera at your face that both Apple and third parties can access is obviously a huge privacy risk — and an unnecessary one, too, considering you aren’t even using the camera most of the time. To make sure your face is only recorded when you want it recorded, I strongly recommend you use a webcam cover. You can go a step further and also cover the rear camera, though in my experience it’s hard to find a workable solution for this.
Watch the Camera and Microphone Activity Indicator
iOS 14 introduced an indicator that lets you know if an app is using your camera and/or microphone. Look out for a coloured dot on the right side of the status bar — a green dot indicates camera activity (the microphone may be active at the same time), an orange dot signals an ongoing audio recording. If you ever see the indicator even though you aren’t using the camera or microphone, it means an app is recording your face, voice or surroundings without your knowledge.
Unfortunately, the indicator can be quite easy to miss, especially on the standard grey background. You can alleviate this by changing to the Dark theme in Settings > Display & Brightness, which gives you a black background from which the indicator stands out better.
Seeing Through the One-Way Mirror
That’s it! With these recommendations you‘ll enjoy significantly improved privacy on your iPhone. Let me emphasise, though, that this won’t suddenly turn your phone into something that improves your privacy. As long as organisations aren’t prohibited from using our devices as the one-way mirror of surveillance, they’ll keep doing it. Until then, let’s make sure they can’t see too much.
Summing It Up
App Library Clean-Up
- Delete unused apps.
- Screen the remaining apps against privacy criteria.
- Use websites instead of privacy-compromising apps.
Privacy-Protecting and Privacy-Respecting App Installation
- Use privacy-protecting apps such as Lockdown and Bitwarden.
- Use privacy-respecting apps such as Firefox, Firefox Focus / Klar by Firefox, ProtonMail, Apple Maps, and Signal.
- Settings > Screen Time > Content & Privacy Restrictions: Toggle on the main switch.
- Settings > Screen Time > Content & Privacy Restrictions > Allowed Apps: Deactivate all Apple apps you don’t use.
- Settings > Screen Time > Content & Privacy Restrictions > Advertising: Set this to “Don’t allow”.
- Settings > General > AirDrop: Set this to “Receiving off” or “Contacts only”.
- Settings > General > Background App Refresh: Turn this off for all apps that don’t need to run continuously in the background. (Real-time notifications won’t be affected.)
- Settings > General > VPN: Make sure your VPN configuration (if applicable) is active and set to “Connect On Demand”.
- Settings > Privacy > Location Services: Choose “While Using the App” (with or without toggling off “Precise Location”) or “Never” for each app depending on the required level of location tracking.
- Settings > Privacy > Location Services > System Services: Toggle everything off except Compass Calibration, Emergency Calls & SOS, Find My iPhone, Setting Time Zone, and Share My Location. Turn on the Status Bar Icon if needed.
- Settings > Privacy > Tracking: Toggle on “Allow Apps to Request to Track”.
- Settings > Privacy: Turn off apps’ unneeded access to hardware and software features. Choose “Selected Photos” for apps that require photo access.
- Settings > Privacy > Analytics & Improvements: Switch everything off.
- Settings > Privacy > Apple Advertising: Turn this off.
- Settings: Check all privacy-related settings for Apple and third-party apps.
- Check all privacy-related settings inside apps and user accounts on websites.
Connect with Thomas on LinkedIn