the iphone privacy & security bible

16 Apr, 2025

this post is a very deep dive into protecting yourself in both the privacy and security department of your iphone.

i will be describing techniques to protect your iphone from thieves, minimise telemetry and tracking, protect your data in the cloud, and harden your iphone's security in case it's taken by law enforcement or something like that.

1: automatically lock your phone if it's snatched by thieves

we've all heard the horror stories of iphones being snatched out of your hand, and one of the biggest worries is what's on your phone. if your phone was unlocked when it's snatched out of your hand, and they run off with it, you want your data to be safe.

let's use iOS shortcuts to automatically lock your iphone if it's snatched out of your hand by thieves.
please note that this will only work if you have an Apple Watch

1. open the Shortcuts app
2. go to the Automation tab and create a new automation
3. select Bluetooth
4. choose your Apple Watch as the device, uncheck "Is Connected" then check "Is Disconnected" then select Run Immediately
5. add these Shortcut actions 👇
6. tap done

what will this do?

when your iphone is snatched out of your hand, and the thief runs off or speeds away on their motorcycle, your iphone will disconnect from your Apple Watch. when this happens, this shortcut automation will lock your screen automatically AND turn on airplane mode, wifi, bluetooth, cellular, etc, to keep your iphone online and connected to Find My

will this annoy me?

its very rare for your iphone to disconnect from your apple watch, so this automation won't trigger randomly and get on your nerves.

what if i don't have an apple watch?

you can also do this with AirPods, just follow the steps above but select your AirPods instead. but for it to work, you will need to have your airpods in your ears at the time your phone is snatched. i would say that's only worth it if you're always listening to music on your AirPods when you're out and about.

2: turn on Stolen Device Protection

many people may have this switched on already, but some people don't. Stolen Device Protection is a feature that prevents thieves with access to your unlocked phone (and knowing your passcode) from changing your Apple ID password and locking you out permanently. it was added by apple back in iOS 17.3 after a viral video was posted by Wall Street Journal exposing the flaws of iPhones security.

1. open Settings
2. go to Privacy & Security, scroll all the way to the bottom
3. tap Stolen Device Protection, and turn it on
4. done!

3: disallow access to Control Center when iPhone is locked

if a thief has your phone, the first thing they will try to do is turn on airplane mode. this means you will not be able to locate your device via Find My or remotely erase or mark the device as lost. the simple solution is to deny access to Control Center when your iPhone is locked.

1. open Settings
2. tap Face ID & Passcode (or Touch ID & Passcode)
3. scroll down to the Allow Access When Locked section and disable Control Center

won't this be annoying?

no, your iphone unlocks pretty much immediately when you look at it so it won't stop you from getting into Control Center

can't thieves just ask Siri to turn on Airplane Mode?

good question. if you turn off ”Control Center” when locked as I described above, it will actually make it so that Siri can't change connectivity settings without unlocking your device first.

oh and also...

whilst your here, turn off access to everything except ”Siri”, “Live Activities”, and ”Lock Screen Widgets” whilst your device is locked.

4: turn on iCloud Advanced Data Protection

with the recent news about the UK trying to force apple to implement a backdoor into iCloud (and Apple standing up against them 🥇) now has never been a better time to turn on Advanced Data Protection (ADP) for your iCloud account.

ADP protects all your important data in iCloud with end-to-end encryption, meaning no one, not even Apple or law enforcement can access YOUR DATA even if they wanted to. if apple receives a subpoena for your icloud account, they could not hand over any of YOUR files, photos, messages, or device backups if you had ADP enabled.

1. go to Settings
2. tap your name at the top, then tap iCloud
3. scroll to the bottom and tap Advanced Data Protection
4. tap Turn On Advanced Data Protection and follow the steps to enable it

you will need to setup a recovery key or recovery contacts before setting up ADP.

5: turn on Send Last Location in Find My settings

for whatever reason this is disabled by default. just turn it on. it will make sure your iPhone's find my location is updated when your battery runs low.

1. open settings
2. tap your name at the top, then tap Find My
3. tap Find My iPhone
4. turn on Send Last Location

6: use rotating MAC addresses

in iOS 18, apple introduced a rotating option to private wi-fi address. this means that every 2 weeks, iOS will rotate your MAC address. enabling this feature will mean that a network you join will recognise your iphone as a completely new device every 2 weeks, preventing them from creating persistent profiles about you.

by default, your MAC address is Fixed but it should be changed to Rotating instead.

1. open settings
2. tap Wi-Fi
3. tap the little (i) icon next to your current network
4. tap Private Wi-Fi Address then select Rotating

this will need to be done individually for each wifi network you join in future. don't forget 😉

7: use NextDNS to block ads and trackers in ALL apps, and prevent your ISP from spying on which websites you visit.

NextDNS is a dns provider that lets you block trackers, telemetry and ads system-wide. this means in all apps, like mobile games and Apple News, ads will be blocked. it also blocks Apple telemetry that you cannot disable in settings. finally, NextDNS provides encrypted dns, meaning your ISP will not be able to spy on the hostnames of the websites you visit.

1. create a NextDNS account
2. go to the Privacy tab
3. under the blocklist section, tap "Add a Blocklist"
4. add the following: OISD, AdGuard DNS filter, EasyList, HaGeZi - Multi PRO++
5. still on the Privacy tab, scroll down to Native Tracking Protection
6. tap Add and select Apple
7. go to the Setup tab, scroll down to Setup Guide
8. tap this link
9. tap Download, open Settings, tap ”Profile Downloaded” then install the profile.
10. done!

8: disable apple personalized ads and analytics

although Apple does collect analytics in a privacy respecting way, i would much rather that it doesn't happen at all.

1. open settings, scroll down to Privacy & Security
2. scroll down and tap Analytics & Improvements
3. make sure everything is disabled
4. go back, then select Apple Advertising, disable Personalized Ads

9: disable hard-to-find location analytics

there are some hidden location-based analytics settings that are enabled by default, and they are kinda hidden as well...

1. open settings, scroll down to Privacy & Security
2. tap Location Services
3. scroll all the way down then tap System Services
4. scroll down again, then make sure these toggles are disabled

10: don't help apple “Improve Search”

for whatever reason, this is not in the analytics section in privacy & security, but oh well. go to Settings, tap Search, then disable Help Apple Improve Search

what happens if I leave it on?

Apple will store the searches you enter into Safari, Siri, and Spotlight (although it wouldn't be linked to you).

11: erase iPhone data after 10 failed passcode attempts

this ones easy. in settings, go to Face ID & Passcode (or Touch ID & Passcode) then turn on Erase Data (scroll to the bottom).

12: use Hide My Email for online Apple Pay payments

in settings, go to Wallet & Apple Pay. scroll down to the transaction defaults section, tap Email, then select Hide My Email.

i believe an iCloud+ subscription may be required for this as well.

13: disable safari “privacy preserving ad measurement”

in iOS 14.5, apple added a feature in safari called ”Privacy Preserving Ad Measurement" which sounds like a feature you would want to turn on... right?

actually, this option is opting you into analytics collection. it may be somewhat ”privacy-preserving,“ but i want to turn it off completely because i want no analytics at all.

per apple: ”Let advertisers measure how they’re doing without associating ad activity with you.”

no thanks!

1. go to settings
2. scroll down to Apps
3. tap Safari
4. scroll to the bottom and tap Advanced
5. turn off Privacy Preserving Ad Measurement

14: enable advanced protection in all safari browsing

1. go to settings
2. scroll down to Apps
3. tap Safari
4. scroll to the bottom and tap Advanced
5. tap Advanced Tracking and Fingerprinting Protection
6. set this to ”All Browsing”

im not totally sure what this advanced protection is, but it's only enabled in Private browsing mode. now, following these steps, these protections will cover you in normal browsing too.

15: if you use iOS 18's hidden apps feature, require face id to open the App Store

when you hide an app on your phone, you want to conceal the fact that it's installed. for most people, simply hiding the app is a great solution for this. but for people who are persistent and really want to find out if a certain app is on your phone, there is a way for them to do that.

all they have to do is open the App Store, search for the app they're looking for, and if it says “Open” then they know it's installed on your phone.

this is a hidden app, but in the app store it says ”Open” so people can find out it's installed.

let's fix this. tap and hold on the app store on your home screen then tap ”Require Face ID“, and your done!

16: use a broader IP address location for Private Relay

you will need iCloud+ for this.

1. go to Settings
2. tap your name at the top, then tap iCloud
3. scroll down to the iCloud+ features section
4. tap Private Relay, turn it on
5. then tap IP Address Location, set it to Use country and time zone

17: disable app tracking and don't allow apps to request to track

1. go to Settings
2. tap Privacy & Security
3. tap Tracking
4. turn off "Allow Apps to Request to Track”
5. if you see any apps listed that are toggled on, toggle them off.

18: set FaceTime as your default voice calling app

hear me out. when you make phone calls via the phone app, it uses your cellular network's phone infrastructure to make the phone call. this means that your phone provider keeps track of who you make phone calls to (and in a lot of countries, it's required that they keep these logs), and if they want, they could tap in and listen!

if you set FaceTime as your default voice calling app, calls that you make to other iPhone users will be end-to-end encrypted, and your evil cellular provider cannot keep those logs (because it's being made via FaceTime).

but won't this mean that it makes a Video call when i call someone?

No! It will use “FaceTime Voice“ which works exactly like a normal phone call, but it's just via Apple's FaceTime servers instead, completely end-to-end encrypted.

ok lets do it!

1. go to Settings
2. scroll down to Apps
3. tap Default Apps
4. tap Calling, then select FaceTime
5. done!

but wait!

encourage your friends and family to do the same thing. make sure you explain that setting FaceTime as the default will NOT mean that all calls suddenly become video calls, it just makes calls more secure. if your friends and family call you, it will still use cellular phone calls (because they initiated the call) so they will need to set FaceTime as the default as well.

19: stop using SIM, try to get an eSIM instead

if your phone is stolen, some thieves will also remove your SIM card, meaning your phone cannot connect to the internet and update its location via Find My. this is why you should be using eSIM if possible. if your cellular provider supports it, request an eSIM and use that instead.

there is also another huge security issue with using SIM cards, read below.

20: ...if you must use SIM, turn on SIM PIN

if you have to use SIM, you simply MUST turn on SIM PIN so that people can't take your SIM card out and use it in their own phones. if they do this, they can hijack your phone number just by putting your SIM card into a different phone. if you turn on SIM PIN, they cannot do this (unless they know your PIN).

1. If you have an iPhone with a single SIM card or eSIM, go to Settings > Mobile Service > SIM PIN. If you have an iPhone with Dual SIM or Dual eSIM, go to Settings > Mobile Service > tap the number you want to modify > SIM PIN. If you have an iPad, go to Settings > Mobile Service > SIM PIN.
2. Turn on your SIM PIN.
3. If asked, enter your SIM PIN. If you’ve never used one, enter the default SIM PIN from your network provider. If you don’t know what the default SIM PIN is, don’t try to guess it. Check your network provider’s customer service page or the documents that came with your wireless plan.
4. Or you can contact your network provider.
5. Tap Done.

per apple support.

21: install consent-o-matic extension to decline advertising cookies automatically

ever seen those annoying cookie prompts? yeah, they appear on nearly every website. fortunately, there's an app called Consent-O-Matic on the App Store that automatically zaps them away! you never have to worry about the cookie prompts again, and it handles declining the tracking and analytics cookies whilst allowing functional cookies as well.

just install the app, enable the extension, and you're ready to go.

22: stop using iCloud mail

switch to Proton Mail instead. iCloud mail is great, but it's not privacy friendly. the messages are not stored with a zero-access encryption system, whilst Proton does. Proton also uses end-to-end encryption when sending mail to other supported mail providers and with other Proton users.

thanks

that's all I have for now. I might update this later with more tips.