In “Privacy and security for your iPhone” you will find a collection of iPhone settings and apps that protect you and your data. Important new features of iOS16 are included. You should have read the BaseCamp article “Safe handling of cell phones” thoroughly beforehand.

Have fun working through it. I look forward to your questions and suggestions.

(1) Install a password manager

I recommend “Bitwarden” as your password manager. You can currently install it via Apple Store. Reasons for the recommendation and an alternative can be found in the CloudPirat Privacy Toolbox.

(2) Secure your Apple ID

Use a really secure password or password phrase for your AppleID. Bitwarden can do the job for you. Also write down the new password on a separate, empty tab.

Settings -> AppleID / Password & Security / Password or Change Password

Activate the “two-factor authentication”. In case of logins or unusual changes, Apple will ask for security on an alternative, trusted device or channel.

Settings -> AppleID / Password & Security / Two-Factor Authentication

Turn on “Two-Factor Authentication”

(3) Configure Face ID and Passcode

Set a secure passcode

Settings -> Face ID & Code / Enable Code
Enter a 6-digit randomly generated numeric code. Bitwarden can generate the code for you. Write down the code in Bitwarden and on another separate blank tab.

Alternatively, you can choose an even more secure alphanumeric code via Code Options.

Do not use your FaceID or fingerprint to unlock your phone

Settings -> Face ID & Passcode / USE FACE ID FOOR

Turn off “Unlock iPhone”

This means to log in you have to enter the passcode. Other apps and services are welcome to use FaceID after logging in via passcode.

Restrict notifications in locked state

When your iPhone is locked, no messages or call notifications should pop up on the lock screen. Only when unlocked should notifications of any kind be visible.

Settings -> Face ID & Passcode / ALLOW ACCESS WHEN LOCKED

Turn off all displayed functions.

Erase iPhone after 10 failed login attempts.

If the iPhone falls into strange hands, all data will be deleted after 10 failed login attempts.

Settings -> Face ID & Passcode / Erase data

Turn on “Erase data”

(4) Use apps that are your friends

From the CloudPirat Privacy Toolbox, I recommend the following apps or providers for your iPhone. The apps are almost all open source, the providers are trustworthy and work without tracking you.

Password Manager – As I said, it is very important that you create an individual password or password phrase for all your passwords and accounts. For this I recommend Bitwarden. With Bitwarden you can synchronize all your accounts and passwords with other devices.

VPN – Install Mullvad. It protects you from advertisements and trackers, malware. Configure Mullvad so that it is always active. Read also my article about VPN’s in everyday life.

Internet Browser – I recommend Brave as your default browser. Settings and bookmarks can be encrypted and synchronized with Brave browsers on other devices.

Search Engine – Use Brave-Search as default.

Messenger – Use Signal as messenger

Video conferencingJitsi-Meet or just Signal

Navigation – Looking for a navigation app that doesn’t store your locations for eternity? For that I recommend OSMandMaps. The app also lets you download maps to your iPhone for offline use.

Email – the default email app on the iPhone offers some email privacy. What you need is a trusted email service provider. I recommend from Berlin. There you can set up email, contacts and calendar and synchronize them with all your (mobile) devices.

Newsfeed – Instead of saving a web link from each news channel or even installing an extra app, you could install an RSS reader. The reader collects news from “your” agencies for you and you get a quick overview of what’s going on. For iPhone, Mac and iPad I recommend NetNewsWire (free and open source).

(5) Siri and the Search Settings

Siri is much more than just a harmless voice assistant. It is part of Apple’s personalization system. An AI-powered system which tracks how we use our iPhone. Siri’s suggestions are based on what she knows about us. Siri can also, for example, search your private notebook or dig around in your password manager. Because she wants to learn something about us :wink:. And this knowledge is then most likely on a server in California.

Disable general settings

Settings -> Siri and Search

Turn off all switches

Disable Siri settings per single app

Settings -> Siri and Search / [for each app].

Turn off all switches

(6) Configure Notifications

In the iPhone concept, our apps can send us notifications. This is useful if you’ve had missed calls or want a summary of the day’s news.

However, it is important for your privacy that these messages from apps always remain hidden behind the lock screen and are not visible to the other person. For example, if the phone is lying on the table or even falls into someone else’s hands.

(1) First of all you have to forbid for all messages that the preview of a message (e.g. a phone call) appears when the iPhone is locked.

Settings -> Notifications

Set “Show Previews” to “When unlocked” or “Never”

(2) Now, unfortunately, you have to set your notification settings again for each individual app. Here’s an example for the Signal messenger app:

Settings -> Notifications / Signal

Turn “Allow Notification” on

Turn “Time Sensitive Notifications” on

Under Alerts turn “Lock Screen” off

(7) Turn on Privacy Protection for Email

A feature that protects you from email tracking. Your IP address will be anonymized and remote content (like images or documents) will be loaded safely in the background.

Settings -> Mail / Privacy Protection

Turn on “Protect mail Activity”

(8) Privacy and Security / Some Background

This area has been expanded in the recent iOS updates. News in iOS 15 & 16 are for example the App Privacy Report and the Lockdown Mode.

These improvements are possibly a result of the NSO affair. With the Pegasus spy software, the Israeli company NSO exploited a vulnerability in the iOS message log that allowed iPhones to be infected with a message and their users thus fully monitored. NSO sold this cyber weapon to governments and intelligence agencies worldwide. (Source: TheCitizenLab)

Since 2016, it has been used to wiretap journalists, dissidents and government critics worldwide. Apple first closed this vulnerability in 2021. This type of surveillance also led to the 2018 murder of Jemal Khashoggi by the Saudi Arabian government.

How can you keep tabs on your apps?

Every time you install an app, it asks for permission to access hardware and system services like the microphone, your location, the camera, and more. Since you’ve definitely given too many permissions over time, it’s extremely important to keep an eye on this and reset it every now and then.

(9) Privacy and Security / Location Services

Your location is an important part of your privacy. In my opinion, only the very least apps are allowed to access it. And that should only be the case while you are using the app (e.g. for navigation). The same is true of course for other sensors like something like your microphone, camera or motion sensors.

Before we continue in the topic, however, let’s take a quick look at Apple’s privacy policy on location tracking.

If Location Services is on, your device will periodically send the geo-tagged locations of nearby Wi-Fi hotspots and cell towers to Apple to augment Apple’s crowd-sourced database of Wi-Fi hotspot and cell tower locations. If you’re traveling (for example, in a car) and Location Services is on, a GPS-enabled iOS device will also periodically send GPS locations, travel speed, and barometric pressure information to Apple to be used for building up Apple’s crowd-sourced road-traffic and indoor pressure databases. The crowd-sourced location data gathered by Apple is stored with encryption and doesn’t personally identify you. Source: Apple Privacy Policy (Crowd-sourced Wi-Fi and cellular Location Services)

This means that no matter how much you restrict your apps from accessing location, your iPhone will still give away your location to Apple. Anytime you have location services turned on.

That’s why I recommend you turn location services on only temporarily. You turn them on when you need your location for navigation. After that, you have to turn them off again. OK. Here we go.

Turn on location services and configure your apps

Settings -> Privacy and Security / Location Services

Turn on “Location Services”

Now go through the list of apps that like to access your location. Give apps you use for navigation the right to access your location “When using the app”. All others you set to “Never”.

For system services, I recommend turning off all options including “Find My iPhone” and “Share My Location”.

An example for your app settings using the Apple Navi app “Maps”:

Settings -> Privacy and Security / Location Services / Maps.

Set “Allow Location Access” to “While using the app”.

Now turn off location Services again

Settings -> Privacy and Security / Location Services

Turn off “Location Services”

Confused? What was the point?

If you want to turn on location services for navigation from time to time, you have already configured all your apps for this case. Apple remembers the app settings.

However, since you have disabled location services most of the time, the iPhone will not share your location with Apple during this time.

(10) Privacy and Security / Find My iPhone

This feature allows you to locate, lock or wipe a lost iPhone. If “Find My iPhone” is activated, your iPhone cannot be deleted or reactivated by third parties. It is therefore worthless to thieves if the “Find My” network option is enabled, iPhone can be located even if it is offline or in power saving mode. If your iPhone’s battery is almost empty, it will send its last location to Apple via “Last Location.” You can try this via Apples Find-My Website.

Settings -> Privacy and Security / Location services / Share location

What to do? Should you have your iPhone tracked, or would you rather not share your location?

Apple says they have implemented this functionality as securely as possible and only have anonymized data themselves. Unfortunately, there’s no way to verify that. But you can ask yourself the following questions:

Does the feature help you find a misplaced or lost device? Sure, it does.

Does the function help you to get back a “professionally” stolen device? Surely not.

Is the ability to remotely wipe your data important to you? No. Because you have set the iPhone to erase itself after 10 unsuccessful passcode entries.

Still questions ?😉

In case you want to use your “Find My iPhone” anyway:

If you have enabled the “Find My iPhone” , “Share My Location” and “Last Location” options and then completely disabled Location Services as described, the moment you enable “Lost Mode” (device loss) in iPhone Search, the location disabling will be removed.

(11) Privacy and Security / Tracking

Settings -> Privacy and Security / Tracking

Turn “Allow apps to request tracking” to off

(12) Privacy and security / Additional access rights

After correcting Location Services and Tracking there are 17 more settings in the Privacy & Security section. I cover here only the four most important setting.

Settings -> Privacy & Security / Contacts
Settings -> Privacy and Security / Photos
Settings -> Privacy and Security / Microphone
Settings -> Privacy and Security / Camera

Behind each item you will find a list of apps that want to have access to – e.g. your contacts. Now you have to decide which app should really have access to your contacts. Be sparing with distributing these rights. If you don’t understand something, it’s better to deny an app access to e.g. your contacts.

All other items in the list I would not share with any app for now.

(13) Privacy and Security / Safety Check

Emergency Reset

With the emergency reset, you can remove all access rights from all apps and people in one fell swoop. A kind of panic button if you have the feeling that something incomprehensible is going on.

Settings -> Privacy and Security / Safety Check / Emergency Reset

Manage Sharing and Access

With iOS16, Apple has added the Safety Check under Privacy. Have you not thought about sharing with others or about access rights for apps? Then you can start here.

Settings -> Privacy and Security / Safety Check / Manage Sharing and Access

(14) Privacy and security / Turn off Analytics and Improvements

Behind this item are 5 settings that you can safely turn off all.

Settings -> Privacy and security / Analytics and Improvement

(15) Privacy and security / Turn off Apple Advertising

Here you can disable personalized advertising

Settings -> Privacy and security / Apple advertising

(16) Privacy and Security / Turn on App Privacy Report

In the app privacy report, app accesses to data or sensors are recorded. You can also see which apps contact which servers or domains. For visited websites you can see very well what network activity your visit triggers.

Settings -> Privacy and Security / App Privacy Report

(17) Privacy and Security / Lockdown Mode

Since iOS16, Apple has introduced a Lockdown Mode to the iPhone. To quote Apple:

Blocking mode is an extreme, optional protection measure that should be applied if you suspect you’ve been hit by a sophisticated cyber attack.

What happens if you activated the Lockdown Mode?

Apps, websites and functions of the iPhone are severely restricted. However, telephony and short messages will continue to work.

Warning: If you enable Lockdown Mode, websites or web ads can easily detect that you have enabled this mode for your protection. Read this short Motherboard article.

Settings -> Privacy and Security / Lockdown Mode

Sources, tips and links for further reading