iPhone privacy settings: what you can improve today
You have an iPhone and want to improve your privacy without switching phones. These are the concrete settings that make the most difference — in order of impact.
iPhone privacy settings
You don’t have to switch phones to take your data seriously. iOS has more privacy options than most people use — but they’re not set correctly by default.
This is not a theoretical guide. These are concrete settings, in order of impact.
1. Disable app tracking
Settings → Privacy & Security → Tracking
Turn off “Allow Apps to Request to Track.” Apps can no longer ask to track you across other apps and websites.
This is the setting that advertising networks use to build your profile across multiple apps. Turning it off costs nothing, gives up nothing.
2. Clean up location services
Settings → Privacy & Security → Location Services
Go through every app. Most apps don’t need location access — or only “While Using the App,” never “Always.”
Critical settings:
- Turn off “Precise Location” for apps that don’t genuinely need it (news, weather, shopping)
- Change “Always” to “While Using the App” for everything that isn’t navigation
- Turn location off entirely for apps with no reason to have it
System Services (at the bottom of the list):
- Turn off “iPhone Analytics” and “Significant Locations”
- Turn off “Apple Ads”
3. Audit app permissions
Settings → Privacy & Security
Work through: microphone, camera, contacts, photos, calendar, health. For each category you can see which apps have access.
Ask yourself for each app: does this app actually need this? A flashlight app doesn’t need your contacts. A game doesn’t need your microphone.
iOS 18: selective contacts access — Apps requesting contacts now get a choice dialog: you can share only specific contacts instead of your entire address book. Use this to give apps only the contacts they actually need.
iOS 18: lock and hide apps — Long-press any app on the home screen → “Require Face ID” or “Hide and Require Face ID.” Sensitive apps (banking, messaging) get biometric protection and can be made invisible in search results and notifications.
4. Turn off personalized ads
Settings → Privacy & Security → Apple Advertising → Personalized Ads: off
This limits how much Apple uses your behavior for ads in the App Store and Apple News.
5. Strengthen Safari privacy
Settings → Safari
- Prevent Cross-Site Tracking: on
- Fraudulent Website Warning: on
- Privacy-Preserving Ad Measurement: off (sends no ad data, not even “privacy-friendly” data)
- Search Engine: change from Google to DuckDuckGo or Startpage
Also consider: regularly clear your Safari history and website data via Settings → Safari → Clear History and Website Data.
6. iCloud: Enable Advanced Data Protection
Settings → [your name] → iCloud → Advanced Data Protection
This is the most important iCloud setting most people don’t know about. By default, Apple can access your iCloud data — including your iPhone backup — and hand it over on a legal order. With Advanced Data Protection enabled, you get end-to-end encryption for the majority of your iCloud data. Apple holds no keys.
What it protects: iCloud Backup, Photos, Notes, Reminders, Safari bookmarks, Voice Memos, iCloud Drive.
What it does not protect (requires third-party interoperability): Mail, Contacts, Calendar.
Requirements: Two-factor authentication on, all linked devices on iOS 16.3+, and you must set up a recovery method (recovery contact or recovery key). If you lose access with no recovery method, your data is permanently gone.
Further limit iCloud sync:
Also turn off categories you don’t want stored at Apple:
- Health — sensitive, turn off if you don’t want this in the cloud
- Photos — consider local backup via your computer as an alternative
If you have iCloud+: also enable Hide My Email (generates random forwarding addresses so you never hand out your real address) and Private Relay (hides your IP address from websites in Safari).
7. Mail Privacy Protection
Settings → Mail → Privacy Protection → Protect Mail Activity: on
Does two things at once:
- Hides your IP address from senders — they cannot determine your location
- Prevents read receipts — tracking pixels in newsletters and marketing emails are pre-loaded through Apple’s proxy servers, so every email appears “opened” regardless of whether you actually read it
This defeats virtually all commercial email tracking. Available since iOS 15.
8. App Privacy Report
Settings → Privacy & Security → App Privacy Report → Turn On App Privacy Report
Shows a 7-day log of:
- Which permissions each app used (location, microphone, camera, contacts) and when
- Which third-party domains each app contacted — including ad networks and data brokers
Use this to decide which permissions to revoke. Apps you never open that still query your location show up here immediately.
9. Limit Siri & Search
Settings → Siri & Search
- Turn off “Learn from This App” for apps you don’t want Siri to analyze
- Settings → Siri & Search → Siri History → delete regularly
Settings → Privacy & Security → Analytics & Improvements:
- Turn everything off: iPhone Analytics, iCloud Analytics, Improve Siri & Dictation, Share iPhone Analytics
10. Set private DNS
Settings → Wi-Fi → [your network] → Configure DNS
Or via: Settings → General → VPN & Device Management → DNS
Set Quad9 as your DNS server: 9.9.9.9 and 149.112.112.112
This hides your DNS queries from your internet provider. Your ISP no longer sees a list of every domain you visit.
Alternatively: use a VPN — which both encrypts and hides your DNS traffic.
11. Replace apps
The biggest privacy improvement comes not from settings, but from which apps you use:
| Replace | With | Reason |
|---|---|---|
| Signal | End-to-end encrypted, no Meta metadata | |
| Google Chrome | Firefox or Brave | Less tracking, better extensions |
| Google Maps | Organic Maps | Fully offline, no tracking |
| Gmail | Proton Mail | Encrypted, Switzerland |
| Google Drive | Proton Drive | End-to-end encrypted |
| iCloud Keychain | Bitwarden or KeePassXC | Open-source, no vendor lock-in |
12. Lockdown Mode — for high risk
Settings → Privacy & Security → Lockdown Mode
Apple introduced Lockdown Mode specifically for journalists, activists, and people targeted by sophisticated attacks (NSO Pegasus, Cellebrite). It is the most aggressive security profile iOS offers.
What it does:
- Disables JIT compilation of JavaScript in Safari — regular JavaScript still runs, but the optimization layer that exploits abuse is turned off (can be re-enabled per site)
- Blocks incoming FaceTime calls from anyone you haven’t called yourself in the past 30 days
- Blocks most attachment types in Messages (images, video, and audio still work); link previews disabled
- Blocks all wired connections (USB, computers) when the device is locked — you must unlock first
- Disables 2G — protection against IMSI catchers (stingrays) that force a 2G downgrade
- Automatically disconnects from non-secure Wi-Fi networks
- Blocks installation of configuration profiles (MDM) — protection against enrollment attacks
- Removes Shared Albums; blocks new invitations from unknowns
Caveat: Some apps and websites won’t work correctly. This is intended for people with a concretely elevated risk level — not for everyday use.
If you fall into this profile: consider switching to GrapheneOS as soon as that becomes possible.
Priority order
If you don’t want to do everything at once:
- Disable app tracking — 30 seconds, big effect
- Clean up location permissions — 5 minutes
- Audit app permissions — 10 minutes
- Safari: enable tracking protection, switch search engine — 2 minutes
- Turn off personalized ads — 30 seconds
- Replace apps — gradually, start with Signal
What this doesn’t fix
These settings reduce tracking, but iOS remains Apple’s closed ecosystem. Apple has access to your device ID, your purchases, and your iCloud data. You’re trusting Apple as a company.
For higher threat profiles — journalists, activists, people who need to work truly anonymously — these settings are a starting point, not an endpoint. See the threat profiles for what’s needed beyond this.
See also:
- Android privacy without a custom ROM — the same approach for stock Android
- Threat profile: the average user — basic steps for everyone
- Which VPN should you choose? — VPN as a supplement to these settings
- Signal and Molly review — the messaging app that replaces WhatsApp
- Organic Maps review — replacing Google Maps on iPhone