How to stay as private as possible on Apple's iPad and iPhone

How to use the tools Apple has given you to protect your privacy on an iOS device.

Apple, iOS, iPhone, iPad, security, privacy, mobile
IDG

Apple believes in your right to privacy. Here is some advice on how to use the tools it has given you to protect your privacy on an iOS device.

Use a better passcode

You probably already use a 4-digit passcode, but you can improve that with a 6-digit or alphanumeric code.

You change this in Settings>Touch ID/Face ID & Passcode, select Change Passcode and then tap the small Passcode Options dialog. Alphanumeric codes are harder to decipher, just make sure you remember the code.

Once you have protected your device with a solid passcode, it makes more sense to use Touch ID or Face ID, unless security policy forbids you doing so.

Erase Data

What happens if someone gets their hands on your device and wants to get at the data it contains? Given there are just 10,000 combinations for a 4-digit code (and many more passcodes start with ‘1’, rather than any other number), it makes sense to at least reduce the number of chances a miscreant has of guessing your number.

To so, open Face/Touch ID & Passcode and ensure the Erase Data option is on (Toggle to green). This will erase all the data on your device after 10 failed passcode attempts.

What can you see when you are locked?

Privacy isn’t just about what people can see when you are online; it’s also about protecting your device when it’s alone, visible to others, or unprotected.

One of the big bugbears here is the habit of allowing people to access Siri from the Home screen or allowing message previews to appear on the lock screen.

You can control this behavior in Settings>Face ID & Passcode, in the Allow Access When Locked section. If your iPhone does not have Face ID, the section is labeled Touch ID & Passcode.

Here you’ll find controls for the following:

  • Today View
  • Notification Centre
  • Control Centre
  • Siri
  • Reply with Message
  • Home Control
  • Return Missed Call
  • USB Accessories: (Set this to off, and USB devices – including black box hacking systems used by criminal entities – will be unable to work with your device when it has been over an hour since your device was locked.)

For maximum protection you should disable all of these, but that is a trade-off between convenience and privacy. I keep Notification CentreControl Centre and Return Missed Call active myself. I do limit the number of apps that can send me Lockscreen Notifications.

Maximize privacy by disabling Show Previews for any app notifications so your communications won’t appear on the lock screen.

Finally, why not reduce the auto-lock time to 30 seconds in Settings>Display & Brightness>Auto-Lock?

Always use a VPN

You should always use a VPN (virtual private network), as this makes it much harder for others to monitor, track, or intercept your internet traffic.

Your company may provide you with one of these, and you should use it. If they don’t, then be sure to reach for reputable services, as a VPN service provider will actually have access to all your traffic and many free services cannot be trusted.

Reputable services include NordVPN, CyberGhost, and ExpressVPN. Both Windscribe and TunnelBear seem to be respected. Some of these services can be accessed using the built-in VPN inside your device, while others rely on apps. In general, the built-in VPN is the most reliable approach.

What is browser fingerprinting?

Browser fingerprinting is a process that uses publicly shared information about your device to identify and track what that device does online.

This is information such as platform, screen resolution, browser – even fonts or accelerometer info. (It is worth noting that the more browser plug-ins and extensions you use, the easier you make it for fingerprinting systems to identify you.)

Combined, this lets unaccountable analytics firms develop an extremely accurate picture about site visitors and what they do.

So, how much information are you giving away right now? These two sites will show you: AmIUnique.org and Panopticlick.eff.org – I think you’ll be surprised.

Apple is taking action to prevent this kind of activity.

Privatize Safari

Safari has a range of privacy settings you can access in Settings>Safari>Privacy & Security.

They include:

  • Prevent Cross-Site Tracking: A feature that tries to stop websites and services from tracking you.
  • Block All Cookies: (Some web services you use may require you to enable cookies, but you should remember to disable them in between times.)
  • Ask Websites Not to Track Me: The Do Not Track feature has been removed, as explained here.
  • Fraudulent Website Warning: This provides useful protection against Spoof websites.
  • Motion & Orientation Access: This tool (off by default) prevents sites from being able to access a device’s accelerometer and gyroscope. This is a trade-off: On the one hand you’ll find it harder to access VR experiences online, while on the other it is a feature abused by tracking firms who use it to "fingerprint" your device. (Fingerprinting is explained below.)
  • Camera & Microphone Access: Turn this off to prevent sites from accessing either your camera or your microphone without expressed permission.
  • Check for Apple Pay: Keep this active if you want to be able to pay for items using Apple Pay.

Change your search engine

Apple still insists on making Google the default search engine for Safari on iOS.

You don’t need to wait for Apple to change this; you can do it yourself in Settings>Safari>Search Engine and change this to DuckDuckGo, a website search engine that does not collect information about you.

Use password auditing

iOS now has a very useful password auditing feature that you can use to ensure that all the passwords you use are different across all your services and devices. The feature is very easy to use.

In brief:

  • OpenSettings>Passwords & Accounts and choose Website & App Passwords.
  • If you see a small grey triangle beside one of the items on the list, this means you have used the same password in multiple locations.
  • Tap a flagged item to find out what password you’ve used and where else you have used it.
  • Choose Change Password on Website and Apple will try to take you to the relevant page to replace your password with a more secure version.

Just say no

If you care about online privacy, you’ll migrate to more private alternatives to Google. Apple provides lots of these across its ecosystem. Replace Google Docs with Pages, and dump Gmail for Mail, for example. You can also use other secure email providers, such as Mailfence.

Use Private Browsing mode

One good way to prevent rogue apps from uploading data they find about you in your Safari History is to use Private Browsing mode whenever possible.

Access this mode in Safari as follows:

  • Tap the square icon at the bottom right of your browser.
  • Tap Private at bottom left of the carousel view that appears.
  • Tap the Plus button to open a new browser window.

What about website data?

Another Safari feature worth taking control of is its collection of website-related data.

Open Settings>Safari>Advanced>Website Data and you will find a list of all the sites that are gathering such data.

This information includes history, cookies, and other browsing data. You can delete this information one item at a time, or tap "Clear" at the bottom of the window. Alternatively, you can tap Clear History and Website Data on the Settings>Safari screen.

NB: This will delete information across all your signed in devices.

Limit Ad Tracking

Go to Settings>Privacy>Advertising and turn on Limit Ad Tracking in order to make uniquely identification of your iOS device more difficult for location trackers.

You should then tap the Reset Advertising Identifier tool to anonymize you all over again.

Take control of Significant Locations

Apple’s mobile operating system does gather some information about you, including your Significant Locations.

This data is used to provide you with “useful location-related information in Maps, Calendar, Photos and more.”

Apple does stress that this information is encrypted and cannot be read by the company.

Despite this reassurance, you can limit this activity in Settings>Privacy>Location Services>System Services and then Significant Locations, which you can turn off. You can get rid of historically collected data by tapping the Clear History button.

You can also take a look at which Apple system services track your location in Settings>Privacy>Location Services>System Services. Here you can review those able to get this data and disable those you don’t wish to use – but don’t disable Find My iPhone.

Limit app access to Location data

There are so many apps that want to know where you are.

Some of these offer features you may want to use that require this information; other apps have less of an excuse. You are not the product, and you can choose to limit such access whenever you choose.

You can review what permissions you’ve given and to which apps in Settings>Privacy>Location Services, where you can assign location permission access to each app.

Ask yourself questions as you do so. For example, do you ever use Facebook’s Check-in feature? If not, then why are you enabling what many call a surveillance capitalist with access to where you are? Limiting access to this data may limit what some apps can do, but the trade-off is privacy – you can always change it again when you want to use your app.

Understand Messages encryption

You know that iMessage conversations in Messages are encrypted, right? SMS conversations are not. How do you tell the difference? A blue message window means the conversation is encrypted, while green means it is not.

Of course, just because a conversation is encrypted doesn’t mean someone with access to your device is completely unable to get at it. You can reduce this risk in Settings>Messages where you can change Message History so the communication is deleted after 30 days.

Apple also offers a Messages in iCloud feature. If enabled, your messages will be stored in iCloud, protected by your iCloud password. However, if you also use iCloud Backup your stored messages can be accessed by anyone who gets access to your iCloud account, so if increasing your communication security matters to you, then you should disable Messages in iCloud in Settings>iCloud toggle to off.

Audit which apps can access camera, microphone and more

Some apps like to access your camera and microphone, as well as Photos and other personal items. It’s pretty clear why this is useful some of the time, but you’d be surprised how many apps request such access even though there’s no clear reason for them to do so. You can check which apps are collecting information for no good purpose in Settings>Privacy, where you’ll find sections for

  • Contacts
  • Calendars
  • Reminders
  • Photos
  • Bluetooth Sharing
  • Microphone
  • Speech Recognition
  • Camera
  • Health
  • Homekit
  • Media & Apple Music
  • Motion & Fitness

It’s good practice to go through each of these sections and check which apps have access. If you don’t want/need to use that app, then disable their access.

How many apps?

Most iOS users end up with dozens of apps on their iPhone, many of which they never make use of.

We keep hearing more and more horror stories concerning apps quietly monitoring what we do without overtly asking for permission – including the recent screen recording surveillance scam the originators of which claim is “for your convenience.”

To protect against such apps that surreptitiously grab data about you without you knowing they are doing so, it makes sense to limit which apps you carry with you.

There are two ways to achieve this:

  • If you never use an app and never will: Tap and hold the app icon until it begins to wriggle and a cross appears, tap the cross to delete the app.
  • If you seldom use an app but may in future: Open General>iPhone/iPad Storage and review the apps there. Apps you seldom use but may use again can be offloaded. Tap the app name and in the next page tap Offload App. The app will be deleted from your device, but its data will be retained. That way when you use the app again it should continue to work as well as it did before.

Not only have you now reduced your attack vulnerability, but you’ve also saved yourself a bunch of space which you can fill with your favorite Sneaker Pimps albums.

What apps should you avoid?

Some apps exist almost entirely to monitor you and your data. To maximize privacy protection you should at the least avoid installing social media apps such as Facebook or Twitter. Not only can you access both services more securely via your browser, but a look inside Settings>Battery Health should show you how much energy those apps are using. Why?

The rather excellent Restore Privacy website recommends that you remove so many categories of app it’s a little ridiculous; however, if privacy matters to you, it’s possible you will follow that advice.

What about ad blockers?

You know what I have to say: I recommend use of Ad Blockers, but I implore readers to consider that ads sales models are the only way most of the publications you read stay in business. So I urge you to find a way to support the titles and authors you enjoy. I guess everyone needs to eat from time to time.

A little location goes a long way

1 2 Page 1
Page 1 of 2
6 tips for scaling up team collaboration tools
  
Shop Tech Products at Amazon