Your iPhone is a powerful computer that is likely a (if not the) primary way you access the internet. As such, it is vital to ensure your iPhone is secure, and that your privacy is protected. Fortunately, there are some easy steps you can take to “harden” your security settings and improve your privacy when using your iPhone. 

Apple argues that its tight control over its “walled garden”(new window) ecosystem means that iPhones are inherently more secure than their Android competitors. 

This is because Android is a more open platform that allows its users to sideload apps or install them from alternative stores. It also suffers from a very fragmented ecosystem used across a huge number of devices from different manufacturers, some of which are much better at pushing security updates than others.

However, even the Apple app Store is not always as safe as Apple claims(new window), and Apple can hardly claim a monopoly on doing security properly. The truth is that no smartphone can ever be considered 100% secure, and despite Apple’s many claims, iPhones continue to suffer from privacy issues (not least from tracking by Apple itself).

In this guide, we take an in-depth look at how to improve both privacy and security on your iPhone. It specifically deals with iPhones running iOS 16.2, but most of the advice is fully applicable to all recent versions of iOS. 

Lock down your iPhone security settings

Enable two-factor authentication

One factor authentication requires something you know (your login details). Two factor authentication (2FA)(new window) requires something you have (in this case, your iPhone). 

Two-factor authentication provides a valuable extra layer of protection for your Apple account, requiring you to enter a verification code that is sent to your phone via SMS whenever you login. So unless someone has access to both your login details and physical access to your phone, they won’t be able to access your Apple account. 

To set up 2FA on your iPhone, go to Settings → [Your name] → Password & SecurityTwo-factor authentication and follow the prompts. 

2FA

Disable tracking

By default, iOS blocks apps from tracking your activity across other companies’ apps and websites. It is possible to opt-in to tracking of this kind however, so it’s a good idea to ensure tracking is disabled. 

To do this, go to SettingsPrivacy & SecurityTracking, and ensure the Allow Apps to Request to Track switch is toggled off.

Tracking

Review location services

Apps on iOS must ask your permission to use GPS, Bluetooth and other means to determine your physical location. For maximum privacy, you should disable location services entirely, as this form of tracking is highly invasive to your privacy.

However, for many of you, this will be is impractical, as some very useful apps require knowing where you are (for example, Maps)

You should at least regularly review which apps can access your location and under what circumstances (While using is usually sufficient permissions for most apps that you do want to access your location).

To review apps that can access iOS location services, go to SettingsLocation Services.

Location

Set up a strong passcode

A four-digit numerical passcode is simply not strong enough. On newer iPhones running iOS 15+, the default password is six digits long. This increases the number of possible combinations from 10,000 to one million, but even this can be improved.

In iOS 11+ you can set up a custom numeric passcode that uses as many digits as you like. For example, using an eight-digit numerical password boosts the number of possible combinations to 100 million.  

For even greater iPhone security, you should use an alphanumeric password consisting of either a mix of letters, capitals, numbers, and symbols, or a longer (but easier to remember) passphrase (a sentence consisting of a number of words separated by spaces). 

To change your passcode, go to Settings Touch ID/Face ID & PasscodeChange PasscodePasscode Options.

Change passcode

Disable biometric ID

Touch ID and Face ID are very convenient ways to unlock your phone and authenticate transactions and other sensitive stuff on your iPhone. 

In the United States, you can’t be forced to unlock your iPhone using a passcode because doing so violates your Fifth Amendment rights. However, whether biometric authentication is covered by the Fifth amendment is a hotly contested issue(new window), with some courts ruling that it is, but others that it isn’t.

Until the Supreme Court makes a definitive decision on the issue, the safest option in the US is to disable Touch ID and Face ID and rely on a strong passcode instead. 

Most other countries don’t have an equivalent to Fifth Amendment rights, so disabling your biometric authentication is less important outside the US. But you should check the laws where you live. 

To disable Touch ID or Face ID, go to SettingsTouch ID/Face ID & Passcode → and toggle the iPhone Unlock switch off.

Biometrics

Remove access when locked

Your lock screen can show a great deal of personal information, which can be accessed by anyone with physical access to your phone. You should therefore restrict what can be shown on your lock screen.

To do this, go to SettingsTouch ID/Face ID & Passcode, scroll down to the Allow access when locked section, and disable any apps that might show personal information on your lock screen.

Remove app access when locked

Remove widgets that show sensitive information

iPhone widgets are a great way to access information on your iPhone, but they can be accessed from your lock screen by anyone with physical access to your phone. You should therefore remove widgets that show personal or sensitive information.

To do this:

1. Open your iPhone, swipe right from the home screen → Edit.

Remove widgets that show sensitive information

2. Tap the button for each widget you wish to remove. 

Select which apps you want to remove

Disable notification previews

By default, when a notification appears on your lock screen, anyone with physical access to your iPhone will see a preview of the notification content. Which could contain highly sensitive information. 

To disable notification previews, go to SettingsNotificationsShow previews and change to either Never or When Unlocked

Disable notification previews

Reign in Siri

Siri is undoubtedly very useful, but while the actual analysis and processing of your device usage, which forms the basis of Siri’s personalized suggestions, is done on-device, a lot of information is still shared with Apple(new window)

The most privacy-friendly option is to disable Siri on your iPhone altogether, but you can improve your privacy while still using Siri by restricting the apps it monitors to generate its personalized search suggestions.

To disable Siri, go to SettingsSiri & Search and toggle the Listen for “Hey Siri” and Press Home/Side Button for Siri switches off.

Disable Siri or control what it can access

Alternatively, scroll down the Siri & Search page to find a list of apps that Siri collects data from and disable ones you don’t think Siri needs access to.. 

Use Proton VPN

Using a VPN on your iPhone is invaluable for protecting your privacy and security. A VPN:

  • Prevents your internet service provider from seeing your activity online (which also prevents most forms of government mass surveillance)
  • Prevents websites you visit from knowing your real IP address
  • Defeats many forms of online censorship
  • Protects you from WiFi hackers when using insecure public hotspots
  • Prevents public WiFi hosts from selling your browsing habits to advertisers
  • Allows you watch your favorite movies, shows, and sports events when traveling away from home
How a VPN works on your iPhone

Learn more about why you need a VPN on your iPhone

You should be aware, however, about the VPN bypass vulnerability, where iOS does not correctly close open connections when you connect to a VPN server. We are still waiting for Apple to fix the problem, but it can be mitigated by turning Airplane Mode(new window) on and off again after you have connected to a VPN server. 

Proton VPN is an audited no-logs VPN service based in privacy-friendly Switzerland.

Use privacy-friendly alternatives to Apple apps

With the launch of iOS 16.2, Apple announced support for end-to-end encryption(new window) (E2EE) for most of its iPhone apps (with the notable exception of Mail, Contacts, and Calendar because of the “need to interoperate with the global email, contacts, and calendar systems”). 

Learn why end-to-end-encryption is important(new window)

This is welcome news, but even where E2EE is used to secure the contents of your data, you should be aware that Apple collects a great deal of metadata (the how, where, when, and who) through its apps(new window)

At the time of publication, Advanced Data Protection is available in the US “and will start rolling out to the rest of the world in early 2023”. Even where available, Apple may not allow you to immediately enable Advanced Data Protection on newly registered iPhones(new window) because  “this wait time helps to protect your account and data”. 

If you can, you absolutely should enable it by going to Settings → [Your name] →iCloudAdvanced Data ProtectionTurn On Advanced Data Protection.

However, a better option is to use third party apps that genuinely respect your privacy in a way that Apple promises to, but often fails to live up to its marketing.

Get Proton VPN!

Proton Mail

Proton Mail(new window) is a secure email service based in privacy-friendly Switzerland. All emails sent between Proton Mail users are automatically E2EE encrypted and you can send E2EE emails to non-Proton users using our password protection feature or the OpenPGP encryption standard. 

Even if you don’t use E2EE for external users, all emails are stored on our servers using zero-access encryption. They are encrypted using your public key and can only be decrypted using your private key, so no-one else but you can access them (including us). 

Learn how encrypted email works(new window)

As with Proton VPN, Proton Mail is 100% free, with advanced features available if you upgrade to a Proton Mail Plus plan. 

Proton Mail will never use your metadata for advertising purposes, and unlike with Apple Contacts, all contacts in Proton Mail are fully end-to-end encrypted. 

Instant messaging

With Advanced Data Protection, Messages stored in iCloud are set to become E2EE, but Apple still uses metadata from its Messenger app for advertising purposes. Fortunately, there are some great open source messaging apps for iOS that genuinely respect your privacy(new window) out there.

Password Manager

Again, there are some great open source and privacy-focused alternatives to iCloud Passwords and Keychain(new window)

Once you’ve installed a third-party password manager app on your iPhone, you can set iOS to use it as the default password manager for auto-filling login details. To do this, go to SettingsPasswordsPassword Options and select your new password manager from the list.

Change your default password manager

To ensure iOS doesn’t store autofilled passwords to iCloud anyway, go to Settings → [Your name] →iCloudPassword and Keychain and toggle the Sync this iPhone switch off.

Disable Sync this iPhone

Proton Drive

Proton Drive(new window) makes an excellent privacy-first alternative to iCloud. Files uploaded using the audited open source Proton Drive app for iOS(new window) are end-to-end encrypted and can be easily shared with a simple URL. 

Proton Drive for iOS

Proton Calendar

Again Proton offers a privacy-friendly alternative to the iCalendar app. Proton Calendar(new window) for iOS keeps your sensitive information end-to-end encrypted, so only you can access it. 

Manage your schedule across devices and apps, manage invitations without leaving your Proton Mail inbox, and quickly add events received by email, such as flights, meetings, or concerts.

Proton Calendar(new window) is available for free to everyone with a Proton VPN, Proton Mail, or Proton Drive account (including free ones). 

Final thoughts

iPhones are more secure than Android phones, but there are many things you can do to tighten up the security settings on yours. 

You should also always keep in mind that Apple’s expansive privacy claims are often more to do with canny marketing than any real concern for your privacy. Fortunately, you are under no obligation to stick to Apple’s apps on your iPhone. 

Protect your privacy and security online
Get Proton VPN free

Related articles

AirTags are small devices designed to help you locate lost items using Apple’s Find My network. They emit a secure Bluetooth signal detectable by nearby Apple devices, which then use their location services to anonymously relay the location to the ow
Why a VPN is important when working remotely
In 2023, roughly 40% of workers in the US worked remotely or on hybrid schedules (some days in the office, some days at home). This arrangement offers benefits to employees and employers, but it also introduces new cybersecurity vulnerabilities, like
Proton VPN now operates one of the largest VPN server networks in the world.
At Proton VPN, we’ve reached a new milestone in our mission to make online privacy the default for everyone. Now offering over 5500 servers on six continents, Proton VPN is one of the largest and most popular VPN services in the world. And we’re grow
What is DNS security?
In this article, we’ll look at DNS security, what it means for your businesses, and how using Proton VPN provides your business with the DNS security it needs.  The Domain Name System (DNS) translates human-friendly domain names to numeric IP addres
Paris Olympics
The 2024 Summer Olympics in Paris begins this July. While you’ve likely already missed your chance to get a ticket and witness the best athletes from around the world in person, there are plenty of ways to enjoy the games from the comfort of your hom
Where to watch euros
Every four years, the entire continent of Europe turns its eyes to see who will be crowned as the continent’s champion of football (or soccer for the Americans).  This is the 17th edition of the UEFA European Football Championship, in which 24 natio