iPhone Privacy: Placing Barbed Wire on the Walled Garden

After discussing privacy for a while on Reddit, I decided I would a piece together on how to improve the privacy of your iPhone. The device often gets a lot of hate in the privacy and tech communities, just as there’s plenty of fuel on the fire when discussing PC vs. Mac, Xbox vs. Playstation, etc.

Regardless of what you want to believe, Apple does sport some impressive privacy measures in their software. If you’re wary, I’m here to show you how you can extend that privacy potential.

Privacy Apps

The meat of this post. I will explain my current iPhone setup along with suggestions on how to increase security and privacy. If you believe you’ve gone down a better path,

Apple is arguably the best tech megacompany when it comes to protecting customer privacy. Their devices boast end-to-end encryption built into a fair number of features. Let’s first take a look at apps.

File Storage & Perhaps Music Files

A few years ago Apple came out with their own cloud storage app called Files. Use

As for music, I use Apple Music on a student account. I tried managing all of my music locally but between downloading, storing, organizing, and fixing metadata, I took a hit and went with a DRM-protected service. If I can find something more respectable in the future I’ll let you know.

Notes

Apple Notes is minimal and elegant but for the sake of privacy it’s recommended to store your online information and files across various services. For a long while we didn’t have a privacy-based notetaking app that succeeded in the two big challenges of privacy and convenience. Well, now we do. Get Standard Notes.

Communication

There is a single powerful app that will make and encrypt phone calls, video calls, and text messages. It is Signal… and you need it. Snowden himself endorsed it. Now you can tell all of your friends and turn off iMessage. Granted, Apple does claim to encrypt phone calls, FaceTime calls, and iMessages, but the important lesson is to diversify.

Browser

Firefox, though open-source and fairly respectable, is second to its other browser option, Firefox Focus. I use both for different purposes. Focus will allow you to browse the internet using one tab while blocking trackers. After your done, hit Erase and your session data is wiped. Websites also load very quickly due to the app not having to load the various tracking code non-protected browsers have to.

Email

ProtonMail may be the most popular end-to-end encrypted email service right now. And for good reason: not only is it open-source and private but the app runs about as smoothly as Apple Mail. It’s even free though if you like what they do I recommend getting a paid membership. I give them $5 a month.

Reminders

If you use a lot of reminders, you’re sort of making a template of your daily, weekly, or monthly schedule. If you’re worried about this you can use a third-party open-source reminder app like Wunderlist. They’re one of the only good free options I’ve found.

Privacy Settings

Besides diversifying your online presence by using various apps and services, there are a number of settings you should take advantage of to increase privacy. Let’s get into it.

iCloud Settings

I use iCloud to store my Keychain (account logins) and my photos, much to my chagrin. I’ve looked for solutions to photo storage that are both private and convenient. Meeting that goal is exceedingly difficult but if you’ve decided to keep a couple items toggled on in iCloud it’s not necessarily a gamebreaker. iCloud may be very secure but it’s considered good privacy practice to have multiple accounts, profiles, and basically places to store anything you’ve decided to store online.

If you want to remove all of the stock bookmarks, turn content blockers on, basically enable all of the pro-privacy settings in Safari knowing that you’ll use a different browser, you can turn Safari on to save those settings. Everything else in iCloud is turned off.

Embarrassingly, I once used Google Photos to store my photos. Apple Photos and Google Photos are arguably the best apps for convenience. But I will say it here with as much force as I can:

Do not use Google apps. I repeat, do NOT use Google apps.

If you’re reading this to improve privacy, the above statement may be the most useful one I make here. Feel free to be clever and use Google search to google just how many privacy violations Google is responsible for. It’s harrowing.

If you’re worried about becoming the next Jennifer Lawrence, store your photos locally or use MEGA.

Bluetooth Settings

Keep it off unless you’re at home and have a privacy-respectful bluetooth speaker option. If not, keep it off. Period.

Cellular Data

I use my phone as a glorified iPod, so I keep all cellular data off. I’m also looking into buying a Faraday case. If your phone is on a service plan, think about getting a dumbphone with a cheap plan, both for the financial benefit as well as the increased privacy. Android devices send location data regardless of cellular data, WiFi, Bluetooth, airplane mode, and even if the device is off. It’s uncertain if the iPhone does that.

Background App Refresh

This is more an argument for battery life but you should turn off Background App Refresh (in Settings -> General) for anything you can manage. You don’t need background app refresh turned on for TurboTax because you probably use it once a year. Apply that thinking to every app on your phone.

Siri

Turn her off in iCloud. Honestly, you use her to play music, find directions, and call the occasional friend. It’s not worth her knowing large parts of your personal life.

Touch ID & Passcode

If your hobbies or activities put you in the spotlight of some government surveillance you should think about turning off Touch ID and using a passcode. In a number of courts there have been arguments aimed at forcing individuals to open their devices using their fingerprint. With the recent battle between FBI and Apple, the courts ordered Apple to break into an iPhone to produce evidence for a case. They couldn’t follow the order because Apple doesn’t program backdoors into their devices. Arguably, with the corpse of a terrorist the FBI could simply place the appropriate finger on a Touch ID sensor and gain access. Without it, it becomes far more difficult to break in.

Privacy Settings

Turn Location Services off. Google Maps has a creepy follow feature that tracks all of your movement throughout the day and because Apple Maps is closed-source we can’t determine if they do the same. Surprisingly, you’ll quickly see just how few apps need your location data to function properly for your purposes. Turn Motion & Fitness tracking off and because it’s probably already tracked some data, go into the Health app -> Show All Data and delete it all.

Passwords & Accounts

Get yourself a fruux account and plug in some contact or calendar data. Then click on the Sync tab and follow the iOS instructions. They’ll have you add a CardDAV account. When you’re finished, take a look at your Contacts app. Your contacts will now sync with fruux as opposed to iCloud. Because the Contacts app is simple and robust, your contact dates are automatically synced with Apple Calendar.

Messages and FaceTime

If you plan on using Signal for all of your phone calls, video calls, and text messages, feel free to turn off iMessages and FaceTime in Settings. These are supposed to be encrypted but alternatively it closes the gap on services you may not use much.

Safari

Hopefully you’ve already installed Firefox and/or Firefox Focus. If so, good job. You can make Safari disappear by going to (iOS 12) Settings -> Screen Time -> Content & Privacy Restrictions -> Allowed Apps and turning if off. However, this will make opening some items on various apps not work. If you choose not to do this Safari will there on one of your screens. You can hide it in a folder. Aside from all that, let’s take the extra precaution of modifying some settings for further potential privacy.

Your search engine should be DuckDuckGo. It’s a pro-privacy service that doesn’t track your searches. You should have Block Pop-Ups turned on. With Firefox Focus installed you should see an option called Content Blockers. Touch it and turn Firefox Focus on. Turn on Prevent Cross-Site Tracking and Ask Websites Not to Track Me. Turn off Camera & Microphone Access (because really, how often is it going to need that?) and Check for Apple Pay. Just use a debit card or even better, cash. To maximize the effect, turn off Javascript. This will break many sites.

The last thing you’ll want to do is scroll to the bottom of Settings and look at individual app permissions. For the majority of cases, I recommend denying all apps permissions for Contacts, Photos, Microphone, Camera, etc. As stated before you’d be surprised by how rarely these apps need that information to function properly.

I hope this helps. If you have any privacy-related tips, let me know.