iOS privacy settings that actually matter
A focused walkthrough of the iPhone privacy settings worth changing, with exact Settings paths, plus an honest look at the limits of Apple's model.
Published
If you are staying on an iPhone, you can meaningfully improve your privacy in about fifteen minutes without changing devices. Apple builds in several strong controls, but many are off by default or buried a few taps deep. This guide covers the settings that actually make a difference, with the exact paths as of iOS 18 in July 2026, and it ends with an honest note on where Apple’s protections stop.
If you are weighing iPhone against a de-Googled Android phone, see Choosing a private phone.
Turn on Advanced Data Protection (the big one)
By default, Apple holds the encryption keys to much of your iCloud data, which means it can access it and can be compelled to hand it over. Advanced Data Protection (ADP) switches most iCloud categories, including backups, Photos, Notes, and Voice Memos, to end-to-end encryption, so only your trusted devices hold the keys.
- Open Settings and tap your name at the top.
- Tap iCloud.
- Tap Advanced Data Protection.
- Tap Turn On Advanced Data Protection and follow the prompts.
Because Apple no longer holds a recovery key, you must set up a recovery method (a recovery contact or a recovery key you store safely). If you lose access and have no recovery method, your data cannot be recovered by anyone, including Apple. All your devices signed into the account need to be on a recent iOS, iPadOS, or macOS version. This single change does more for your privacy than anything else on this list.
Note that a few categories, notably iCloud Mail, Contacts, and Calendar, remain outside end-to-end encryption because they interoperate with older global standards.
Stop cross-app tracking
App Tracking Transparency requires apps to ask before tracking you across other companies’ apps and websites for advertising.
- Go to Settings > Privacy & Security > Tracking.
- Turn off “Allow Apps to Request to Track”.
With this off, every app is treated as if you denied its tracking request, and apps cannot even prompt you. This limits how your activity is linked across the ad industry.
While you are here, reduce Apple’s own ad targeting: go to Settings > Privacy & Security > Apple Advertising and turn off Personalized Ads.
Review Location Services and Significant Locations
Your iPhone quietly keeps a history of places you frequent. It is encrypted and stays on-device, but you may still prefer it off.
- Go to Settings > Privacy & Security > Location Services.
- Review the list of apps and set each to While Using the App, Ask Next Time, or Never as appropriate. Very few apps genuinely need “Always”.
- Scroll to the bottom and tap System Services.
- Tap Significant Locations (it will ask you to authenticate). Here you can see the stored history and turn it off with Clear History and the toggle at the top.
Consider also turning off other entries under System Services you do not need, and setting Precise Location off for apps that only need your rough area.
Turn on Mail Privacy Protection
Marketing emails often contain invisible tracking pixels that report when you open a message and roughly where you are. Mail Privacy Protection hides your IP address and loads content privately so senders cannot see this.
- Go to Settings > Mail > Privacy Protection.
- Turn on Protect Mail Activity.
This only covers Apple’s Mail app. Third-party mail apps have their own settings.
Tighten Safari
Safari has solid anti-tracking built in, but confirm it is on.
- Go to Settings > Apps > Safari (older iOS versions list Safari directly in Settings).
- Under Privacy & Security, make sure Prevent Cross-Site Tracking is on.
- Turn on Hide IP Address (from trackers) if available.
- Set Ad Privacy features according to your preference.
For sensitive browsing, use a Private tab, which does not save history and isolates tracking.
Stop sending analytics to Apple
- Go to Settings > Privacy & Security > Analytics & Improvements.
- Turn off Share iPhone Analytics (and Share iCloud Analytics).
This stops the routine sharing of diagnostic data. It is a small step, but an easy one.
Know about Lockdown Mode (for higher-risk people)
Lockdown Mode is an optional, extreme protection for people who may be targeted by sophisticated, mercenary spyware, such as some journalists, activists, and human rights defenders. It sharply limits attack surface by blocking many message attachment types, restricting some web technologies, and blocking wired connections to a locked phone.
- Go to Settings > Privacy & Security > Lockdown Mode.
- Tap Turn On Lockdown Mode and confirm (the phone restarts).
Most people do not need this and will find it too restrictive for daily use. If you think you might be specifically targeted, it is a powerful tool.
Use Safety Check if you are at risk from someone you know
Safety Check helps if you are worried that someone with access to your phone or accounts (for example in an abusive relationship) may be tracking you. It lets you quickly review and stop sharing information, location, and access.
- Go to Settings > Privacy & Security > Safety Check.
- Use Emergency Reset to immediately stop all sharing, or Manage Sharing & Access to review it person by person and app by app.
It requires an Apple Account with two-factor authentication. Be mindful that using it may be noticeable to someone who was monitoring you, so plan around your own safety first.
The limits of Apple’s model
Apple’s privacy protections are genuinely strong, and turning on Advanced Data Protection closes the biggest gap. Still, it is worth being clear-eyed:
- iOS is closed source. You cannot independently verify what the system does; you are trusting Apple’s word and its audits.
- It is still a data relationship. Even with ADP, some categories (Mail, Contacts, Calendar) are not end-to-end encrypted, and you remain dependent on Apple’s account system and its cooperation with legal requests.
- Defaults favour convenience. Many settings above are off by default, so an out-of-the-box iPhone shares more than a configured one.
- Hardware and app ecosystem are Apple’s. You cannot swap the operating system the way you can on a Pixel.
For many people, a well-configured iPhone is a reasonable and practical privacy choice. If you want to remove the data relationship entirely rather than manage it, a de-Googled Android phone is the alternative worth considering, covered in Install GrapheneOS on a Pixel.
Quick checklist
- Turn on Advanced Data Protection (Settings > [your name] > iCloud) and set up a recovery method.
- Turn off “Allow Apps to Request to Track” and Apple’s Personalized Ads.
- Review Location Services and turn off Significant Locations if you do not want it.
- Turn on Mail Privacy Protection (Settings > Mail > Privacy Protection).
- Confirm Safari’s Prevent Cross-Site Tracking and Hide IP Address are on.
- Turn off Share iPhone Analytics.
- Consider Lockdown Mode only if you may be specifically targeted.
- Use Safety Check if someone you know may be monitoring you.
Sources
- support.apple.com https://support.apple.com/en-us/108756
- support.apple.com https://support.apple.com/en-us/105120
- support.apple.com https://support.apple.com/guide/personal-safety/safety-check-iphone-ios-16-ips2aad835e1/web
- support.apple.com https://support.apple.com/guide/iphone/control-app-tracking-permissions-iph4f4cbd242/ios
- ssd.eff.org https://ssd.eff.org/module/how-to-get-to-know-iphone-privacy-and-security-settings
Last reviewed: