Apple’s operating system for phones and tablets, iOS, has about 39% of the mobile device market in the US, and about 24% in the world. That’s a lot of iPhones, iPads, and iPods! Your mobile device collects a lot of data about you, and you store a lot of data on it, so it’s critical that you take the time to set your security and privacy settings.
Apple is known for building strong security and privacy into its software. Cybersecurity and privacy experts almost universally recommend iOS over Android. However, that doesn’t mean that you should simply accept the default iOS settings. There are changes you can make to increase the security and privacy of iOS.
For some settings, I don’t have a recommendation related to security or privacy, so I don’t describe them in this guide. For those, feel free to keep the default, or choose based on your preferences.
This guide was last updated for iOS 12.1.2 on an iPhone. The settings and steps may differ based on version of iOS and device.
Note: this page contains affiliate links. Please see Affiliate Disclosure.
To open iOS settings, simply tap the Settings app (an icon of gray gears). We’ll go through the settings it contains in order.
You’ll see your name (and your smiling face, if you’d added it). Click that to open the Apple ID settings.
Password & Security
Change Password: This is your Apple ID password, not your iOS password. If you haven’t already, set a long, strong password (15+ characters, with a mix of uppercase, lowercase, numbers, and special characters). You’ll need to type this into your device from time to time, so make a password you can remember. You may need to enter this password to open your password manager app, so don’t rely on just grabbing it from your password manager. Once you create it, I recommend saving it in a password manager, such as LastPass, in case you forget it.
Two-Factor Authentication: If this isn’t already on, tap Turn On Two-Factor Authentication, then tap Continue. Follow the steps. Learn more in How & Why to Use Two-Factor Authentication.
Recovery Key: If you don’t already have one, click Recovery Key to create one. I recommend saving it in a password manager, such as LastPass.
Click Back in the top left until you get back to the Apple ID settings. Then click iCloud.
Under Apps Using iCloud, toggle off any apps that you don’t want to store data in iCloud. I recommend keeping to a minimum the data you store in iCloud.
Scroll down the list and tap Find My iPhone. This allows you to find, lock, or wipe/erase your iPhone remotely, if it becomes lost or stolen. I recommend toggling this On, and toggling Send Last Location to On.
Go back to the previous screen, then tap iCloud Backup. I recommend toggling this On, unless you’re going to frequently back up your device to your computer.
Go back to the previous screen, then either toggle iCloud Drive to Off, or, if you toggle it On, then toggle Off any apps below it that you don’t truly need to save their data to iCloud Drive.
Share My Location
Tap Back in the top left until you get back to the Apple ID settings. Then tap Share My Location.
Share My Location: I recommend toggling this to Off unless you truly need it, and are aware of how you’re sharing your location.
Go back to Settings and tap Bluetooth.
Bluetooth: I recommend toggling this to Off. Toggle it to On when you truly need it, then toggle it Off again. Bluetooth has poor security, and is easily hacked, so keep it off as much as possible.
Go back to Settings and tap Notifications.
Show Previews: I recommend setting this to When Unlocked. If you set it to Always, then anyone can see your notifications without unlocking your phone, which could reveal sensitive data.
Go back to Settings and tap General.
Tap Software Update, then tap Automatic Updates. Toggle to On.
Go back to General and tap AirDrop. I recommend setting to Receiving Off, and only enabling AirDrop when you need it. It’s often abused by people who AirDrop nude photos or other unwanted content to nearby devices. When you do need it, set it to Contacts Only or Everyone, AirDrop what you need, then set it back to Receiving Off.
Go back to General and tap VPN. If you have a VPN (virtual private network), tap Add VPN Configuration and follow the steps.
Siri & Search
Go back to Settings and tap Siri & Search.
Siri gives you more privacy than other voice assistants, but if you don’t want to use it (as I don’t), you can toggle Off these settings:
- Listen for “Hey Siri”
- Press Home for Siri
- Suggestions in Search
- Suggestions in Look Up
- Suggestions on Lock Screen
Touch ID & Passcode
Go back to Settings and tap Touch ID & Passcode.
Scroll down to Allow Access When Locked. Toggle to On only the items that you want to allow to be used when the screen is locked, and toggle to Off all others. Think carefully about what a person could learn about you, or what they could do, if they had access to your phone. I recommend disabling at least Home Control, Wallet, and USB Accessories.
Erase Data: If you toggle this to On, your device will erase itself after someone (you or someone else) fails to unlock the device 10 times in a row. This is a great security feature, but it’s obviously very dangerous. Be sure you’re taking regular backups before you toggle this to On, in case your device erases itself and you need to restore from backup.
Go back to Settings and tap Emergency SOS.
Emergency SOS allows you to alert emergency services and your emergency contacts.
Auto Call: If you toggle this On, your device will automatically call emergency services and your emergency contacts when you activate Emergency SOS.
Emergency SOS also temporarily disables Touch ID. If you’re in a situation where you think you may be compelled to use your finger to unlock your device against your will, you can quickly force your device to require typing in the passcode to unlock it. If this is how you intend to use Emergency SOS, you may want to disable Auto Call, depending on whether you want to alert emergency services and your emergency contacts in such a situation.
Go back to Settings and tap Privacy.
Location Services: If you’re privacy-conscious, you may be tempted to simply toggle this to Off. However, be aware that that will prevent Find My iPhone from working.
Tap Share My Location. I recommend toggling to Off unless you have a true need to share your location with family and friends.
Go through the list of apps and set the Allow Location Access setting. I recommend choosing Never for any app that doesn’t truly require your location.
At the bottom of the list, click System Services. I recommend toggling all to Off except those that truly require your location, such as Cell Network Search, Emergency Calls & SOS, and Find My iPhone.
Go back to Privacy. Click through each app and category, setting your privacy as desired.
Click Analytics. Set your Analytics preferences as desired. I generally like to share data that helps make software and services better, as long as my data is anonymized. You may choose to disable if you’d rather not send your data (even anonymized data) to Apple. Apple says,
The collected information does not identify you personally and can be sent to Apple only with your explicit consent. … When it’s collected, personal data is either not logged at all, removed from reports before they’re sent to Apple, or protected by techniques such as Differential Privacy. … Analysis happens only after the data has gone through privacy-enhancing techniques so that it cannot be associated with you or your account.
Wallet & Apple Pay
Go back to Settings and tap Wallet & Apple Pay.
Apple Pay allows you to make payments without revealing your account details to the merchant. The merchant will not see your credit card (or other account) info. That’s great because merchants continue to suffer data breaches. If the merchant never has your credit card info, they can never leak it.
Double-Click Home Button: I recommend toggling to Off to make it harder for someone else to pay from your device, or to access other sensitive wallet data.
Go back to Settings and scroll down to the list of installed apps. I recommend tapping your way through each of these, looking for any settings related to security or privacy.
Using iOS Safely
Install all software updates (for iOS and apps) as soon as they’re available. You should set your device to do this automatically (see settings above), but also watch for any update prompts.
When you install an app, grant it as few permissions as possible. You can always grant more permissions later, if you truly need to.
Even if your device backs up to iCloud, you can still back it up to your Mac or PC using iTunes. Be sure that you check the box to encrypt your backup. I recommend storing the password in your password manager (I like LastPass).
Don’t use public Wi-Fi for anything sensitive, because you’re using an insecure, untrusted network. Instead, use your device’s mobile/cellular data, or use a VPN (virtual private network) to protect your traffic when using public Wi-Fi.
There isn’t antivirus or anti-malware for iOS as there is for computers, so you don’t need to install any antivirus or anti-malware apps on your device. Apple has been removing antivirus and anti-malware apps from its App Store since 2015, to prevent people from installing apps posing as antivirus and anti-malware. You can learn more in Why Apple iPhones Don’t Need Antivirus Software.
Apple’s iMessages system, which powers its Messages app, is end-to-end encrypted. That means iMessages can’t be read by third parties, making them much more private than standard SMS/text messages. Just remember that if you send messages to someone who’s not using an Apple device (if the messages are green rather than blue), those messages are outside of the iMessages system. Also, be aware that iMessages are stored in your iCloud backup, giving Apple the ability to access them. You can disable iCloud backup to prevent this (see settings above), but keep in mind that your messages sent to others could still be backed up into their iCloud accounts. If you’re concerned about the privacy of your messages, consider a secure, private messaging app such as Signal or Wire.
Regularly delete unnecessary apps from your device. This decreases your “attack surface”; it limits the ways your device could be compromised.
Jailbreaking an iOS device makes it less secure, because it removes many of the protections built in by Apple. Avoid jailbreaking.
Erase your device before you sell or donate it. See Apple’s documents What to do before you sell, give away, or trade in your iPhone, iPad, or iPod touch and Sell or give away your iPhone.