The Privacy Enthusiast's Guide To Using An iPhone

Your privacy is important, and now more than ever, it seems like everyone is trying to put eyes on your personal data. That might include advertisers, governments or some weird voyeur in your life. The good news is you can do a few things to your iPhone to make it more secure and privacy friendly without ruining the experience.

Illustration by Jim Cooke.

First things first: This is an Apple device and it's a smartphone, so you'll never hide yourself completely, but you can do a few things to shore up holes to make sure you're not making it easy for someone to collect your private information. We don't want to give you a false sense of impenetrable privacy here, but the below tips and various apps will at least lock down information as much as possible without disrupting your daily activities.

The System Settings You Want to Change for Privacy

First, you'll want to go through your general system settings and change a few things. Here's what we recommend, but pick and choose whichever features matter most to you:

  • Set a strong, alphanumeric passcode: Head to Settings > Touch ID & Passcode and make sure you have a passcode. An alphanumeric passcode that includes both numbers and letters is usually seen as more secure than a numeric one.
  • Don't use Touch ID: Touch ID is great for convenience, but it's a mess when it comes to privacy. Laws are still unclear about this, but right now in the US, police can force you to use your fingerprint to unlock your phone, but they can't make you cough up a passcode. To turn Touch ID off, head to Settings > Touch ID & Passcode, and disable the toggle for iPhone Unlock.
  • Delete any widgets that display personal info: iOS 10 introduced lockscreen widgets, which are great, but they also potentially display all kinds of information you might not want easily accessible. Swipe to the right on the lock screen, then tap Edit to remove any widgets you have installed that display private data you don't want a stranger seeing.
  • Disable certain home screen features: Head to Settings > Touch ID & Passcode and look for "Lock screen access". Remove anything that gives someone access to your personal info, like the Today View, Siri and Wallet. You might also want to disable Reply with Message here, since someone could reply to an incoming message without unlocking your phone.
  • Disable tracking: Head to Settings > Privacy > Location Services > System Services and turn off Frequent Locations. This is a Maps feature that tracks where you go often under the guise of improving search.
  • Turn off contact, photo, email, calendar or location access in apps that don't need it: Head to Settings > Privacy. Here, you'll see a list of a bunch of different system services, including location and contacts. These are the iPhone services you can grant apps access to. There might be some apps in here you don't remember authorising or you just don't want any more. Tap a service, then go through and disable any app you don't want to access that service.
  • Remove notification previews: Chances are you don't want to disable notifications completely, but you might want to hide what those notifications display on the lockscreen. Head to Settings > Notifications and then disable previews for Mail and Messages.
  • Turn on two-factor authentication: Two-factor authentication is the best way to lock down your accounts so a stranger can't access it, even if they know your password. You can set it up for your Apple ID here. You should use two-factor authentication for all your other accounts as well.
  • Enable Find My iPhone: Find My iPhone is a bit confusing from a privacy standpoint, but most people will benefit more from using it then not. With Find My iPhone enabled, you can track a lost phone using iCloud, and you can wipe your phone remotely. Apple will have access to the same information, so it boils down to whether you want to keep the data out of Apple's hands (in which case you shouldn't use an iPhone at all) or out of a thief's hands.
  • Turn off iCloud backups for select apps: iCloud backup is insanely helpful, and while an extreme privacy nut would disable them in order to keep that data off of Apple's servers, an easier solution is to just turn off certain apps. If you head to Settings > iCloud > Storage > Manage Storage > Backups, you can choose which apps back up to iCloud and which don't. Disable any apps that hold sensitive data.

Tweaking a few settings on your iPhone is part of the process. The apps you choose to use are important too.

The Productivity Apps That Protect Your Privacy

Most productivity apps completely disregard your privacy for the sake of convenience. This isn't a bad thing, as cloud syncing and smart organisation features are exactly the features you want from productivity apps. Still, you might not want all your data to somehow end up public, which is where these security-focused apps come in handy. Some, like a web browser or password manager, are useful all the time, and others, like an encrypted notes app or VPN, are only useful for certain things.

None of these apps will keep your data private if you have a corporate managed iPhone with Mobile Device Management set up. If that's the case, get a separate phone and do not use your work phone for anything other than work.

Web Browser: Brave or Firefox Focus

You'll find a ton of different web browsers in the App Store that claim to protect your privacy, but the two we like the most are Brave and Firefox Focus.

By default, Brave uses HTTPS Everywhere. It also blocks scripts, cookies, phishing and pop-ups. You can turn any of those features off and back on again on a per-site basis, which makes it easy to troubleshoot any problems or whitelist sites. Brave's desktop apps have an odd payment system to pay out publishers, but it doesn't seem to be in place on mobile. Brave can be a replacement to Safari, and has the features you need in a browser, like bookmarks, history and password manager support.

Firefox Focus is very similar to Brave, but goes a step further. It blocks trackers, social media and cookies. Firefox Focus also makes it easy to wipe your browser history with a couple of taps, remove all passwords and delete any cookies. Firefox Focus doesn't feature tabbed browsing, so Firefox Focus is best as a supplement to Safari when you want to keep your browsing off the record.

HTTPS Everywhere Updates To Keep You Secure On Thousands More Sites

Chrome/Firefox/Opera. Using HTTPS is essential for keeping your personal information safe, especially when browsing on public Wi-Fi. Free extension HTTPS Everywhere recently updated with thousands more rules, ensuring HTTPS is enabled on as many sites as possible.

Read more

Email: ProtonMail or Gmail

Email is a little harder to tackle from a privacy angle and what you do here depends on why you're concerned about privacy. If you don't want anyone looking at the emails you're sending, then you'll want to set up an email address with ProtonMail. You cannot use the ProtonMail iOS app without a ProtonMail account, but it is the most secure and private app out there.

ProtonMail encrypts every message you send, which means the company can't even read your emails. If you send messages between two ProtonMail accounts, this happens automatically. If you send an email to someone not on ProtonMail, they will get a link to the message that needs a password in order to read it. If you need to keep email messages private and secure, ProtonMail is the app you want to use.

For everything else, keep on using the Gmail account you've always used. Despite Google's data mining, the Gmail app does a good job of keeping your private data out of the hands of anyone else. Every email is over SSL, Gmail encrypts email from sender to receiver and two-factor authentication can secure your email in case you lose your device. Of course, Google has its eyes in there, but if you're concerned about some random person finding your phone then Gmail is a solid bet.

Aside from a service like ProtonMail or running your own server, there's no great way to keep email private, at least on your phone. In that case, Gmail's at least a secure option.

Messaging: Signal or WhatsApp

When it comes to secure and private messaging, you have two popular choices in Signal and WhatsApp. Both feature end-to-end encryption, neither stores messages on their servers after they're delivered, both have voice-calling as well as messaging and both are super easy to use. Which app is better for you depends on where your contacts are, because both parties in a chat need to use the same app.

Signal does have a few added security features over WhatsApp. Signal doesn't store metadata, but WhatsApp does. This means while WhatsApp doesn't know the contents of a message, it does know who the messages are between and records the data, which it could then hand over to law enforcement with a warrant. Signal does not store any of this. If you back up your iPhone using iCloud, Signal will not store your messages in the backup, but WhatsApp will. Your iCloud backups are encrypted so this shouldn't matter, but you'd typically want to keep this data local when possible. None of this matters to most of us, but it's all worth noting nonetheless.

Password Manager: LastPass or 1Password

The best way to keep someone out of your various online accounts is to have a good, strong password. The best passwords are too complicated for most of us to remember them, which is why you should use a password manager. We like LastPass and 1Password.

Your password manager generates random passwords for all your sites, which makes it pretty hard for anyone to get into your accounts to snoop around. This has the dual benefit of security and privacy, since you won't know the passwords to your accounts, making it harder for anyone else to get to them. LastPass is free and syncs data across platforms. 1Password is $5.99/month if you want syncing, but can also store your password vault locally if you don't want that data on a server.

Lifehacker Faceoff: The Best Password Managers, Compared

You have lots of options for password managers, and when it comes to your security, you want the best possible tool for the job. Let's take a look at some of the most popular password managers and compare them side-by-side so you can pick the one that's right for you.

Read more

VPN: Hideman, Tunnelbear or NordVPN

A VPN is an easy way to secure and encrypt your basic web usage. When you connect to a VPN, all your traffic is secure, which is most useful when you're on public networks. When you're at a cafe and on their Wi-Fi, you can connect to your VPN, then secure your traffic on a public network. This way, nobody can snoop on your traffic.

You have a ton of options for good VPNs, but when it comes to basic usability, we like Hideman, NordVPN and Tunnelbear on iOS. All three require a monthly fee if you use a lot of data, but they also give you some free data, which is plenty for the occasional public web browsing at a coffee shop, hotel or airport.

Why You Need A VPN (And How To Choose One)

You might know what a virtual private network (VPN) is, but the odds of you actually using one are low. You really should be using a VPN — ultimately, you may end up seeing it as just as vital as your internet connection. We'll tell you why, explain how to choose a VPN provider and list five that are worth considering.

Read more

Notes: Keeply

To be clear here, if you have sensitive data you want private forever, you shouldn't keep it on your phone. You also should not store it on a cloud service like Dropbox or Evernote, since no cloud storage is completely secure unless you go through and encrypt all your data ahead of time.

If you have some stupid photos or notes you just want away from prying eyes, then Keeply is a good app to protect your data. Keeply gives you the option to link it up with Dropbox or keep data on your phone and lets you set up a special PIN to lock the app. Keeply stores notes, photos, passwords and credit cards. I'd stick to only using it for notes and photos personally, but alongside the PIN protection is also encrypts all data, so it should be pretty safe. What matters here is the data in Keeply never leaves your phone (unless you turn on Dropbox sync), so there's no chance it will end up online.

Cloud Storage: SpiderOak

Cloud storage is a bit tough to do securely and privately, but your best bet is SpiderOak. SpiderOak's "zero knowledge" privacy policy makes it so encryption takes place locally, so they have no idea what you're storing with them. The service doesn't have free tier like Dropbox or Google Drive, but the service is priced to compete, with $US5 ($7)/month getting you 100GB of storage.

The Best Cloud Storage Services That Protect Your Privacy

Cloud storage is easy to come by. Dozens of services shovel lots of free space to you just for signing up. But which of those services are looking at the files you upload, and which services encrypt your personal data? Let's take a look.

Read more

The iPhone app isn't nearly as robust as something like Dropbox, but it does maintain SpiderOak's level of security. If you need a secure online storage option to sync files up and make them accessible from your phone, SpiderOak is your best bet.

With that, your normal iPhone usage should be generally private and secure from people both online and who access to your phone. There are often ways around all this, but at least you won't be making it easy for people to track you.


Comments

    Turn off iCloud backups for select apps

    Not really privacy related, but it is also worth turning off apps here to save some space in iCloud.

    Having read this article, I noticed I only had a small amount of space left in iCloud due to iPhone and iPad backups.

    Most apps these days have their own login e.g Your Optus/Telstra Usage App, Various Shopping Site Apps, Betting Apps, Your Bank Account Apps... why do they need to be backed up? Answer is they don't. At most you might loose an app preference on restoring from backup.

    Ensure that when you Turn On Two-Factor Authentication that you keep your Trusted Phone Number up to date, and Trusted Devices on hand. Apple has no control over Resetting your Password if you've forgotten it, and leaves it to an Automated System to Verify your Identity and Recover your Password if you don't have any of the requirements to Reset the Password, that can take a minimum of 3 business days, with no specific deadline for Recovery

    Also note, the GPS for allowing or disallowing a sign-in can be drastically inaccurate, and is usually based on where your Reception Tower, or Wi-Fi Exchange is coming from.

Join the discussion!

Trending Stories Right Now