5 minutes reading time (1014 words)

Privacy Cookbook Chapter 5.1 - Cellphone Security - iOS

ios

Before we dig deeper into Android and other phone manufacturers, let's get iOS out of the way. 

The newest iOS has a chip which submits your location to Apple every time you switch off your phone.even if you have location services on or off! And it will pinpoint your whereabouts even if you are using a VPN or have airplane mode turned on! 

So let's address that first.

You do have some options to make iOS fairly secure but bare in mind not super secure/private!

I guess the start point has to be:about choices: Is it better to give your data to Apple (which claims to be private by design and not an advertising company) or to Google (which uses your data 100% for advertising)? This is your very own choice, so go ahead, eyes wide open!

Let's assume you picked iOS. The good news here is that, for instance, the iPad Pro doesn't have the tracking chip, so if you don't mind lugging a big-ish device, it could be your daily go-to device. That said, the iPhone XR also doesn't have the tracking chip but was the last without it.

Let's now move on to the things you can and should do if you have an iOS device.

Firstly, ensure you keep your software up to date! This is for security patches etc. Always run the latest software. (most updates automatically, but push if notified),

After you have done this go to Settings -> Privacy -> Location services -> System Services and switch everything off, except the last point what says Status Bar Icon. This will ensure you see if Apple or anyone else is still using the location services to pinpoint you. Now, jump back one step and switch Location Services Off!

Next, find Advertising (still on the Privacy Screen), chose Limit Ad Tracking, then click Reset Advertising Identifier (and do this every 14 days as it takes around 20-30 days to have you profiled on the ad tracking!).

Now find Calendar on the Settings Page and switch off Location Suggestions.

Find Messages on the Setting Page
Keep Messages and chose 30 days (except you like to have the messages stored in the cloud for longer)

Find Safari on the Settings Page
Search Engine -> DuckDuckGo
Search Engine Suggestions (Off)
Safari Suggestions (Off)
Block Pop Ups (On)
Downloads -> on my iPad/iPhone
Prevent Cross-Site Tracking (On)

Siri & Search (on the settings page)
Listen for "Hey Siri" -> Off
Press Top Button for Siri -> Off (if you use Siri leave it on)

On this page you see all your apps (chose careful what Siri should be allowed using, or switch all off)

In General (Settings Page) find Background App Refresh
Chose here what you actually need and improve battery life that way.

It shouldn't go without saying that we recommend to use a strong at least 6 digits Pin Protection, or when you have a newer iPhone you need to unlock with your face!

I personally sign out of the Cloud after I download everything I need and just sign in to the App Store when there is an update (always signing out again afterwards!)
Be careful when you have 2FA on
as you need either SMS or a second iOS device or Mac to allow you to go back in!

If you like to stay signed in, switch off Find My and chose in iCloud what you are willing to have in the cloud.

I also highly recommend to switch Photo off in icloud! As nice this sounds, we seen icloud photo leaks in the past, but worst then that you allow Apple to scan your pictures!


Apple is dedicated to protecting children throughout our ecosystem wherever our products are used, and we continue to support innovation in this space.

As part of this commitment, Apple uses image matching technology to help find and report child exploitation. Much like spam filters in email, our systems use electronic signatures to find suspected child exploitation.

Accounts with child exploitation content violate our terms and conditions of service, and any accounts we find with this material will be disabled.”

https://www.apple.com/legal/child-safety/en-ww/index.html

As great this sounds, we do not know how deep the rabit hole goes, the main point here is they scan your pictures, what can they see, who can see it, or whop could if they find out how to hack icloud!

One more question raises, do they scan also your pictures you make in real time? We know for a fact that samsung connects everytime you make a picture and when you enter the gallerty (we have Samsung writeups soon!), and Apple has a hell of a lot connectuions all day long to your phone.. (not applying they do and I dont apply Samsung does, but it sure don't make me confortable taking picturtes with my phones.

Now to Software, one great tool to use is DNSCloak (read here how to use it)

Another great software is NextDNS (we also have this covered in an previous chapter)

WireGuard (if you use Mullvad as your VPN provider) is probably the best choice, second best is Passepartout (OpenVPN)

For Password management we strongly recommend Bitwarden and not use the cloud feature what comes build in on your iOS device. Bitwarden also works on desktop and android. A bad taste we have on bitwaren however is that google analytics in there app on android.

iPGMail is an excellent tool to PGP encrypt emails and files.

And as a bonus have a look to toot! What is an excellent Mastodon app for iOS

Secure messaging we recommend Signal or Riot (we will have a new round of messengers soon)

Last but not least as we mentioned already use ViewExif for your pictures to remove metatags.

A great list to block apple from collecting data and pinpoint you is here:

iOS Paranoid - Blocks most Apple Analytics and requests (Push and App Store works)
Apple & iOS - Apple Telemetary
iOS Ads - Careful might block more as you want! We use it!
AdGuard Safari - Safari Browser Ads


You can use this with DNSCloak, or Adguard what is also a great solution to filter ads on your device.

 

Comments (0)

Rated 0 out of 5 based on 0 voters
There are no comments posted here yet

Leave your comments

  1. Posting comment as a guest. Sign up or login to your account.
Rate this post:
Attachments (0 / 3)
Share Your Location