Is your iOS device secure and protecting your privacy?
Probably not…
iPhones and iPads are susceptible to many privacy and security threats. Making matters worse are applications that act like giant data vacuum cleaners – quietly suck up as much of your data as possible. Private data is collected and sent back to the parent company for analysis, storage and sale to third parties (browsing history, social media activity, physical locations, contacts, messages, etc.).
There’s also a growing security and privacy app industry. Unfortunately many of these apps are dangerous and invasive – such as free ad blockers that sell your data and partner with advertisers. There are also many free VPN (virtual private network) apps that contain malware, tracking, and other privacy threats – see the free VPN guide and the VPN Warning List for more information on these dangers.
But not to worry – there are good solutions that do not involve downloading a bunch of shady privacy apps.
This guide will show you how to make your iOS device as secure and privacy-friendly as possible with the following five steps…
Step 1: Delete those iOS apps
Given that most applications are harmful to your privacy, consider deleting everything that is not absolutely essential. Here are a few categories of apps that are especially problematic when it comes to privacy:
- Social media (Facebook, Twitter, Instagram, etc.)
- Games (Angry Birds, Words with Friends, Despicable Me)
- Weather (GO Weather Forecast & Widgets)
- Transportation (Uber, Lyft, etc.)
- Messenger/Photos/Chat (Snapchat, WhatsApp, QQ)
- Drawing/photo editing
You should consider most apps as potential privacy threats. With bad apps, you might not find out they’ve stolen your data or messed up your device until it’s too late.
So if it’s not absolutely essential to your life, just delete it.
Step 2: Encrypt your internet traffic with a good VPN
VPN (virtual private network) services are rapidly growing in popularity for a number of reasons. Mainly, they’re used as a powerful tool to encrypt and protect anything that connects to the internet, while also allowing people to bypass geographic restrictions and access blocked content.
When using a VPN on a mobile device, you have two options:
- Use a VPN app
- Use your iOS device’s built-in VPN configuration
Built-in VPN configuration
Using the built-in VPN functionality on your iOS device (instead of a VPN app) offers the following benefits:
- It forces every internet connection on your iOS device (including all apps) through the VPN and is leak proof (with “Connect on demand” enabled)
- With a good VPN service, it will be very reliable and won’t crash all the time (like many VPN apps)
- It provides strong encryption and privacy protection utilizing the IPSec/IKEv2 encryption protocol
- It is generally less risky than downloading a third-party app
Two great VPN services that support the manual configuration on iOS devices using the IKEv2 cipher are:
All you need to do is import your VPN’s configuration files onto your iOS device and then enter your login credentials. See this step-by-step guide from Perfect Privacy:
Setting Up On-Demand VPN with iOS
The built-in VPN configuration is easy to access and setup directly from your Settings area.
Your real-time VPN connection status will always be displayed at the top of the screen. I have found that having the “connect on demand” option always enabled does not significantly affect battery life or performance. Here I am testing the VPN connection on this IP test page.
If you would rather use a VPN app instead of the built-in VPN configuration, there are a few options.
The one drawback with using the built-in VPN configuration is that it is more difficult to setup than simply installing a VPN app…
iOS VPN apps
Using a good VPN app on your iPhone or iPad will be simple to setup and use, but it may not be as reliable as the built-in configuration. If you want to try an app, here are two iOS VPN apps that seem to work well based on my testing:
- ExpressVPN for iOS – ExpressVPN has some of the best VPN mobile apps in the industry. They are secure, user-friendly, and offer the excellent performance. The support is also top-notch with 24/7 live chat and a 30 day money-back guarantee.
- VyprVPN for iOS – VyprVPN’s iOS works very well and allows you to control exactly which apps on your device go through the VPN (this is like a split tunnel feature).
- VPN.ac for iOS – VPN.ac is slightly more expensive than VyprVPN, but they offer many advanced security and privacy features.
Whether you choose to go with the built-in iOS VPN settings or a simple and user-friendly iOS VPN app, either option will help to secure your connection and give you more privacy.
Step 3: Block ads, tracking, and malware
Online advertisements are becoming increasingly dangerous.
Recently there has been an explosion of malicious advertisements affecting all devices – also known as malvertising. Online ads are an easy attack vector for the following reasons:
- Most sites host ads that are fed in from untrusted third party domains
- Third party advertising domains can be hijacked to inject malware and ransomware into ads and onto your device
- No clicks are required – your device can be infected simply by loading the website
This growing problem is even affecting major websites such as the New York Times and BBC.
You basically have two options for blocking ads on your iOS device:
- Download an ad blocker app (such as Purify for about $2 in the Apple store)
- Use a VPN service that has a built-in ad blocker (such as Perfect Privacy with the TrackStop filtering feature)
- Install an ad blocker extension on your mobile browser
You can try out the different options to see which one works the best for your unique situation.
If you go with TrackStop filter, all ads/tracking/malware domains will be blocked at the VPN server level when you are connected through the VPN. This is great as it keeps dangerous domains far away from your device, since it is a server-side feature. TrackStop blocks:
- over 30,000 tracking and ad domains
- over 45,000 known malware domains
- over 20,000 phishing domains
Think of every ad as a digital surveillance camera and protect yourself accordingly.
Step 4: Secure messaging
Governments, corporations, and hackers have been spying on text messages and listening to calls for years.
So what alternatives do you have to secure your messages?
To secure and encrypt your text messages you could use one of the apps mentioned below.
Signal is a great, free option that utilizes strong 256-bit AES end-to-end encryption. When you install Signal, it will integrate well with your iOS device and also utilize perfect forward security to protect your data. Signal’s code is also open source, which is good. (Signal download for iOS here.)
Threema is another great secure messaging option utilizing end-to-end encryption. It’s based in Switzerland and is a low-cost ($2.99) alternative for those seeking a more secure messaging option. You can download the iOS version and get started.
You can see other secure messaging apps on the privacy tools page.
Step 5: Secure your iOS settings
For privacy and security, it’s a good idea to modify your default iOS settings. Changing these settings will greatly enhance the privacy and security of your device.
Here are a few changes to enhance your privacy:
- Disable fingerprint security with Touch ID. This is another privacy/security issue that can be used against you. Police in the United States have forced people to unlock phones with their fingerprints. You can disable this from Settings > Touch ID & Passcode > Phone Unlock (disabled).
- Modify the “Today” home screen widgets, which are accessible without a password. Simply go to your home screen, swipe to the right, then go to the bottom and select Edit. Delete everything that’s not absolutely essential from the unsecured “Today” screen.
- Set a strong password (six digits or longer). You can do this from Settings > Touch ID & Passcode > Turn Passcode On > Passcode Options.
- Stop location tracking and limit which applications can get your location. Go to Settings > Privacy > Location Services (double check which Apps you want to allow access to your location) and then > System Services > Frequent Locations (turn this off and Clear History).
- Enable the “Erase Data” feature to “automatically erase all date on your iOS device after 10 failed passcode attempts.” This is a great idea to keep your private data secure if your phone gets lost or stolen. Go to Settings > Touch ID & Passcode > Erase Data (at the very bottom – enabled).
- Review all data that is available to your applications. Go to Settings > Privacy and then double check everything. From the Privacy section, you can also go to the bottom and select Advertising > Limit Ad Tracking (enabled). This makes it much harder for companies to hit you with targeted advertisements.
Enjoy your secured and unrestricted iOS device!
Finished! Now you have a secured and protected iOS device that will also give you unrestricted access to the entire internet (thanks to your VPN service).
This setup gives you the following advantages:
- All internet traffic is encrypted, secured, and anonymized by going through your VPN configuration.
- You won’t have apps collecting your data (because all unessential apps were deleted).
- Advertisement, malware, and tracking domains are completely blocked at the VPN server level.
- If you need to use messaging or VOIP, all communications/messages will be secured with end-to-end 256-bit encryption.
- Your iOS settings will provide you with further privacy and security, with the recommended changes above.
Securing your iOS device is just one step to restoring your privacy. If you’re ready to go further, check out the Simple Online Privacy Guide for a total privacy solution.
Hi, Sven,
I’m making progress with security and privacy protection, thanks to your website!
Question: I purchased NordVPN due to positive reviews on this website, but I read above that on iPhone, it is better recommended to use the built-in Apple VPN configuration? I was able to download NordVPN onto the iPhone, but should I switch back to the built-in conficuration.
Many thanks,
polarbeard
Hi Polarbeard, I’d stick with the dedicated iOS app in this case. You will get great leak protection, plus all of the NordVPN features, such as CyberSec and specialty servers. And most of all, you’ll get WireGuard, which performs phenomenally on mobile devices, much better than OpenVPN and IPSec/IKEv2. (We’ll be updating this guide later this year with these recommendations.)
Not sure how it happened, but after I downloaded NordVPN to the iPhone, it auto-connected me to NordVPN NordLynx, which has WireGuard. I read that WireGuard, fairly new, may have some vulnerabilities, but Nord addressed this by adding a double NAT system, so users are validated by a secure external database, and your actual IP address is never shared with the VPN server. I need to feel secure.
Polarbeard
Yes, we were hesitant with WireGuard when it first came out due to the privacy issues, but VPNs like NordVPN and OVPN have found ways to fix these issues. It also offers some security advantages and is easier to audit with a smaller code base.
Is there a way to know for sure that iOS doesn’t collect data? Is there a way to know for sure that Apple doesn’t gather location data or other private data from your iPhone by going around your VPN settings and your other best effort to keep your iPhone data secure? Is there a way to see what data was shared with the Internet on the router level for example? Thank you.
Smart phones, and the apps on them, collect tons of data, and it’s not just through your WiFi internet, but location data, cell data, contact info, etc. Overall these are not devices when privacy is important.
https://www.washingtonpost.com/technology/2019/05/28/its-middle-night-do-you-know-who-your-iphone-is-talking/
Hello Sven,
This is my first comment on this site. I’d just like to mention I love the site and really appreciate everything you guys do (I think I’ve read every article on the site).
I thought it worth mentioning that NordVPN also allows for manual config IKEv2/IPSec. Their guide is here:
https://support.nordvpn.com/Connectivity/iOS/1153001402/iOS-manual-IKEv2-configuration.htm
I’ll soon be switching to this service, thanks to this fantastic article you’ve written. Thanks again!
Thanks Scott. I’ll add NordVPN with the next update.
Is there any app that will block youtube app
Is there an ad blocker that could block ads from apps on the iPhone?
purify isn’t useful since it only applies to safari(which I could use adguard instead).
Not sure, perhaps AdGuard could…
Will there be a guide for Mac os and windows 10?
Yeah, I should do that, not sure when though, very busy (and behind) on other projects.
Hi Sven
I use a lot spotify, google maps, uber and rappi, but i guess they arent safe at all
Got any suggestion to replace those apps?
Hi Isa, sorry, I’m not on top of mobile app alternatives since I’m not much of a smart phone user at the moment.
Hi Sven
What kind of phone does a professional use? 🙂
Well there are a few Linux phones available with the Pinephone and Librem models, but you could also go with an old-school flip phone that doesn’t spy on you as much as a smart phone running Android.
Thanks for the reply, your work is very important 🙂
Greetings, f.
You should probably try to use startpage’s proxy and a good vpn to prevent tracking.
You can use fake information
Name:it should be a proper name.
Date: just make sure to reach the required age.
However, it has a lot of tools that can know more about you
(https://restoreprivacy.com/facebook-privacy/)
So don’t use facebook, use
Mastodon
Diaspora
Minds
Could you recommend a good cloud sync option or cloud backup option?
Tresorit seems to be a good option.
Are there any systemwide adblockers for iOS? Firefox is not allowing addons
Hi Kaiser, you may want to check out AdGuard. They offer an iOS app that works with Safari, but you can also use their ad-blocking DNS servers, setup on your iOS device, which would apply to all browsers and apps.
Thank you. Got adguard pro.
Be cautious that the VPN does not disconnect when in sleep mode while the internet connection stays active. This needs to be monitored immediately when the device wakes after long sleeps, as the VPN will reconnect.
I notice that too, why does that happen if you know?
How can I create a Facebook account without submitting my personal information (without revealing my identity) ?
I am using OpenVPN Connect on iOS all the time. Do you still recommend me to use iOS built in IKEV2 over OpenVPN? Thanks 😀
Hi FerdinCrypto, not if you are happy with the OpenVPN Connect app. The IKEv2 option is stable and leak-proof, but you need a VPN that supports the IKEv2 cipher. May be worth a shot if you want an alternative to OpenVPN apps.
Dear Sven Taylor,
Thank you, I am up with OpenVPN on iOS all the time,Sometimes it has some issues, maybe it need an update. If I come to know it is not working, I switch to IKEv2. I am not a fan of L2TP.