iPhone Privacy Checklist: 12 Settings to Fix in 2026

iPhone privacy is mostly a configuration problem, not a software problem. iOS ships with strong defaults, but a long tail of useful settings sit behind menus most people never open. You can work through almost all of them in a single evening, in the order below.

This is the checklist I run on every new device, and every six months on the ones I already own. Items are ordered roughly from “everyone should do this” to “do this if it fits your threat model.” Open Settings, set aside about forty-five minutes, and let's work through it.

1. Mail Privacy Protection

Settings → Mail → Privacy Protection → Protect Mail Activity

Every marketing email contains invisible tracking pixels: tiny images that load from the sender's server the moment you open the message. That load tells the sender when you opened it, roughly where you are via your IP address, and which device you used. Across newsletters and retailers, that adds up to a record of when you read what.

Mail Privacy Protection breaks this in two ways. It pre-fetches remote images through Apple's relay before you ever open the message, so the timing signal stops being useful as a tell. It also hides your real IP address behind Apple's proxy infrastructure, so IP-based geolocation becomes useless too.

Enable it: toggle Protect Mail Activity to on. The only edge case is if you run a newsletter yourself and care about open rates. Those become unreliable for Apple Mail users, but that's the entire point.

Skip if: you use a third-party mail client like Gmail or Outlook as your primary. Those apps have their own image-loading rules and won't benefit from Apple's relay.

2. Hide My Email

Settings → [Your Name] → iCloud → Hide My Email (requires iCloud+)

Your email address is the most leveraged identifier in modern marketing. It links your purchases at one retailer to your activity at another, and it ends up in every data breach. Once it leaks, you can't really change it without rebuilding your digital life.

Hide My Email lets you generate unique, random forwarding addresses on demand, like [email protected]. Each one routes to your real inbox, and you can disable any one without affecting the others. If a retailer sells your address to a data broker, you delete that alias and the spam stops.

Use it for: newsletter signups, store loyalty programs, single-purchase websites, anything you're not sure you'll use again. It also breaks cross-service correlation by giving each service a different address.

Skip if: you don't pay for iCloud+. SimpleLogin and Fastmail offer comparable alternatives without the Apple subscription.

3. App Tracking Transparency

Settings → Privacy & Security → Tracking

When you open a new app and it asks “Allow [App] to track your activity across other companies' apps and websites?”, that's App Tracking Transparency at work. iOS forces apps to ask before they can access the IDFA (the per-device advertising identifier used to correlate behavior across the app ecosystem).

The right answer is almost always “Ask App Not to Track.” But you can do better: turn the prompt off globally, so apps can't even ask.

Disable globally: toggle Allow Apps to Request to Track to off. Existing tracking permissions are revoked, and apps that try to ask are silently told no.

What you lose: nothing measurable. Free apps may show less personalized ads, which usually means ads that feel more random and less targeted.

Worth noting: ATT only controls cross-app tracking via Apple's identifier. Apps can still track behavior within their own app and link it to accounts you've signed in with. For broader context, see our guide to VPN myths.

4. Safari: Prevent Cross-Site Tracking and Hide IP Address

Settings → Safari → Privacy & Security

Safari has had Intelligent Tracking Prevention for years, but two specific toggles deserve a manual check.

Prevent Cross-Site Tracking should be on. This blocks third-party cookies and isolates storage per site, killing most of the tracking infrastructure that follows you across the web. On by default, but worth verifying.

Hide IP Address has two modes. From Trackers is on by default and routes connections to known tracker domains through an Apple proxy. From Trackers and Websites is stronger but requires iCloud+ and turns on iCloud Private Relay (next item).

Also check: Fraudulent Website Warning (leave on) and Advanced → Privacy Preserving Ad Measurement (on by default, which is fine).

Safari's protections only cover Safari. See our guide to what a VPN actually is for what network-level privacy adds on top.

5. iCloud Private Relay

Settings → [Your Name] → iCloud → Private Relay (requires iCloud+)

iCloud Private Relay is often misunderstood. It is not a VPN. It only protects Safari browsing, DNS queries, and a narrow set of insecure HTTP requests from apps that use system networking APIs. It does not cover your apps in general, background traffic, or media streaming. Within that scope it uses a two-hop architecture so neither Apple nor the second-hop network can see both who you are and what you're visiting.

Enable it if: you have iCloud+ and want stronger Safari protection. It's free with the subscription, has minimal impact for most users, and just works.

Don't rely on it for: general app traffic, public Wi-Fi protection across all apps, or geographic relocation. It usually keeps you in roughly the same region. For a deeper comparison with a full VPN, see our iCloud Private Relay vs VPN breakdown.

Honest summary: Private Relay is excellent at what it does. It is not a replacement for a VPN if you need network privacy beyond Safari.

6. Lockdown Mode

Settings → Privacy & Security → Lockdown Mode

Lockdown Mode is Apple's hardened mode for people facing targeted attacks: journalists handling sensitive sources, activists, dissidents, executives whose data is worth a real attacker's time. When enabled, iOS aggressively restricts attack surface. Message attachments are limited, some web technologies are disabled, FaceTime calls from unknown contacts are blocked, and a lot of obscure features turn off.

The tradeoffs are real. Some websites will break. Some attachments won't render. This is not a mode you turn on casually.

Enable if: you are in a profession or situation where you might be specifically targeted, not just generically tracked. If you're not sure whether you are, you almost certainly aren't.

Skip if: you're a mainstream user. Lockdown Mode is a specialized tool for specific people, not a “more privacy is better” toggle.

Either way, know it exists. If you ever need it, flipping the switch takes ten seconds.

7. Photo Library Access

Settings → Privacy & Security → Photos

When you scroll the list of apps with photo access, you'll likely see a few that genuinely need it (a photo editor, a messaging app) and a long tail that don't. A delivery app does not need to see every photo you've ever taken to let you upload a “proof of damage” picture.

iOS has three options per app:

• None: the app can't see your photos at all
• Limited Access (Selected Photos): you pick specific photos each time
• Full Access: the app sees the entire library, all metadata, every location embedded in every photo

Most apps should be on Limited Access or None. Walk down the list and ask whether each app on Full Access really needs it.

The metadata problem: photos contain GPS coordinates and timestamps by default. An app with full access doesn't just see the photos you intend to share; it sees a map of where you've been for years. Limited Access cuts this almost entirely.

8. App Permission Audit

Settings → Privacy & Security

Working through this section once is the single highest-value thing on this checklist. Each entry (Location Services, Microphone, Camera, Contacts, Bluetooth, Local Network, Motion & Fitness, Health) shows which apps have asked for and received that permission. You'll find at least one surprise.

The questions to ask, app by app:

• Location Services: precise or approximate? Always, while in use, or never? A weather app needs approximate, while-in-use. A ride-share needs precise, while-in-use. A note-taking app needs nothing.
• Microphone: anything other than calls, voice memos, video recording, or transcription is suspect.
• Contacts: very few apps actually need your full contact list. Most messaging apps that used to demand it now work without.
• Local Network: added in iOS 14 because apps were using it to fingerprint your network. Deny unless the app obviously needs to talk to a smart-home device or printer.

Revoke generously. iOS will re-prompt if an app actually needs the permission back.

9. Notification Previews on the Lock Screen

Settings → Notifications → Show Previews → When Unlocked

By default, iOS shows notification content on the lock screen. A two-factor code, a message from your bank, a personal text, all visible to anyone holding the phone or anyone glancing at it on the table at a cafe.

Changing Show Previews to When Unlocked is a small change with a real reduction in leakage. Notifications still arrive, you still get the badge, you still see the app name, but the content is hidden until you've authenticated.

Per-app override: you can leave this on globally and still permit specific apps to always show previews if you want. Go into each app's notification settings.

The risk here isn't sophisticated. It's the person sitting next to you on the train, the colleague leaning over your desk. Most lock-screen leaks are mundane, which is why the fix is too. The setting takes ten seconds.

10. Passwords and Passkeys

Settings → Passwords

iOS Passwords (a standalone app in iOS 18+) is a genuinely capable password manager. It syncs across your devices via iCloud Keychain, autofills credentials in apps and Safari, generates strong passwords on signup, and warns you about reused or breached ones.

Two things to do here:

• Open Security Recommendations and work through the list of reused, weak, or breached passwords. Change them one at a time. The built-in flow handles most sites cleanly.
• Enable Passkeys where available. A passkey replaces the username-and-password dance with a cryptographic key stored in your Keychain, unlocked with Face ID or Touch ID. It cannot be phished, cannot be reused across sites, and cannot be stolen in a database breach because the secret never leaves your device.

Skip if: you already use 1Password, Bitwarden, or another manager you trust. Two password managers is worse than one.

Reusing the same password is one of the most common causes of account compromise. If you do one thing on this checklist beyond the freebies, do this one.

11. Two-Factor Authentication on Your Apple ID

Settings → [Your Name] → Sign-In & Security

Your Apple ID is the master key. It can wipe your devices remotely, read your iCloud backups, see your photos, and (if account recovery succeeds for an attacker) impersonate you to your contacts.

Two-factor authentication should already be on if your account was created in the last several years. Verify it. While you're there:

• Review trusted devices. Remove any you don't recognize or don't use.
• Generate and save a Recovery Key. A 28-character code that lets you regain access if you lose all your trusted devices. Store it somewhere you can find but an attacker can't. A paper note in a safe is fine. Without a recovery key, account recovery goes through Apple's slow review process and is not guaranteed.
• Review your trusted phone number. If you've changed numbers, update it.

Bonus: turn on Stolen Device Protection (Settings → Face ID & Passcode). It adds a delay and biometric requirement to sensitive actions when your phone is in an unfamiliar location, defeating the “thief watches you type your passcode and then steals the phone” attack.

12. A VPN: When and Why

A VPN is item twelve on this list, not item one, and that ordering is deliberate. For most day-to-day privacy concerns, the eleven items above do more than a VPN does. A VPN solves a specific problem: it puts an encrypted tunnel between your device and a server you trust, so the network you happen to be on (coffee shop Wi-Fi, hotel internet, your ISP at home, a foreign network while traveling) can't see what you're connecting to.

That problem is worth solving in three situations:

• Public and shared Wi-Fi. The threats have evolved since the “anyone can sniff your traffic” era, but DNS-level snooping and captive portal interference are still real. See our breakdown of public Wi-Fi risks in 2026.
• Travel. Connecting to networks you'll never use again, in jurisdictions where your ISP isn't accountable to you, is exactly what VPNs were built for. See our guide to VPN while traveling.
• Privacy from your ISP. Your ISP can see every domain you visit. In many countries they can sell that data. A VPN moves that visibility to a provider whose business model, if you pick a good one, is privacy.

The reasonable counter: pick a VPN that doesn't replace your ISP's surveillance with their own. That means no traffic logs as a technical fact, not just a marketing line (see our explainer on no-logs VPN claims). And ideally a provider that doesn't link your subscription to a real identity in the first place.

That last bit is why Snap VPN doesn't ask for an email. Your subscription is handled by Apple, so we never see your name, email, or payment details, and we don't keep records of which servers you connected to or what you did there. The protocol is WireGuard (see our WireGuard vs OpenVPN vs IKEv2 comparison), fast enough that always-on becomes practical. Setup walkthrough: how to set up a VPN on iPhone. The broader case for accounts that don't require email: anonymous VPN, no email.

What You Don't Need to Bother With

A few things look like privacy work but mostly aren't:

• Faraday bags for everyday phones. Useful for crossing borders or specific high-stakes meetings. Not for daily life. You'll forget it's on and miss calls.
• Constantly changing your DNS provider. Pick a reputable resolver once (Cloudflare, Quad9, or your VPN's default) and move on. Cycling weekly does nothing.
• “Private browsing” as a privacy strategy. Private/Incognito mode hides activity from other people using your device. It does not hide anything from the websites you visit, your ISP, or trackers.
• Covering the camera with tape. iOS shows a green dot when the camera is active and an orange one for the microphone. The OS-level indicators are reliable. Tape is theater.
• Avoiding biometric unlock. Face ID and Touch ID are more secure for most everyday threat models than a typed passcode. They raise the bar for over-the-shoulder attacks. The privacy-conscious move is to use them.

Spend your attention on the items above the line, not below.

Bottom Line

Privacy on iPhone works in layers. Each setting closes a specific gap, and skipping any one of them isn't catastrophic. But doing the full pass once means the defaults stop working against you. Most of what's leaking your data right now isn't a sophisticated attack; it's an app permission you granted three years ago, a mail tracker you didn't know existed, or a lock screen showing your bank's two-factor code to anyone with eyes.

If you have one evening, work through items one through eleven in order. They're free or near-free, they require no expertise, and they collectively reset your defaults. Then decide whether item twelve, a VPN, fits how you actually use your phone. For travelers, public-Wi-Fi users, and anyone whose ISP they'd rather not trust, the case is straightforward. For someone who only uses their home network on a phone that mostly stays at home, it's optional.

For the broader picture of when a VPN is and isn't worth it, see our what-is-a-VPN guide. For common misconceptions, our VPN myths post. And if you decide it's a fit, Snap VPN is built around the same logic as the rest of this checklist: no email signup, no traffic logs, no identifier tying your account to a real person. One more layer in a stack, not a substitute for the rest.