Apple spends billions on privacy marketing every year. Those billboards that say "What happens on your iPhone stays on your iPhone" are everywhere. And the company deserves credit, iPhones really are more private than most of the competition. But there's a weird false confidence that comes with owning one. People assume they're covered, then never open the privacy settings.
That assumption is doing a lot of heavy lifting.
App Tracking Transparency Isn't the Whole Story
Everyone remembers when iOS 14.5 forced apps to show that tracking popup. Meta lost an estimated $10 billion in ad revenue because of it. About 75% of users tap "Ask App Not to Track" according to Flurry Analytics numbers.
Here's what the popup doesn't tell you, though. ATT blocks cross-app tracking, one app following your behavior into another app. That's it. Apps can still collect your device model, keyboard language, Wi-Fi network name, and a bunch of other identifiers without asking.
Location Services is a whole separate mess. Even setting an app to "While Using" gives some developers more leeway than you'd expect. A navigation app checking GPS constantly makes sense. A recipe app doing the same thing at 2 AM? Less so. Anyone who regularly hops on airport Wi-Fi or hotel networks should probably Download VPN for iPhone to encrypt traffic at the connection level, because that's a gap no iOS setting actually closes.
Precise Location Is the Setting You Should Change Today
If you only change one thing after reading this, make it this one.
Go to Settings, then Privacy & Security, then Location Services. Every app with location access is listed there. Tap into any of them and you'll see a "Precise Location" toggle. For most apps, turn it off. Approximate location (roughly a 10-square-mile area) is more than enough for weather apps, social media, food delivery, whatever. DoorDash only needs your exact spot when the driver's actually on the way, and even then, you can type your address manually.
It's a small change that cuts off a surprising amount of data collection.
Two Features That Quietly Do a Lot
Mail Privacy Protection showed up in iOS 15 without much fanfare. What it does: blocks those invisible tracking pixels that email marketers embed in newsletters. Those pixels tell the sender exactly when you opened the email, from where, and on what device. With Mail Privacy Protection on, all of that goes dark. Forbes noted in 2023 that open-rate tracking among iPhone users fell by roughly half after Apple flipped this switch. Marketers were not thrilled.
Safari's Intelligent Tracking Prevention is the other quiet workhorse. It blocks third-party cookies and makes browser fingerprinting harder. There's also a "Hide IP Address from Trackers" toggle buried in the Safari section of Settings that not everyone knows about. No speed penalty, worth turning on.
The Privacy Report That Nobody Opens
Tucked inside Settings under Privacy & Security, there's something called App Privacy Report. It's been there for years. It records every time an app accesses the camera, microphone, contacts, or location over the previous seven days.
Barely anyone checks it.
That's a shame, because the results can be genuinely unsettling. A free flashlight app pinging location data overnight. A calculator accessing the microphone. Apple's own support documentation goes into detail about how the permission system works, but reading the report itself is way more revealing than any documentation page. Two minutes once a month is enough.
One more thing on this: delete apps you forgot you installed. That sounds almost too obvious to mention, but old apps sitting on your home screen still hold permissions and still run background processes. Getting rid of them is the fastest privacy win available.
Public Wi-Fi Undoes a Lot of This Work
Here's where things get uncomfortable. Every setting mentioned above works great on cellular data or a home network. On the free Wi-Fi at Starbucks or an airport lounge? The rules change.
Open networks don't encrypt traffic between your phone and the router. Apple's Private Wi-Fi Address feature (on since iOS 14) does randomize your MAC address per network, which stops locations from tracking your device across visits. Useful, sure. But it doesn't encrypt what you're actually sending and receiving. Stanford researchers have published work showing that credential interception on unencrypted public Wi-Fi is still shockingly straightforward to execute.
A VPN solves this particular problem cleanly. Encrypted tunnel, unreadable packets, done. For anyone who connects to open networks more than a couple times a month, it's worth having one installed and ready to go.
What This All Comes Down To
Nobody needs to become a security expert to get real privacy on an iPhone. Turn off Precise Location for apps that have no business knowing your exact coordinates. Confirm Mail Privacy Protection is enabled. Scan the App Privacy Report every few weeks. Use a VPN on public Wi-Fi.
That covers the stuff that actually matters for most people. Apple's Lockdown Mode exists for journalists and activists dealing with state-sponsored threats, but that's a different conversation entirely. For everyone else, doing the basics consistently beats doing everything once and forgetting about it.