Learn how to reach optimal mobile OS privacy. In this post, we will focus on Apple’s operating system, so we will review iOS privacy features.
Since mid-2018, the world uses mobile devices more than desktop PCs (including laptops) computers. That makes mobile OS privacy even more important than privacy on the desktop platform.
In this and the following posts, we will introduce mobile OSs. They are widely used and it is therefore important to bring privacy to your handset. In this series, we will review the OSs iOS, Android, LineageOS and other custom ROMs with privacy features in mind.
This article is part of a series, all 6 parts are here:
As far as we know, Apple is not innocent, but the data collection is nowhere near the level of Google or Microsoft. Apple makes most of its profit with the devices they sell, while Google needs to grab your data to sell it to advertising companies. Using the Safari browser on iOS will send significantly less data to Google servers than using Google Chrome on Android. It is easier to limit the access to your data for iOS apps, compared to Android. On Android, some apps simply ignore or even change your permission settings to gather information. That is particularly true for Google apps.
After this short introduction, we will explain why iOS is not perfect. You have probably expected that on our website. 😛
There have been some serious security issues on iOS in the past. One of them was the quite recent FaceTime eavesdropping. It appeared in iOS 12. For a while, you could call people with FaceTime and their microphone would be activated before they pick up the phone. You were then able to listen without their knowledge. That was fixed, but shows that data breaches even happen in programs of very professional software developers.
Another thing we do not like about iOS is the use of FaceID and fingerprint sensors. They may sound like a good idea, since biometric login systems cannot be brute-forced like a PIN. The major disadvantage of using FaceID or your fingerprint is that you could be forced by law enforcement to log in with your face or fingerprints. That applies to countries with repressive governments, but in modern Western states, police also abuse that people use the biometric login out of convenience.
At any time, they can use force or deception to make you unlock the device with your face or fingertip. Therefore, we do not recommend biometrics to log in on smartphones. When you use a strong password instead, it is your choice to reveal the password or not. That makes gaining access to your device much more difficult for law enforcement and other cyber criminals. They cannot easily force you to give them the password and definitely cannot crack it in most cases, unless your PIN is “1234” or “password”. Also unsafe are permutations of common words, e.g. “passwerd”, “pa$$w0rd” or “password1”. We know that the FaceID and TouchID problem is not specific to iOS. Biometric sensors exist on Android handsets too, but Apple especially promotes biometrics.
One feature you should definitely disable is anything related to Siri. As a test, just type a single letter or short word in the iOS search and you will see, how closely Siri tracks your activity across all apps.
Let us now show you how to kill her:
Open the Settings app and go to the Siri & Search settings tab. What you need to do now is flip all green switches to white to stop Siri from sending data to Apple. That includes the switches for Siri and Allow “Hello Siri". After that, you will have to scroll down in the Siri settings and disable Siri’s Suggestions in Search and Suggestions in Look Up. Unfortunately, we are not done yet, since you need to disable the AI’s activity tracking as well. That has to be done individually for every app, so you need to scroll down further in Siri & Search and disable Siri Suggestions for each app you have installed. It is time-consuming and probably implemented that way to make you send data to Apple, because disabling Siri is a pain and too annoying for most people to do it. After that, go to General>iCloud and deactivate Siri’s access to iCloud.
Siri is one of the main reasons, we recommend LineageOS instead of iOS or Android. On PC, we recommend Linux instead of macOS with a similar argumentation. Siri is a spy tool, but not even close to the data kraken Google or Microsoft’s Cortana, who suck up your personal data like a vacuum cleaner. That said, Siri still uses similar mechanisms to Cortana to create a profile of you, based on you interests/apps/activities/search requests and personality. Siri can even make use of your photos as a data source. Since she or it is integrated into the OS, Siri can monitor your activity across all parts of the OS, even in apps not made by Apple. So please turn the personal assistant off as described above.
The next thing you need to change is Safari. Do not use the default Google Search as your search engine. Set it to DuckDuckGo or Qwant, then disable Safari Suggestions.
Probably the most important thing in Safari is to disable Safe Browsing. Safe Browsing is an anti fraud and anti-phishing service, but it is a privacy disaster. The Safe Browsing API is a Google service! Your web activity in Safari will be sent to Google under the guise of protecting you from phishing or viruses. According to Google themselves, the URLs you open are not sent to Google. They are instead checked locally with a database of hashed URLs, but do you really trust them? Google even admit that they send the URL and keywords from the site to their own servers if a website “looks suspicious”.
Our final tip for iOS is to go to the Privacy tab in the settings and scroll down all the way to Ads and Analysis. Enable Limit Ad Tracking and deactivate Apple’s analysis data collection, so you do not send reports to Apple servers automatically. Disable all kinds of analysis, including Share iCloud Analytics and Improve Activity. The Privacy tab is also the place where you can change the permissions of apps easily. This is much more transparent than the equivalent on Android, as we have mentioned earlier.
Siri has been criticised by reviewers for a lack of innovation, in the past. The reason for that is that the people who did the reviews were used to Google’s Android. A company that collects more data will of course be better at making suggestions, but limit your privacy in a profound way.
Apple respects your privacy much more than Google, so they rather limit innovation, instead of launching farther reaching data collection mechanisms like those of Google. In that context, the lack of innovation, due to respecting your privacy more is actually a compliment. We do like that Apple at least gives you options to increase your privacy. Please read more on why respecting privacy is the reason for lack of innovation here and on Wikipedia.
All in all, iOS is not perfect, but we see it as the lesser evil on the smartphone market. It is almost mandatory to own a smartphone in the 21st century and difficult to do without. You could choose to not buy a smartphone, but if you need one, we would say that anything is better than SpyDroid. A LineageOS phone with well configured privacy settings would be ideal, but custom ROMs are not for everyone.
The iOS privacy features are convincing. The encryption of iOS devices with a PIN or password is quite secure, as long as you do not use a 4-digit number, instead of a strong password. If you do not want to install LineageOS at all, we would recommend to use iOS. We say that for the simple reason is that your situation in terms of privacy can only improve if you are coming from Android. As you have seen from this lengthy review, iOS is not a bad choice.
With the iOS privacy features, you have the maximum protection you can get without flashing an open-source custom ROM. We are under the impression that Apple have learned from the backlash they received after their cooperation with the NSA on the PRISM program (source) became public.
If nothing helps, one thing remains: With a little trick, you can make Siri say MOTHERF*CKER! 😆