The New Oil

The New Oil logo
Securing Mobile: Settings

Securing Mobile: Settings

See my criteria for this page here.

Please note that your threat model, life circumstances, and personal safety are top priority. These recommendedations are a general “one-size-fits-most” solution to mass data collection. Your situation may require enabling or disabling settings, features, and apps contrary to what we recommend to ensure your own safety or that of your loved ones. Always prioritize your safety and consider what your threat model requires.

iOS 17

  • Apple ID > Sign-In & Security > Two-Factor Authentication: On (Security Keys recommended if you plan to use iCloud or other Apple products tied to your Apple account)
  • Apple ID > iCloud: Disable everything (Note: Alternately, if you decide to use iCloud, be sure to enable Advanced Data Protection in this section. This will end-to-end encrypt most of your data, but not all of it. See here to see what’s not protected.)
  • Apple ID > Media & Purchases > View Account > Personalized Recommendations: Off
  • Apple ID > Find My > Find My iPhone > Find My iPhone: Enabled (required for Stolen Device Protection)
  • Apple ID > Find My > Find My iPhone > Find My Network: Disabled
  • Apple ID > Find My > Find My iPhone > Send Last Location: Disabled
  • Apple ID > Find My > Share My Locaton: Disabled
  • Apple ID > Contact Key Verification: Enabled
  • Wi-Fi > Edit (top right corner) > Remove networks you no longer regularly connect to
  • Wi-Fi > [Your network] > Ensure “Private Wi-Fi Address” is enabled
  • Wi-Fi > [Your network] > Ensure “Limit IP Address Tracking” is enabled
  • Wi-Fi > Wi-Fi should be disabled when you are not actively connected to a network.
  • Wi-Fi > Auto-Join Hotspot: Never
  • Bluetooth: Off unless needed.
  • Cellular > SIM PIN > Create a custom PIN
  • Cellular: Disable Cellular Data for any apps you don’t need 24/7 access to.
  • Cellular: Wi-Fi Assist: Off
  • Notifications > Show Previews: Never
  • Notifications > Screen Sharing: Notifications Off
  • Notifications > Siri Suggestions > Allow Notifications: Off
  • General > Software Update > Automatic Updates: All on
  • General > AirDrop > Receiving Off (Adjust only when using it, otherwise leave it off)
  • General > AirDrop > Bringing Devices Together: Off
  • General > AirPlay & Handoff > Automatically AirPlay to TVs: Never
  • General > iPhone Storage > “Recently Delted” Album: Enable
  • General > Keyboards > Enable Dictation: Off
  • Display & Brightness > Auto-Lock > the shortest option you can reasonably put up with. Do not set it to leave the screen turned on.
  • Wallpaper: Set your lock screen to something generic and non-personal (no family photos, etc)
  • Siri & Search: Disable everything completely’
  • Touch/Face ID & Passcode > Stolen Device Protection: Enable
  • Touch/Face ID & Passcode > Turn Passcode On: Try to set an aplha-numeric password if possible, otherwise use a six-digit PIN. A fingerprint is also acceptable if your device allows it (coupled with a strong password or PIN). Face ID should be avoided.
  • Touch/Face ID & Passcode > Require Passcode: Immediately
  • Touch/Face ID & Passcode > Allow Access When Locked: the fewer the better
  • Touch/Face ID & Passcode > Erase Data: Enabled (Beware of this setting, make sure you understand it)
  • Exposure Notifications: Using these is discouraged unless required by law, but it is ultimately up to you.
  • Privacy & Security > Location Services: Disable for everything except navigation apps, and set those to “While Using”
  • Privacy & Security > Location Services > System Services: Disable all (this will not cause any issues with Emergency Services being able to locate you)
  • Privacy & Security > Tracking > Allow Apps to Request to Track: Off
  • Privacy & Security: Review all the other app settings and make sure apps only have access to the settings they actually need. Otherwise, disable them. Disable as many as you can without breaking the app functionality.
  • Privacy & Security > Safety Check: This is a good tool if you’re not using a brand-new Apple ID. It will show you any files you are sharing, any other devices you are logged into, etc and allow you to remotely disable them.
  • Privacy & Security > Analytics & Improvements: Disable everything
  • Privacy & Security > Apple Advertising > Personalized Ads: Off
  • Privacy & Security > Lockdown Mode: On (This will disable a significant number of features, however if you are able to live without them, it will help protect other users who need this feature from being easily identified.)
  • App Store > App Updates: On
  • App Store > Personalized Recommendations: Clear App Usage Data
  • Passwords: Clear this section out and turn everything off. Use a password manager instead.
  • Mail: Use an encrypted email provider instead
  • Phone > Notifications: Off (if you plan to use Voice-over-IP)
  • Phone > Silence unknown callers: On (This is, like everything, user discretion, but for most people this will dramatically reduce the number of spam calls. Be sure to enter any important phone numbers such as a child’s school or coworkers so you still get their calls.)
  • Messages > Notifications: Off (if you plan to use Voice-over-IP)
  • Messages > Share Name and Photo: Off
  • Messages > Keep Messages: 30 Days
  • Messages > Filter Unknown Senders: Enabled
  • Facetime: Off (if you plan to use Voice-over-IP)
  • Safari: I recommend disabling Safari and using a different browser. However, if you wish to use Safari, you can harden it using this guide from Privacy Guides.
  • Translate: On-Device Mode: On
  • Health > Medical ID: I encourage you to set this up in case of emergency. Saving a life should always be prioritized over privacy.
  • Photos > iCloud Photos: Off (unless you use iCloud)
  • Podcasts: Reset Identifier
  • Game Center: Disable
  • Now scroll back up to Screen Time > Content & Privacy Restrictions: Enable
  • Now scroll back up to Screen Time > Content & Privacy Restrictions > Allowed Apps: Disable everything you do not intend to use.
  • Screen Time > Content & Privacy Restrictions > Privacy & Allowed Changes: Set all to “Don’t Allow.” This will prevent changes from being made on your behalf next time you update.
  • Any settings not covered are personal preference and are unlikely to cause any privacy or security issues no matter how you set them.

Android 14

NOTE: Due to the nature of Android devices, the exact layout of the menu may vary from device to device.

  • Network & Internet: Internet: Carrier settings: Allow 2G: Disabled
  • Network & Internet: Internet: Carrier settings: Require encryption: Enabled
  • Network & Internet: Internet: Saved Networks: Remove old networks you no longer use
  • Network & internet: Private DNS: Private DNS provider hostname: Automatic or Any provider from this list (You can ignore this if you plan to use a VPN on your device)
  • Connected devices: Connection preferences: Bluetooth: Disabled when not in use
  • Connected devices: Connection preferences: Printing: Default Print Service: Use Print Service: Disabled when not in use
  • Connected devices: Connection preferences: Nearby Share: Off when not in use
  • Apps: All apps: Uninstall or disable any apps you don’t use
  • Apps: Default apps: See Securing Mobile: Replacement Apps
  • Notifications: Notification history: Disabled
  • Notifications: Device & app notifications: Review settings
  • Notifications: Notifications on lock screen: “Don’t show any notifications”
  • Notifications: Enhanced notifications: Disabled
  • Display: Lock screen: Privacy: Don’t show notifications at all
  • Display: Screen timeout: Shortest duration you are comfortable with
  • Wallpaper & style: Set your lock screen to something generic and non-personal (no family photos, etc)
  • Accessibility: Text-to-speech output: Preferred engine settings: Anonymous usage reports: Off
  • Security & Privacy: Device Unlock: Screen lock: Strong password preferred, followed by PIN, then Pattern.
  • Security & Privacy: Device Unlock: Screen lock settings: Enhanced PIN privacy: Enabled
  • Security & Privacy: Device Unlock: Screen lock settings: Lock after screen timeout: Shortest duration you are comfortable with
  • Security & Privacy: Device Unlock: Face & Fingerptint Unlock: Acceptable coupled with a strong password or PIN
  • Security & Privacy: Privacy: Permission manager: Check each app for any unncessary permissions and revoke them.
  • Security: More security & privacy: Usage & diagnostics: Disabled
  • Security: More security & privacy: Extend Unlock: Disabled
  • Security: More security & privacy: Device admin apps: Find my device: Enabled (only if you enable “Find My Device” in the “Securty & Privacy” settings)
  • Security: More security settings: SIM lock: Enable (contact your provider for the SIM PIN)
  • Security: More security settings: Encryption & credentials: Clear credentials (this may be a good idea if this is not a new phone)
  • Location: Disable if you don’t use it, otherwise review apps and disable permissions accordingly
  • Location: Location services: Disable all (emergency services will still be able to pull the information regardless if you call them)
  • Passwords & accounts: Empty all saved passwords, use a password manager instead
  • Google: Disable everything (exception: enable “Opt out of Ads Personalization”)
  • Any settings not covered are personal preference and are unlikely to cause any privacy or security issues no matter how you set them.
  • Note: it is possible to use an Android device without ever signing into a Google account for added privacy. This must be done during device setup. You can use F-Droid (or another client such as F-Droid Basic) to procure many open source apps, and Aurora Store as a proxy for the Play Store for anything else you can’t get on F-Droid. Note that with Aurora you will not be able to use Google to process app-related payments such as subscriptions or one-time payments to download the app. In these cases, it should be possible to sign into the Play Store exclusively without signing into Google on the entire device.
  • Note: Android in particular is capable of a number of powerful, privacy- and security-enhancing strategies that iOS is not, such as the aforementioned “no account required,” alternative app stores, sideloading, user profiles, and much more. Some of these are advanced techniques, but not all, though many of them fall outside the scope of this site. For those using or considering an Android device, I strongly encourage you to check out Privacy Guide’s Android page to get an idea of some of the things your phone is capable of.

By enabling all of these settings, you are significantly reducing the amount of tracking and data collection these devices perform, but keep in mind that you are not completely eliminating it.