Apple’s built-in privacy tools often are not switched on by default, leaving iPhone users exposed to app tracking, data collection, location monitoring and personalized ads unless they manually tighten settings.
The report says the first step is locking sensitive apps with Face ID, Screen Time restrictions and hidden folders, reducing the risk of casual access when phones are shared or stolen.
Apple ID protections come next: users are advised to turn on two-factor authentication, use unique passcodes and enable Stolen Device Protection so stolen credentials cannot easily expose photos, passwords and iCloud backups.
Safari and location settings are the final layer, including blocking cross-site tracking, using iCloud Private Relay to mask IP addresses, reviewing Find My and app location permissions, and clearing location history.
The guidance frames iPhone privacy as ongoing maintenance rather than a one-time setup, citing 80,000 iPhones reportedly stolen in London in 2025 as a reminder of the risks.
The FBI was reportedly blocked by an iPhone's lockdown features. What simple settings can make your personal data nearly impenetrable to hackers?
With 80% of recent iOS versions having known exploits, why are critical privacy protections still turned off by default on new iPhones?