Five Crucial Privacy and Security Settings for iOS 13

Keeping your operating system up to date is one of the easiest things you can do to increase security. Beyond simply upgrading, here are a few new settings and features to be aware of to keep your privacy and security locked down.

Apple has started cracking down on third-party apps and websites that may be using your device beyond what you intended. For example, you may start seeing permissions pop-ups that show where Google Maps has tracked you that ask if you want to continue allowing access to location information. You can choose to limit the app’s access to your location only while you are using the app or deny it entirely.

You might also see apps asking for permission to access Bluetooth, even if they seem to have no need for it. In previous versions of iOS, these apps were able to use Bluetooth to watch for Bluetooth beacons that can be set up in stores that track you as you pass by, making it easy for stores to know who’s visiting. If you aren’t sure why an app needs Bluetooth access, get in the habit of denying it.

Try not to get pop-up fatigue. Make sure you are only allowing access when you really meant to give it. The Facebook app is triggering lots of these permissions pop-ups since their business model hinges on tracking you. In the past, they have used lots of sneaky ways to track you without your consent. They’ve recently put out a press release stating that they implemented these ‘features’ for your protection, but don’t be fooled. If you don’t know why a site or app needs to access something, don’t let them have it.

If you share or upload photos, by default you are sharing the exact location of where the picture was taken. This might be worrisome if you don’t want to share the location of your home or places your kids frequent. You can prevent your camera from recording photos’ locations by turning off Location Access to the camera app (Settings > Privacy > Camera). Now in iOS 13, it’s also possible to disable it per picture in the “options” menu of the share sheet when you’re uploading or sharing a picture.

Cookies (little blobs of data stored on your device) are useful for keeping you logged in to websites, but they are often used to track you as you browse the internet. This can leak personal information such as health data and browsing history and open you up to phishing attacks. In iOS 13 Settings > Safari, you can choose “Prevent Cross-site Cookies,” making you harder to track. We also recommend enabling “Prevent Cross-Site Tracking” and turning off “Camera & Microphone Access.”

New with iOS 13, this login allows you to create login accounts through Apple. What is unique about these logins is that instead of sharing your real email address, Apple creates and manages a 1-time use email address. This is great for creating accounts in apps and on sites that you don’t completely trust to keep your email secret.

While not specific to iOS 13, we recommend reviewing your app permissions whenever you update your operating system. This gives you the benefit of the new privacy protection for apps you gave access to previously. Go to Settings > Privacy and review the permissions you’ve previously granted to apps. Be very careful of which apps have access to your location, camera, photo library, microphone, bluetooth, contacts, and calendars.

You can turn off sharing your device usage data in Settings > Privacy > Analytics.

Under Settings > Privacy > Advertising enable the “Limit Ad Tracking” option. It’s also a good idea get in the habit of periodically creating a new random identifier for your device by tapping “Reset Advertising Identifier.” The advertising identifier is a random code assigned to you that advertises can see. It isn’t associated to you per se, but over time, advertisers can aggregate the info and determine who you are.

Reusing passwords opens you up to “password spraying” attacks. Once a password has been leaked, malicious hackers will attempt to use that password on many other sites. Apple’s built-in password manager is a good choice, or use a third party tool such as Bitwarden, 1Password, or Pass.

VPN stands for "virtual private network". When you connect to the internet through a VPN, all of the internet traffic is encrypted and routed through the secure servers.

Instead of directly connecting to websites, the VPN asks websites for content on your behalf. The VPN uses the same IP address for multiple users. Since your IP address functions as your main address when communicating with websites, using it for multiple users makes it difficult for websites to correlate who is making specific requests.

2 Factor Authentication (“2FA”) or Multifactor Authentication (“MFA”) makes your accounts even more secure by requiring a secret code in addition to your password. These secret codes are generally sent to you by either email, text message, or an authenticator app such as such as Authy or Google Authenticator. Many password managers also have the ability to generate these codes. SMS messages are the least secure, due to SIM “port out” attacks, so we recommend using a dedicated app for 2FA.