TL:DR Apple’s claims to being privacy-first are a marketing sham

Apple claims to hold privacy at its core, but it has been an advertising company for at least a decade, and now that smartphone and computer sales are plateauing and new products like the Apple Vision Pro have failed to set the world on fire, Services revenue (an euphemism for the 30% App Store tax on developers and advertising) is critical to maintaining the company’s stock price.

Recent behavior from Apple has confirmed Google or Meta’s take that Apple’s privacy claims are just that, clever marketing to obscure the fact the privacy measures they do have are mainly there to stymie its competitors:

  • Apple forces app developers to ask permission to access the advertising tracking ID (IDFA), but exempts itself from that requirement by a truly Clintonesque redefinition of tracking as “sharing data with other companies, not with ourselves”—one rule for thee but not for me

  • Apple’s notarizarion feature leaks information to Apple on what apps you have installed on your device. What’s worse, this is sent unencrypted so anyone with network access can also grab this info. Apple promised to give a way to disable this misfeature (which also has a noticeable performance impact for developers) but quietly reneged on this.

  • Apple would upload recordings of Siri queries without your consent, and Apple employees and contractors had access to them

  • Apple implemented a CSAM scanning feature, whereby your iPhone would rat you out before the government even asked them to do so. Even though they reversed themselves, they set a precedent authoritarian governments will certainly avail themselves of.

  • When they introduced the Journal app, they gave them wide-ranging access to other apps’ data without consent.

  • Apple silently opted you into “Privacy Preserving Ad Measurement”. This an Orwellian misrepresentation, as your browser is tracking you on behalf of advertisers, just as Google Chrome is doing with its Topics API. Firefox is equally guilty of this (PDF) and unrepentant. Even Google, the most voyeuristic of the surveillance-industrial complex, asked for permission before enabling this in Chrome, albeit with wildly misleading wording because no one does dark patterns quite as smugly as don’t do be evil Google.

  • Apple silently opted you in to “Enhanced Visual Search”, where it uploads fingerprints of landmarks in your photos to its server. It claims to use differential privacy and homomorphic encryption to make this privacy compliant, but this still leaks information, even if Apple’s implementation were perfectly bug-free (given the abysmal track record of Apple QA of late, this would require heroic levels of credulity).

  • They did it also for “Improve Search"—Seeing a pattern here yet?

Here are the settings you need to review and change from their privacy-invading defaults, in chronological order of when they were introduced. Apple also has the nasty habit of silently turning them back on, so you will need to check this list regularly. You will also need to set these on each device separately.

macOS

  • Sharing
  • Siri
  • Privacy Preserving Analytics
  • Improve Search
  • Visual Search

iOS and iPadOS

  • Disable the IDFA altogether and do not allow apps to ask for it:
    • Settings / Privacy & Security / Tracking / Allow Apps to Request to Track / (turn off)
  • Disable Apple’s own ad network tracking:
    • Settings / Privacy & Security / Apple Advertising / Personalized Ads / (turn off)
  • Disable Sharing of information with Apple, including Siri recordings:
    • Settings / Analytics & Improcements / (disable all of them)
  • Private Click Measurement:
    • Settings / Apps / Safari / Advanced / Privacy Preserving Ad Measurement / (turn off)
  • Improve Search:
    • Settings / Search / Help Apple Improve Search
    • Settings / Apps / Safari / Search / Search Engine Suggestions / (turn off)
    • Settings / Apps / Safari / Search / Safari Suggestions / (turn off)
  • Visual Search:
    • Settings / Apps / Photos / Enhanced Visual Search / (turn off)
  • Journal App:
    • Settings / Privacy & Security / Journaling Suggestions / (turn them all off)

Further actions

Ideally, change your default browser to something better, like Vivaldi or LibreWolf.

Stop iMessage from using insecure unencrypted SMS as a fallback (warning: this setting is buggy and often ignored):

  • on iOS: Setting / Apps / Messages / Send as Text Message / (turn off)

Better yet, ditch both SMS and iMessage for Signal or WhatsApp, who do not have an unencrypted option to snare you.

Disable Apple Intelligence.