How to keep all my passwords, browsing data, e-mails, content etc. only for myself, and away from Apple?

I just bought my first Apple product (iPhone) a few days ago and from the moment I switched on I have been asked to use the Apple ID and iCloud for pretty much everything.

I have a concern, i.e. if I have an Apple ID registered with my real name, address, etc. will Apple and/or iCloud always know all my browsing data, my emails, email passwords, etc.?

If yes, is there a way to be completely "cut off from the cloud"?

I am not feeling completely secure enough to check my normal e-mail from the iphone until I am 100% sure nobody (at least at Apple) can read it.

What steps can I take to ensure that my data is least exposed to the world/Apple?

e.g. would using fake personal data help?

If you ask why, well, there's nothing much I want to hide except some nighttime activities I don't want anybody to know about - for obvious reasons :-)


Solution 1:

Apple is generally good about privacy and security, and risks their reputation if they were to violate user expectations by secretly looking at private data they say they don't look at. However, for the more cautious (including me), some default settings do need to be changed. Keep in mind also that iOS devices access a number of non-Apple "cloud" services in their default state, not just Apple services. A few general points, and a few specific default settings changes:

  1. You do not need an AppleID to use an iOS device, unless you want to take advantage of web-based services such as iTunes Store, App Store, and iCloud.

  2. You can supply fake data to create an AppleID, and use a gift card to fund any purchases. Just remember to keep track of exactly what info you provided.

  3. You can actually use multiple AppleIDs for many of the the different services, e.g., iTunes, iCloud, Home Sharing (the older system, not to be confused with Family Sharing), etc.

  4. There are clearly trade-offs between the usability and convenience of a smartphone, and the degree to which you prioritize privacy and security.

  5. Assuming you are using a non-Apple secure email provider, there is little concern about Apple being able to access your email. Secure POP/IMAP/SMTP is encrypted directly between your device and your email provider. Similar for web browsing to secure (https) sites.

  6. Take a long look at all available Settings, in the context of the threats you are most concerned about. There are privacy-related settings in areas other than Settings>Privacy.

  7. I'd suggest considering keeping all three radios off unless explicitly needed (cellular, wi-fi, bluetooth) to protect against carrier and local physical tracking. I'd also suggest keeping Location Services turned off at all times. But before you do, especially if you will use it from time to time, tweak the detailed Location Services settings to restrict what kinds of accesses apps and Apple can have. If you have Location Services on at the same time as Wi-Fi, Apple will, like Google and others do, catalog the GPS Location of wi-fi access points the device can "see" - this includes yours and those belonging to others. Bonus to keeping radios and/or Location Services off: improved battery life.

  8. Make sure your passcode is strong (more than just four digits), and make sure your AppleID account(s) are strongly secured. If you are concerned about people seeing activity happening on your phone, set the Settings>Passcode>RequirePasscode appropriately and restrict what notifications and info appear in your lock screen.

  9. Never associate your device with an "integrated" Facebook or Twitter account. There is some evidence that "integrated" apps have privileged access to private APIs.

  10. In Settings>Privacy>Advertising, turn on Limit Ad Tracking and frequently Reset Advertising Identifier. VendorID is another unique ID apps can access. To reset VendorID, you must delete every app from that vendor. Then you may re-install them.

  11. Don't use HealthKit apps. The legal protections are very unclear at this point, but are likely nowhere near as good as traditional channels such as doctors.

  12. Don't use Siri if you don't want your Contacts sent to Apple. There are reasonable privacy protections built around Siri's access to your Contacts, but they will be sent to Apple when you turn Siri on. Apple says they are deleted every time you turn Siri off.

  13. Restrict Spotlight Search and Safari from pinging external servers for outside data. See: Settings>General>Spotlight Search & Settings>Safari.

  14. Turn off Background App Refresh Settings>General>Background App Refresh, or at least only allow apps that support it to use Background App Refresh only when they are the active app. This is especially important if you use Location Services or allow apps access to other unique patterns such as Motion, Microphone, Camera, etc. Bonus: improved battery life.

  15. Set Settings>Privacy>Diagnostics & Usage to "Don't Send".

  16. If you do use Location Services and have weather in your Notification Center, your location will be periodically sent to weather.com.

  17. Name your phone something common/generic, in Settings>General>About>Name. Apps have access to your device name.

More here: https://www.apple.com/br/ipad/business/docs/iOS_Security_Oct12.pdf and here: https://www.apple.com/privacy/manage-your-privacy/

Solution 2:

Tapping Settings > General > About > Diagnostics & Usage will allow you to choose between Automatically Send and Don't Send.

Turn off iCloud and don't use it at all on iPhone.

Settings > iCloud, then tap to turn on or off iCloud features

Also review Apple Legal/Privacy Page for full detailed information.