By Stephen Milner · UtilityForge · Last reviewed: May 2026
The Apple Privacy Settings Audit Tool is a free checklist that walks you through every privacy-relevant setting on iPhone, iPad, and Mac. Settings are organized into three tiers: Critical, Recommended, and Optional. Tackle the highest-impact changes first, then work down. As you check off each item, a live privacy score tracks your progress through the Critical tier.
Everything runs in your browser. Nothing you check or enter is recorded.
Apple devices ship with strong privacy defaults, but not all privacy protections are enabled out of the box. Advanced Data Protection, for example, must be manually turned on. App Tracking Transparency defaults to prompting users, but a single "Allow" tap grants an app permission to share your activity with third parties indefinitely.
The gap between Apple's strongest privacy posture and the defaults you get at unboxing is significant. Most users have never reviewed their location access list, audited which apps hold Full Disk Access on their Mac, or confirmed that FileVault is encrypting their drive.
This checklist closes that gap in one session.
Critical settings are the ones with the highest real-world privacy and security impact.
App Tracking Transparency is the cornerstone. Enabling "Ask App Not to Track" stops apps from sharing your activity identifier with data brokers, which is how most behavioral ad profiles are built outside Apple's own ecosystem.
Two-Factor Authentication is the single most impactful account security setting. A strong password without 2FA can be cracked or phished. With 2FA, an attacker needs physical access to a trusted device as well.
Advanced Data Protection upgrades your iCloud backups and synced data to end-to-end encryption. Without it, Apple holds the keys to your backups, Photos library, and Notes, meaning they can be compelled to produce that data in response to a legal request. With it on, only you can decrypt them.
FileVault (Mac only) is equally important. Without full-disk encryption, anyone with brief physical access to a powered-down Mac can read your files by booting from an external drive. FileVault ensures the drive is unreadable without your login credentials.
Recommended settings reduce your exposure to data collection without meaningfully affecting how you use your devices.
Analytics sharing sends detailed usage data to Apple and app developers. Disabling it reduces the volume of behavioral data Apple holds about you, even if the risk from that data is relatively low.
Auditing Microphone, Camera, Contacts, and Photos access is worth doing at least once a year. App permissions accumulate over time. An app you installed two years ago may still hold camera access even though you've never used it from within that app.
Filtering unknown SMS senders on iPhone moves messages from numbers not in your contacts into a separate inbox. This is one of the simplest defences against smishing (SMS phishing), which is one of the most common social engineering vectors in use today.
Select your device type (iPhone/iPad or Mac) using the tabs at the top of the tool. Work through each tier in order, starting with Critical. Click a setting to mark it as complete.
If you can't find a setting at the listed path, use the search function in Settings (iOS) or System Settings (macOS) and type the setting name directly. Apple periodically reorganizes menus across OS versions.
Revisit the checklist any time you get a new device or after a major OS update, as Apple sometimes moves settings or introduces new privacy controls worth enabling.
It is a free interactive checklist that walks you through privacy-relevant settings on iPhone, iPad, and Mac. Settings are grouped into three tiers: Critical, Recommended, and Optional. Check off each one as you apply it and a live score tracks your progress through the Critical tier. The tool runs entirely in your browser. Nothing is recorded or transmitted.
No. The tool is completely anonymous. Your checkbox state is held only in the browser's memory for the current session and is lost when you close the tab. No data is sent to any server.
Advanced Data Protection is an optional iCloud setting that upgrades your iCloud data to end-to-end encryption. With standard iCloud, Apple can decrypt your backups, Photos, Notes, and other data, meaning those could be disclosed in response to a legal order or a data breach at Apple's end. With Advanced Data Protection on, only your trusted devices hold the decryption keys. Apple cannot access the content. The one trade-off: if you lose all your trusted devices and your recovery contact, you may be permanently locked out of that data. For most users the protection is worth it.
App Tracking Transparency (ATT) is a framework Apple introduced in iOS 14.5 that requires apps to ask your permission before tracking your activity across other apps and websites. Tracking in this context means linking your identity or device to data collected by third parties for ad targeting. When you enable "Ask App Not to Track" in Settings, it instructs all apps to default to not tracking unless they have asked and you have approved. Many apps will ask on first launch. Tapping "Ask App Not to Track" or "Don't Allow" denies the request.
Without FileVault, your Mac's storage drive is unencrypted. Anyone with brief physical access to a powered-down or sleeping Mac can potentially read your files by booting from an external USB drive and mounting your internal storage as a volume. FileVault encrypts the entire drive so that it is unreadable without your login credentials. Apple Silicon Macs have always-on hardware-level encryption by default, but FileVault adds the software lock that protects the key. On Intel Macs, FileVault provides the primary encryption layer. Both benefit from having it explicitly enabled.
Once a year is a reasonable baseline. The most useful times are when you get a new device, after a major OS update (Apple sometimes introduces new privacy settings), or after installing a batch of new apps. Apps accumulate permissions over time, so an annual review catches unused access you forgot you granted.
Most settings on this checklist will have no visible effect on your day-to-day use. Revoking camera or microphone access from an app that genuinely needs it will prevent that feature from working until you re-grant access, but the app will prompt you to do so. Revoking location access from a navigation app will stop turn-by-turn directions. Changes are reversible at any time from the same Settings path.
Safety Check, introduced in iOS 16, is a built-in tool in Settings under Privacy & Security. It provides two functions. The first is an Emergency Reset, which instantly revokes all location sharing, app permissions, and access you've granted to other people. The second is a Manage Sharing & Access review, which walks you step-by-step through which people and apps can see your location, and what information is synced across your devices. It is particularly useful after a change in your situation: a new relationship, new job, or new device. Run it any time you want to audit what you have shared and with whom.