The short version: the three highest-impact privacy actions on iPhone in 2026 are (1) denying App Tracking Transparency prompts system-wide, (2) auditing per-app location permissions from "Always" down to "While Using" or "Never," and (3) adding network-level tracker blocking to catch the data collection that happens regardless of what you toggle in Settings. Everything else — Private Relay, Mail Privacy Protection, Lockdown Mode — matters for specific threat models but makes less difference for the average user than those three. Below: the full ranking with data.
iPhone privacy features ranked by real-world impact
| Privacy feature | What it blocks | What it doesn't block | Impact rating | Effort |
|---|---|---|---|---|
| App Tracking Transparency | Cross-app IDFA tracking | Fingerprinting, server-side tracking, first-party data collection | High | One tap per prompt |
| Location Services (per-app) | Precise/continuous location access by apps that don't need it | IP-based geolocation, cell-tower triangulation | High | 5-minute audit |
| Network-level tracker blocking | DNS requests to ~50,000+ known tracker endpoints across all apps | Same-domain (first-party) tracking, server-side analytics | High | Install app, tap connect |
| Mail Privacy Protection | Email open tracking pixels, IP-based location in email | Link-click tracking, email content analysis by sender | Medium | One toggle |
| iCloud Private Relay | IP address exposure in Safari | Tracking in apps (non-Safari), ad network fingerprinting, logged-in tracking | Medium | One toggle (requires iCloud+) |
| Lockdown Mode | Zero-day exploit surfaces (JIT, link previews, unknown USB) | Standard tracking, ads, data brokers — it's a security feature, not a privacy feature | High (for targeted individuals) / Low (for most users) | One toggle, significant UX trade-offs |
Let's walk through each in detail — what it does at a technical level, who benefits most, and where the gaps are.
App Tracking Transparency: the most impactful single toggle
When Apple launched App Tracking Transparency (ATT) in iOS 14.5, it gave every iPhone user a simple prompt: "Allow [App] to track your activity across other companies' apps and websites?" Tapping "Ask App Not to Track" revokes the app's access to your IDFA — the Identifier for Advertisers — which is the primary mechanism ad networks use to follow you from one app to another. Before ATT, Facebook, Google, and hundreds of smaller ad networks could link your activity in a shopping app to your Instagram scrolling to your web browsing, building a unified profile across every app you use.
Why it matters: ATT didn't kill cross-app tracking entirely — we'll get to that — but it did meaningful damage to the old model. Meta publicly attributed a $10 billion annual revenue impact to ATT. The reason: without the IDFA, deterministic cross-app attribution (knowing that the same person who saw an ad on Instagram bought a product in a different app) became much harder. Ad networks lost the clean, persistent identifier that made the whole system work.
What it doesn't do: ATT doesn't stop apps from making network connections to tracking servers. The Facebook SDK, Adjust, AppsFlyer, and Branch still fire network requests when you open an app — they just can't include the IDFA. What they can and do include: device fingerprint data (screen resolution, OS version, language, timezone, carrier, installed fonts, available storage). This data, combined with IP address and behavioral signals, is enough for probabilistic fingerprinting that re-identifies most users at 70-90% accuracy depending on the sophistication of the model. Google's Privacy Sandbox on Android addresses this with Topics API, but on iOS, the fingerprinting gap remains open — Apple's only defense is the App Store review process, which catches some fingerprinting implementations but not all.
How to maximize it: go to Settings > Privacy & Security > Tracking. You can either toggle "Allow Apps to Request to Track" to off (which auto-denies all requests silently — the apps never even get to show the prompt) or leave it on and deny each request individually. Either way, the technical outcome is the same: your IDFA is zeroed out for those apps. We recommend toggling it off globally unless you actively want to evaluate each app's prompt. The per-app data Apple shows in the App Privacy Report (Settings > Privacy & Security > App Privacy Report) lets you verify what domains apps are still contacting even after denying tracking — which is where network-level tracker blocking picks up the slack.
Location Services: the permission most people leave too open
Location data is the single most valuable data type in the mobile advertising ecosystem. A history of where you go — which stores, which neighborhoods, which medical offices, which places of worship — builds a profile that's more predictive of purchasing behavior than your browsing history. Data brokers buy and sell location data aggregated from apps, and that data has been used for purposes ranging from targeted advertising to FTC enforcement actions against brokers selling sensitive location data.
The per-app audit: go to Settings > Privacy & Security > Location Services. Every app on your phone is listed with its current location permission. The options are: Never, Ask Next Time or When I Share, While Using the App, and Always. The critical step is reviewing which apps have "Always" — this means the app can access your GPS coordinates even when you're not using it. Weather apps, fitness trackers, and social media apps commonly request "Always" access; very few actually need it.
Precise vs. approximate location: starting in iOS 14, Apple added a "Precise Location" toggle for each app. When precise location is off, the app receives only your approximate location (a circle roughly 10 square miles). This is enough for weather forecasts and regional content but not enough for footfall tracking or behavioral profiling. For most apps — shopping, news, social media, games — there's no reason to grant precise location. Reserve it for navigation, ride-sharing, and find-my-phone.
The gap: even with Location Services set to "Never" for all apps, your approximate location is still determinable via your IP address (accurate to city/zip-code level) and cell tower data (which your carrier always has). Location Services controls GPS-level precision; it doesn't make you invisible to IP-based geolocation. For that layer, you need a VPN or proxy that masks your real IP address — which is part of what Casper's Cloak provides at the network level.
Recommended configuration: set every app to "While Using" or "Never" unless you have a specific reason for "Always" (e.g., a family-tracking app that needs continuous background updates). Turn off precise location for everything except maps and ride-sharing. Check this list every few months — apps you install later will ask for new permissions, and it's easy to tap "Allow" without thinking.
iCloud Private Relay: good privacy engineering with real limitations
Private Relay, available to iCloud+ subscribers ($0.99+/month), routes your Safari browsing through a double-hop relay system. The first hop (Apple) knows your IP address but not the website you're visiting. The second hop (a third-party CDN, currently Cloudflare and other partners) knows the website but not your IP address. Neither hop sees both. This is architecturally similar to Tor's relay system but optimized for speed — Private Relay adds only minor latency because Apple controls the infrastructure and CDN partnerships.
What it actually protects: your real IP address is hidden from the websites you visit in Safari. This prevents IP-based tracking and IP-based geolocation by those sites. It also encrypts your DNS queries so your ISP can't see which websites you're resolving — a real privacy improvement given that ISPs in the US are legally allowed to sell browsing data.
What it doesn't protect: Private Relay only applies to Safari and DNS queries. Every other app on your phone — Chrome, Firefox, Instagram, TikTok, email clients, games — bypasses Private Relay entirely. Your IP address is visible to every server every non-Safari app connects to. Private Relay also doesn't block ads or trackers — it anonymizes your IP address but the tracking scripts still run, the tracking pixels still load, and the fingerprinting data still gets collected. If you're logged into a website (Google, Facebook, Amazon), they know exactly who you are regardless of what your IP address is.
The enterprise carve-out: employers and schools can disable Private Relay through MDM (Mobile Device Management) profiles. If your iPhone is managed by your employer, Private Relay may be unavailable even if you pay for iCloud+. Certain countries (China, Belarus, Colombia, Egypt, Kazakhstan, Saudi Arabia, South Africa, Turkmenistan, Uganda, Philippines) have Private Relay disabled entirely due to regulatory requirements. Check Settings > your name > iCloud > Private Relay to verify it's actually active on your device.
The honest assessment: Private Relay is a good feature that genuinely improves Safari browsing privacy. But positioning it as comprehensive iPhone privacy protection — as many articles do — is misleading. Safari accounts for a fraction of most people's network activity. The other apps on your phone make far more network connections, send far more data to far more servers, and none of that traffic touches Private Relay. For system-wide IP privacy and tracker blocking, you need something that operates at the network level across all apps — which is what a VPN-based filter like Casper's Cloak on iOS provides.
Mail Privacy Protection: underrated for what it does
Mail Privacy Protection (MPP), enabled in Settings > Mail > Privacy Protection, pre-fetches all remote content in emails through Apple's proxy servers when the email arrives — regardless of whether you open it. This defeats email tracking pixels (the invisible 1x1 images that tell senders when you opened their email, what IP address you opened it from, and what device you used). With MPP on, every email appears "opened" from Apple's servers, making open-rate tracking meaningless.
Why this matters more than you'd think: email open tracking is a core component of marketing automation, lead scoring, and sales outreach tools. Companies use open data to determine when you're online, what time zone you're in, how engaged you are with their communications, and whether to escalate their outreach. Recruiters, salespeople, and even personal contacts sometimes use tracking pixels (via tools like Superhuman, HubSpot, or Mailtrack) to know when you've read their message. MPP breaks all of this.
The limitation: MPP only works in Apple's Mail app. If you use Gmail, Outlook, Spark, or any third-party email client, MPP doesn't apply. Gmail has its own image proxy system that partially defeats tracking, but it's less comprehensive than Apple's approach. MPP also doesn't prevent link-click tracking — when you tap a link in an email, the sender knows you clicked it because the link typically routes through their tracking redirect. The only defense against link tracking is not clicking the link or stripping the tracking parameters from the URL before navigating.
Recommended action: if you use Apple Mail, enable Mail Privacy Protection — there's no downside. If you use a third-party mail client, consider switching to Apple Mail for the privacy benefit, or at minimum ensure your client blocks remote image loading by default and only loads images when you explicitly choose to.
Lockdown Mode: powerful security, but probably not for you
Lockdown Mode, introduced in iOS 16, is Apple's response to mercenary spyware like NSO Group's Pegasus. It dramatically reduces the iPhone's attack surface by disabling features that sophisticated exploits commonly target: JIT JavaScript compilation in Safari is blocked, most message attachment types are blocked in Messages, incoming FaceTime calls from unknown contacts are blocked, wired connections to computers are blocked when locked, configuration profiles can't be installed, and shared albums are removed from Photos. Apple explicitly describes it as designed for "users who face grave, targeted threats to their digital security."
Who should use it: journalists covering authoritarian regimes, human rights activists, political dissidents, corporate executives handling sensitive geopolitical negotiations, government officials in targeted roles, and anyone who has reason to believe they're a target of state-sponsored surveillance. These individuals face threats that justify the significant usability trade-offs.
Who shouldn't use it: everyone else. Lockdown Mode breaks enough normal functionality — web pages render incorrectly without JIT, message attachments don't work, FaceTime is unreliable — that the daily friction outweighs the security benefit for anyone not facing targeted attacks. It's a security feature, not a privacy feature. It doesn't block trackers, doesn't hide your IP address, doesn't prevent ad networks from profiling you. It prevents zero-day exploits from compromising your device — which is critical for targeted individuals and irrelevant for the other 99.9% of iPhone users.
If you do enable it: Settings > Privacy & Security > Lockdown Mode. Test it for a day before committing. If web pages you rely on break (common, especially complex web apps), or if you need to receive document attachments in Messages regularly, the trade-off probably isn't worth it for your threat model. For the targeted use cases it was designed for, it's genuinely excellent — Apple's security engineering team built it as a hardening measure that meaningfully raises the cost of attacking an iPhone.
Network-level protection: the layer Apple doesn't provide
Every privacy feature above operates within Apple's framework — they control what data the OS shares with apps and what Safari shares with websites. But they don't address the outbound network connections apps make on their own. When you open a free game, it may make 20+ network connections in the first 5 seconds — to Facebook's SDK, Google's Firebase Analytics, AppsFlyer, ironSource, Unity Ads, and more. Each connection sends device data (OS version, screen size, carrier, language, timezone, available storage, battery level) that contributes to your device fingerprint. ATT removed the IDFA from these calls, but the calls themselves still happen, and the fingerprint data still flows.
What network-level blocking does: a DNS-based or VPN-based filter intercepts these connections before they're established. When the Facebook SDK tries to resolve graph.facebook.com, the filter returns a null response — the connection never opens, and no data leaves your device. This works for every app on your phone, not just Safari, and it catches the tracking that ATT and Private Relay don't address. Casper's tracker blocking covers approximately 50,000 known tracker endpoints across all major ad networks, attribution platforms, and analytics SDKs.
The combination that works: Apple's built-in features (ATT, Location Services audit, Private Relay, Mail Privacy Protection) handle the identity and permission layer. Network-level blocking handles the data-flow layer. Together, they address both the "who are you?" tracking (IDFA, logged-in sessions) and the "where are you going?" tracking (outbound SDK connections, analytics beacons, ad requests). Neither layer alone is sufficient. The built-in features leave outbound tracker connections untouched; network blocking alone doesn't address the permissions and identifiers the OS controls. The combination is what actually provides comprehensive coverage.
How to get it: install a VPN-based filtering app (Casper's Cloak, AdGuard for iOS, or configure NextDNS). The VPN approach provides both tracker blocking and WiFi encryption; DNS-only provides tracker blocking without using the VPN slot. Either works for the privacy use case. The key difference is whether you also want the network encryption layer for public WiFi protection. See our threat protection page for the full breakdown of what Casper blocks at the network level.
The complete iPhone privacy setup: step by step
Here's the full configuration, in priority order. Each step takes 1-3 minutes. The entire setup takes under 20 minutes and meaningfully changes your privacy posture.
- Deny all App Tracking Transparency requests. Settings > Privacy & Security > Tracking > toggle "Allow Apps to Request to Track" off. This zeroes your IDFA for all apps, past and future. Single highest-impact toggle on the phone.
- Audit Location Services. Settings > Privacy & Security > Location Services. Tap each app. Set everything to "While Using" or "Never." Turn off Precise Location for anything that isn't maps or ride-sharing. This 5-minute audit cuts off the most valuable data type apps collect.
- Enable Mail Privacy Protection. Settings > Mail > Privacy Protection > toggle on Protect Mail Activity. If you use Apple Mail, this kills email open tracking with zero downside.
- Enable Private Relay (if you pay for iCloud+). Settings > your name > iCloud > Private Relay > toggle on. This anonymizes your IP in Safari. Limited scope but free with your existing iCloud subscription.
- Install network-level tracker blocking. Download Casper's Cloak from the App Store, complete the setup, and enable the VPN profile. This blocks outbound tracker connections from every app — the layer Apple's settings don't cover.
- Review remaining permissions. Settings > Privacy & Security — check Microphone, Camera, Contacts, Photos, Bluetooth for each app. Revoke anything that doesn't make sense. A shopping app doesn't need your microphone. A game doesn't need your contacts.
- Enable automatic updates. Settings > General > Software Update > Automatic Updates — turn on everything. Privacy features only work when your OS is current; security patches close the vulnerabilities that bypass all of the above.
What this setup still doesn't protect against
Honesty matters. Even with every setting above configured and network-level blocking active, some tracking persists.
First-party data collection: when you use Google Search logged into your Google account, Google records your searches. When you browse Amazon logged in, Amazon records your browsing. When you scroll Instagram, Meta records your engagement. No client-side tool can prevent this because the data collection happens server-side within the service you're actively using. The only defense is to use the service less, use it logged out, or use alternatives that collect less data.
Server-side tracking: Meta's Conversions API, Google's server-side tagging, and similar technologies move the tracking infrastructure from the client (your device) to the server (the website's backend). When a website sends your purchase event to Meta from their server, there's no DNS query from your device to block — the data flows between two servers you don't control. This is the tracking industry's response to client-side blocking, and it's growing.
Cross-device tracking via logged-in identity: if you use Chrome on your Mac signed into Google, Safari on your iPhone signed into Google, and Gmail on both — Google can link your activity across devices via your account identity. No amount of device-level privacy settings changes this because the linkage happens through your authentication, not your device fingerprint.
The realistic framing: the goal isn't to become invisible — that's not achievable on a consumer smartphone connected to commercial services. The goal is to reduce unnecessary data collection to the minimum required for the services you actually use. The setup above eliminates the vast majority of passive, background tracking that happens without your knowledge or consent. What remains is the tracking inherent in the services you actively choose to use — and that's a conscious trade-off, not an involuntary one.
Bottom line
iPhone privacy settings are not all equally important. The three that make the most measurable difference are: denying ATT prompts (kills the primary cross-app tracking identifier), auditing location permissions (cuts off the most valuable data type), and adding network-level tracker blocking (stops the outbound connections Apple's settings don't address). Everything else — Private Relay, Mail Privacy Protection, Lockdown Mode — is valuable for specific use cases but secondary to those three.
The setup takes 20 minutes. The privacy improvement is substantial and measurable — use the App Privacy Report to see the before-and-after difference in how many tracking domains your apps contact. The remaining gaps (first-party data collection, server-side tracking, logged-in identity linking) are structural to using commercial internet services and require behavioral changes, not settings changes, to address. Focus on what you can control with settings and tools, be aware of what you can't, and make informed decisions about the rest.