Proton

Apple’s marketing team has built a powerful association between the iPhone and privacy. The company’s ad campaigns claim that “what happens on your iPhone, stays on your iPhone.” And, “Privacy. That’s iPhone.”

But Apple’s lawyers are telling a different story. In a recent court filing(new window), they told a judge, “Given Apple’s extensive privacy disclosures, no reasonable user would expect that their actions in Apple’s apps would be private from Apple.”

This article, part of our series on privacy washing(new window), examines several reasons the iPhone doesn’t live up to its marketing claims or consumer expectations. It certainly doesn’t align with the privacy standard we use at Proton. But there are a few steps you can take to improve your iPhone privacy.

This article explains what data Apple collects about you and highlights two recent revelations: that Apple was secretly sharing data with law enforcement agencies and left a security backdoor that may have been exploited by the Chinese government for political repression.

Apple can see your data

Contrary to the claim that what happens on your iPhone stays there, Apple constantly gathers data from your phone whenever you use Apple services, the App Store, or the Apple News or Stocks apps, each of which has its own privacy policy(new window).

Apple can see all your data in iCloud Mail, Contacts, and Calendar. If you use these apps, there’s no way to turn on end-to-end encryption(new window).

By default, Apple can also see your photos, iCloud and Messages backups, notes, reminders, voice memos, and more. You can, however, turn on end-to-end encryption for this data by enabling Advanced Data Protection. 

We explained the limitations of Apple’s encryption in our article about iCloud privacy(new window).

A growing advertising business

There’s a perception that, as a hardware company, Apple doesn’t need to collect personal data. But as computer and phone sales slow down, the company is searching for new revenue sources. 

In fact, from 2022 to 2023(new window), Apple’s hardware sales fell by over $18 billion. Meanwhile, revenue from services, including advertising, has grown steadily.

To deliver targeted ads, Apple collects information(new window) about your device, location, App Store searches, shows you watch, and books and articles you read.

Read more about Apple advertising tracking here

Apple may have shared push notifications with law enforcement

In December 2023, a US senator revealed that Apple had received sealed court orders that forced it to secretly share push notification data(new window) with law enforcement agencies in the US and foreign countries. (He did not reveal what other countries.) Apple claims federal authorities prohibited them from disclosing these surveillance requests.

As a US-based company, Apple is vulnerable to this kind of secret surveillance. Even so, Apple did not take even minimum precautions to protect users’ privacy, such as requiring a court order before disclosing push notifications. The company quietly updated its privacy policy(new window) following the scandal.

Proton, by contrast, is based in Switzerland, so it would be illegal for us to comply with a foreign request without a valid Swiss court order. We not only require court orders but also often challenge them. 

Leaky AirDrop used for political repression

In January, another story broke. This time, security researchers in Beijing reported(new window) an Apple bug that allows attackers to identify senders via AirDrop, which Chinese government officials said they used to identify people sharing “inappropriate information”.

It turns out that a German research group had notified Apple about this very issue in 2019, but the company didn’t fix the problem. The group subsequently published an open-source fix(new window) in 2021. But Apple left the vulnerability in place.

How to protect your privacy on iPhone

Compared with other hardware manufacturers, Apple offers much greater privacy, robust security features, and a great user experience. If you use Apple products, there are simple steps you can take to keep the company out of your data.

First, you can turn on Advanced Data Protection(new window) or turn off iCloud syncing if you don’t need it. You can also turn on Advanced Data Protection while turning off iCloud specifically for the services that don’t support end-to-end encryption, such as Mail or Calendar. You can also turn off location tracking for apps that don’t need it.

Next, you can switch to privacy-focused alternatives for Apple Mail, Calendar, iCloud, iMessage, and other apps. Signal(new window) is an encrypted messenger service. And Proton offers end-to-end encrypted alternatives for email, calendar, cloud storage, and password manager. Since our only source of revenue is subscriptions, we don’t need to collect data and our only incentive is to protect your privacy.

Related articles

The cover image for a Proton Pass blog comparing SAML and OAuth as protocols for business protection
en
SAML and OAuth help your workers access your network securely, but what's the difference? Here's what you need to know.
Proton Lifetime Fundraiser 7th edition
en
Learn how to join our 2024 Lifetime Account Charity Fundraiser, your chance to win our most exclusive plan and fight for a better internet.
The cover image for a Proton Pass blog about zero trust security showing a dial marked 'zero trust' turned all the way to the right
en
Cybersecurity for businesses is harder than ever: find out how zero trust security can prevent data breaches within your business.
How to protect your inbox from an email extractor
en
  • Guias de privacidade
Learn how an email extractor works, why your email address is valuable, how to protect your inbox, and what to do if your email address is exposed.
How to whitelist an email address and keep important messages in your inbox
en
Find out what email whitelisting is, why it’s useful, how to whitelist email addresses on different platforms, and how Proton Mail can help.
The cover image for Proton blog about cyberthreats businesses will face in 2025, showing a webpage, a mask, and an error message hanging on a fishing hook
en
Thousands of businesses of all sizes were impacted by cybercrime in 2024. Here are the top cybersecurity threats we expect companies to face in 2025—and how Proton Pass can protect your business.