We’ve given you tools to
manage your privacy.

We believe that privacy first requires good security. Below you’ll find information about powerful features that help you make your devices and data secure, along with tips for avoiding phishing scams and keeping your account safe. We also think it should be easy to control what you share and with whom. So every Mac, iOS device, and Apple Watch comes with features that help you do just that.

Secure your devices.

To keep your iCloud account and other personal information secure, your Mac, iOS devices, and Apple Watch need to be secure as well. Here are a few ways to help prevent anyone but you from using your devices and accessing your information.

Use a passcode on your device. The more complex, the better.

Setting a passcode is the most important thing you can do to safeguard your device. This is an easy but effective method of creating a barrier between the information on your device and anyone who may have it, in the event it’s lost or stolen. With iOS 9, the default passcode on your Touch ID–enabled iPhone is six digits instead of four. While this change may seem small, it means that the number of possible combinations has expanded from 10,000 to one million, making your passcode much tougher to crack.

Learn more about protecting your device with a passcode

Enable Touch ID.

If you use an iPhone 5s or later, Touch ID provides you with the most technologically advanced fingerprint security. The actual image of your fingerprint is not stored anywhere, and is instead converted to a mathematical representation of a fingerprint that cannot be reverse engineered into one. This mathematical representation is stored in a Secure Enclave within your phone’s chip, and is never accessed by iOS or other apps, never stored on Apple servers, and never backed up to iCloud or anywhere else.

Learn more about Touch ID Security

Use Find My iPhone, iPad, and Mac.

When you enable Find My iPhone, iPad, and Mac, it helps keep you connected to your device even if it’s lost or stolen. You can see where your device is on a map — and where it’s been — so your chances of finding or recovering it are dramatically improved. If you’re unable to get your device back, you can also remotely erase your personal data. When you sign in to iCloud on a new device, Find My iPhone will be enabled automatically.

Activation Lock, which is built into Find My iPhone, can prevent your iOS device from being reactivated and used without your permission even if you’ve already erased it remotely. This significantly reduces the incentive for someone to steal your device. Activation Lock works with your Apple Watch, too.

Secure your Apple ID.

Your Apple ID is the account you use to access all Apple services, including iCloud, the App Store, the iTunes Store, and more. Keeping your Apple ID secure is critical to all kinds of information including your calendar, contacts, email, photos, and even the backup files from your iOS device.

Choose a strong, unique Apple ID password.

Using a strong password is the most important thing you can do to help keep your account secure. Never use the same password for your Apple ID that you use for other Internet accounts. And to make your password hard to guess, don’t base it on information that others can easily find out about you. All new Apple ID passwords must meet industry-standard criteria for strong passwords, and cannot have been used by you in the past year.

Learn about creating a strong password

Your password must:

  • Have at least one letter
  • Have at least one capital letter
  • Have at least one number
  • Not contain multiple identical consecutive characters
  • Not be the same as the account name
  • Be at least 8 characters
  • Not be a common password
  • Not be used in the past year

You can also add extra characters and punctuation
marks to make your password even stronger.

Make the answers to your security questions hard to guess.

Apple uses security questions to give you another way to identify yourself if you’ve forgotten your Apple ID password. These questions should be ones that only you know the answers to. And like your password, the answers should be as hard as possible for someone to guess, so don’t use any information that may be available about you publicly.

Learn more about updating your security questions and answers

Turn on two-step verification.

Two-step verification is the best way to keep your information safe, because it adds a second layer of security to your Apple ID. Before you or anyone else can make changes to your account, make iTunes or App Store purchases from a new device, or sign in to iCloud, iMessage, or FaceTime, we’ll send a verification code to one of your trusted devices. Enter this code along with your password and you’re quickly signed in. Anyone who can’t provide both your password and the verification code will be kept out. Turning on two-step verification for your Apple ID is the most effective way to protect yourself against phishing attacks and other fraudulent attempts to acquire your password.

Learn how to set up two-step verification

With iOS 9 and OS X El Capitan, an improved method called two-factor authentication has been built directly into each operating system, which will make protecting your information even easier.1

Learn more

Stay secure.

Taking advantage of Apple’s security features is an important step, but security is something you should always keep in mind when you use any digital device or online service. It’s a good idea to review and update your security settings on a regular basis. And it’s important to be on the alert for malicious attempts to compromise your information.

Beware of phishing scams.

“Phishing” refers to fraudulent attempts to get personal information from you, such as your Apple ID password or credit card information, usually through an email or text message. On the surface, it may appear to be from a legitimate company or individual, but it’s not. Turning on two-step verification for your Apple ID is the best way to protect yourself against these kinds of attacks. If you receive what you believe to be a phishing email purporting to be from Apple, please send it to reportphishing@apple.com.

Learn more about protecting yourself from phishing
Here are a few signs of a possible phishing attempt:
  • The sender’s address doesn’t match the name of the company it’s supposedly from.
  • The message was sent to a different address from the one you gave that company.
  • A link takes you to a website whose URL doesn’t match the company’s site.
  • The message starts with a generic greeting like “Dear valued customer” — most legitimate companies will include your name in their messages to you.
  • The message looks significantly different from other messages you’ve gotten from the company.
  • The message requests personal information like a credit card number or account password. Don’t reply or click any links. Instead, go to the company’s website, find their contact information, and contact them directly about the issue.
  • An unsolicited commercial message contains an attachment. If you receive one of these, do not open the attachment without first contacting the company to verify its contents.

Change your password periodically.

Changing your Apple ID password on a regular basis will help you stay up to date with best practices for strong passwords. And it will help ensure that even if your password falls into the wrong hands, it doesn’t stay there. If you’ve had your Apple ID password for a while, if it’s one you’ve used before, if it’s the same password you use for other online accounts, or if it’s not particularly strong, then it’s due for an update. If you ever have any reason to believe that your password may have been compromised, you should change it immediately.

Change your Apple ID password

Pay attention to notifications about your Apple ID.

We’re serious about your security, so when we contact you about your Apple ID, it’s for a good reason. When changes are made to your account, such as when you sign in for the first time on a new device, a payment method is updated, or your password has changed, Apple notifies you with an email or a push notification (note that we do not use text messages or iMessage for this purpose). So if you receive a notification like this but you don’t remember making such changes, it could mean that someone has wrongfully accessed your account. If that happens, go to My Apple ID to change your password immediately. If you need additional help, contact Apple Support for assistance.

Be aware of what you’re sharing.

Sharing certain information with apps and services can make your Apple products work even better. There are a number of settings that let you choose which information is shared, where you share it, and when it is backed up. It’s important to know how your settings are currently configured and how you can easily manage them.

Configure your iCloud settings.

You have control over how your music, photos, health, documents, and other information are shared between your devices and your iCloud account. When using iOS, you can easily check which of your iCloud services are being shared and backed up from your device by reviewing the iCloud menu of your Settings. Each individual service can be turned on or off, so you can decide specifically what you would like backed up across your devices and what you would like to store locally. On your Mac, you can manage these settings in the iCloud section of your System Preferences, and on a Windows PC you can do so in the Control Panel.

Manage your location data.

Apple gives you control over the collection and use of location data on all your devices. You have to make the choice to enable Location Services — it’s not on by default. And you’ll notice that your iOS device asks for your permission before giving any app access to your location information, including apps on your paired Apple Watch. You can change your mind at any time and opt out of Location Services entirely or just for individual apps or services.

Our customers want and expect their mobile devices to quickly and reliably help them with things like calculating the amount of time it takes them to get to work or anticipating traffic conditions. iOS makes this possible in a secure way. For example, once you’ve opted in to Location Services, iOS can remember your Frequent Locations and use them to provide commute information in Notification Center or automatic routing in CarPlay. It’s important to note that Frequent Locations remain on your device and are not sent to Apple, or even backed up in iTunes or iCloud. The one exception is if you opt in to improve Maps for yourself and other users, in which case we will occasionally collect your Frequent Locations but only retain this data in a purely anonymous form. Frequent Locations are encrypted with keys protected by your passcode on your device, and you always have the option to turn this feature off. And you’ll notice that your iOS device asks for your permission before giving any app, even built-in Apple apps, access to your location information.

Control data shared with apps.

Apps from the App Store can often work even better by accessing your information from Contacts, Calendars, or Photos. But we think you should always know which apps want access to that data and why, so that you can make a more informed decision. Our default is to make it your call, which is why you’ll receive a prompt the first time a third-party app wants to access that data. And, even if you grant access once, you can always take it away later.

Limit targeted interest-based ads.

Our business does not depend on advertising. For many companies, it does. On iOS, advertising does support some apps, so to help protect your privacy we have developed the nonpersistent Advertising Identifier. Apple’s advertising service, iAd, uses this identifier to deliver ads to you via things like third-party apps and iTunes Radio. The Advertising Identifier helps advertisers control the number of times you see a given ad, measure the effectiveness of ad campaigns, and unless you choose to opt out, can be used to try and serve ads more relevant to you.

Whenever you want to clear the data associated with your Advertising Identifier, you can simply reset it. This is another example of our commitment to do away with persistent identifiers on mobile devices. If you’d rather not see mobile ads tailored to your interests, you can choose to limit ad tracking with a simple on/off switch. When Limit Ad Tracking is turned on, third-party apps are forbidden by Apple’s guidelines to use the Advertising Identifier to serve you targeted ads. As part of submission to our App Store, Apple requires all developers to agree that they abide by your choice to Limit Ad Tracking. iAd abides by Limit Ad Tracking wherever ads are served, and does not serve interest-based ads to users under the age of 13.

Learn more about opting out of interest-based ads

“What [Apple] doesn’t do is hand over the keys to all that data and let advertisers plug into it directly with their own data-mining and targeting software.”

- TechCrunch

Browse the web privately.

Simply turn on Private Browsing and Safari won’t add the sites you visit to your history, remember your searches, or save any information from forms you fill out online. Through Safari content blockers, we also provide a platform for third-party developers to block ads, which helps to better protect your privacy. Now we’re enabling app developers to bring these blockers to iOS and make them more effective on OS X. You can use them to control the content that’s loaded onto your browser, and to block content from anyone attempting to track your activity on a website or across websites. And Safari content blocker support is designed in such a way that the content blocker can’t send developers information about what you’re browsing.

In addition, you can choose DuckDuckGo as your default search engine. It allows you to search the web without being tracked, and Safari is the first browser to offer it as a built-in option. As added protection, we’ve included a downloadable extension for Safari that blocks malicious content designed to collect the addresses of the sites you visit.

Protect your children’s privacy.

We make it easy to set parental controls and restrictions on your Apple device so that you can choose the websites your children visit, the type of movies and TV shows they watch, their access to FaceTime and Camera, and even their ability to download third-party apps. Since parental controls and restrictions are device-specific, we encourage you to set them for each Apple device your child uses.

With Family Sharing, children can have their own Apple ID. This is a first for any major mobile platform. We’ve developed tools such as Ask to Buy (which allows parents to approve app or in-app purchases) to give parents control over their children’s purchases using their Apple ID. We require a parent or guardian’s valid consent to set up an Apple ID for a child, and we help give adults visibility into that child’s activity and content.

Learn more about Family Sharing

Choose whether to share diagnostic data.

You can choose to send Apple anonymous technical data that we can use to make our products and services better. If you would like to help improve our products and services, you can opt in to our Diagnostic & Usage program and send nonidentifiable information about your device and applications. Your explicit consent is required to do this, and you can view the data on your device or stop sending data at any time. None of this data is provided by Apple to any government entity.

iOS also features advanced diagnostic capabilities that may be useful in debugging or troubleshooting your device. These advanced diagnostic capabilities do not send any data to Apple without additional tools and your explicit consent.