My threat model used to be and still largely is surveillance capitalism. However, ever since the US is trying to kidnap my kind purely based on profiling and using surveillance tech to do so. Mass surveillance is my new concern. As a result Im scrambling to figure out a structure
I use Apple devices daily. The company has a history of caving into authoritarian demands. While I dont sync with iCloud and have Lockdown mode enabled my trust in Apple is waning by the day. Every other big tech company has given data to I.C.E and I dont see why Apple would be any different. Macs can be hardened to a satisfactory degree but I feel like the iPhone is compromised. I am tempted to switch to GrapheneOS but the lack of E2EE for messaging by default is such a deal breaker. This is just one example of the dilemmas Iām finding myself in
Your iPhone is one of the most secure devices you can get, much more secure than a Mac. What makes you think your phone is compromised?
iOS is adding RCS E2EE support and GrapheneOS is working on eventually adding their own RCS implementation, so E2EE messaging by default should be the norm before too long.
The main thing I would worry about with your iPhone is cellular triangulation, so try to keep your phone in airplane mode and make use of public WiFi when you can. Also donāt give location permission to apps when you can avoid it.
Okay part of me is being hyperbolic when I am saying its compromised. I dont think Im targeted but the sentiment is not necessarily irrational either. What I am getting at is that there is no way to reasonably use an iPhone without sending what could potentially be sensitive data to Apple
As for RCS its still not ideal. We donāt know how this is going to be implemented yet but we do know that this is going to be carrier dependent so I expect it to be leaky in real world use. Also I do tend to keep my phone in airplane mode often this tends to disable RCS consistently even with Wi-Fi calling on
Literally the most recent case of LEO being stopped by mathematics is regarding a journalist iPhone. Lockdown mode iPhone is theoretically only beaten by a flagship pixel on grapheneOS.
Just have a VPN on all the time, set your phone to block unencrypted calls, turn off iMessage and only use signal.
There are literal white supremacist groups who donāt go beyond occasionally using signal and they still need an infiltrator. Encryption at rest will work decently for you. Turn off devices when not in use. Full disk encryption for your computer. Local password manger for important passwords, and a general password manager for all the other online logins.
Thatās just turning off data sharing with Apple. Uncheck all the consent boxes. Your App Store login would be no different than your cell service subscription.
I literally do all of this already with the exception of a local password manager
If I was to disable iMessage I would literally lose most E2EE with most people around me. I dont think this really a wise compromise. Unfortunately I have only managed to convince 2 people in my life to use signal. SMS is still far worse
I guess you could set up to use NextDNS or Control-D (both by PG recommended DNS servers, but even better would be Pi-hole) and then could block completely *.apple.com (but Iām not sure thatāll, probably impact / block iMessage too; you could also specifically allow the relevant .apple domains for iMessage and then block all .apple completely).
Iād highly recommend taking that step.
While itās true what fria said Apple devices are mostly really not bad for security, but theyāre terrible for privacy:
Only if Apple provided iOS desktop mode like how GOS is developing. Wouldnāt that be something. But I guess if Apple did this, it would be iPadOS look than anything which from a design language POV, that what would make sense.
The current trend is definitely worrying, base on your post, I suspect the device itself probably IS NOT your no.1 concern.
Base on some trails in your post, I assume you could be targeted due to ethnicity. If so, you donāt need to answer me, but you need to review your past activities.
Were you physically involved in protests / rallies / assemblies?
Were you a part of any interest groups / organisations / social media communities, that is at any level, involved in recent unrests, or other political movements?
Did you leave comments / posts that LE ādislikesā on social media? (Even āanonymousā accounts counts, as more often than not, they are not really āanonymousā) (I am so sorry to use the term ādislikeā, but TBH I struggle to think of a better word.)
Do you possess any items / decorations that could be interpreted to be something LE ādislikesā?
If any of the above is āYesā, your priority IS NOT your phone. Your threat level is much higher than you thought. You need to seek suitable NGO for advice ASAP, and have a lawyer at your disposal (Just in case, and if you could afford it).
If all of the above are āNoā, and you are not involved in illegal / shady matters of any sort, I would agree that you could spend some more time on this topic.
Broadly speaking, iPhone is trustworthy and quite robust if it is a recent one and properly hardened. However, I donāt think taking it to extreme is a good idea, especially if your appearance / ethnicity could attract LE, since they will think āthis guy has something to hideā.
Even if you donāt, they will remain doubtful which prolongs your unnecessary trauma. I am not saying you need to make yourself like an opened door, I am saying donāt make yourself looks bulletproof, they will bring in RPG and tanks.
p.s. I expect some people might think what I say above is weird, even nonsense. However, if your country is your potential adversary (either you did something or not), your assessment and course of action would become completely different.
I want to add to this quick and say that while airplane mode will block cellular, wifi etc airplane mode does not block GNSS reception. The phone can still receive GPS signals and apps or the system can log location data locally while radios are off. Then when wifi or cellular is reāenabled, those logs can be uploaded or synced (depending on app/settings), so your past locations could be transmitted later.
I would recommend a faraday bag from a reputable company to block all RF signals for peace of mind, if OP is feeling paranoid.
Disabling cell data isnāt for keeping apps from accessing location, thatās what the location permission is for. That will prevent any app from getting any location data unless you explicitly grant it.
Your phone has an IMEI that identifies your handset and an IMSI that identifies you as a specific subscriber of your service. Your carrier can see where you are based on cell tower triangulation and identify you using these static identifiers, doesnāt have anything to do with apps, you already have extremely granular control over what apps are allowed to access on iOS and Android.
You can enable WiFi while airplane mode is turned on. WiFi allows you to randomize your MAC address (the equivalent hardware identifier) and iOS and Android even do this by default, so WiFi operators even if they collude wonāt be able to track you via any identifiers.
Literally the most recent case of LEO being stopped by mathematics is regarding a journalist iPhone. Lockdown mode iPhone is theoretically only beaten by a flagship pixel on
Is there a reason why you say āflagshipā pixel?
Like a difference in security in 8a/8/8 pro?
Thatās a good point. I saw that OP said they felt their iPhone was compromised, so a faraday could still be peace of mind, especially if they are participating in physical protests. Blocking all RF signal is a positive in a protest situation IMO, especially if LE is trying to track or āplaceā protestors/rioters etc. I donāt fully know the extent of LEās reach when it comes to this stuff, so I personally always throw my phone in a faraday
Last spring I explained to friends and family why I would be turning off iMessage and that I would be doing that in two weeks. I just told them Signal would be the only option to text me. I explained the benefits and that it was easy and free to install. A few days before my cut-off I sent a followup reminder. Then the day of I sent a last reminder letting them know Iād be turning it off later in the day.
Then I turned it off. By that point almost everyone had set-up Signal. Those that didnāt donāt get to text me.
Donāt be afraid to issue an ultimatum. Explain it. Then do it. If people value you and your privacy they will respect your wishes.
For protest related OPSEC, it seems off topic but you might want to check out The Protesters' Guide to Smartphone Security , especially the comments, its lengthy but please do read them.
Back to topic, I think OP needs to sit down and review their threat model, for most people, even many journalists, iPhone is perfectly fine. The problem usually is not on the hardware, but OPSEC.
Believe me, you are not alone in that feeling. A lot of peopleās threat models are substantially different than they were a year or two ago. Itās a really troubling time in the US (and various other countries for various reasons). Itās been bothering me lately how many people I see using phrases like āunless you need to be concerned with state level adversaries its pointless to worry aboutā language like this doesnāt reflect the current situation billions with a B of people need to worry about their own governments in this day and age.
but [Iphones] are terrible for privacy:
I do not share that opinion, here's why
For me personally, switching from a Pixel (w/ GOS) to an iPhone was surprisingly probably the single largest practical improvement to my mobile and communication privacy that Iāve made in the last 5+ years. I went from like ~5% of my messaging being E2EE to probably in the ballpark of 75% being E2EE. ADP was the other big reason I switched. That said, iOS has itās privacy shortcomings as well (but so does GOS), but on the whole I feel I gained more than I lost in practical terms, but itās a complicated question, and I hope to return to GOS in the future (because I also care a lot about openness and strongly prefer open source software)
If not aware, for like the first ~5 years of his work on GOS, DM talked about a goal of GrapheneOS was catching up to iOS wrt privacy (not just security), and only in the last maybe ~5 years has begun to talk about GOS+Pixel as being on par with and/or having an edge over iOS. (here is an example of the former, and an example of the latter)
Somewhat ironically, while a significant portion of the GOS community hates Apple, DM has pretty consistently been mostly positive about iPhones, and I believe still considers them to be the next best choice after GOS on a Pixel 8+ (in terms of privacy + security). Here is a comment he made a couple days ago:
If you have an iPhone thatās still supported, you have strong privacy and security. (src)
And here is a slightly older comment (from 2025):
iPhones have solid privacy and security despite being mostly closed source software.
iPhones are the next best option [after GOS] for privacy and security in most ways. They have great privacy from apps and arenāt awful at privacy from Apple particularly if people use Advanced Data Protection for iCloud. (src)
Just in case itās not clear. None of this should be read as an argument against GOS. I think GOS is a great choice in so many ways, and is stronger than an iPhone in many ways (most fundamentally it matters a lot to me that it is open source)
Is that not very extreme for the situation the original poster is concerned with? I understand being concerned about passive government survellience given their group, but saying to contact a suitable NGO āASAPā for posting negative comments on social media about LE or participating in a protest is unreasonable (at least in the US).
Given the hostile stance of US Fed Gov against certain ethbics group or people with different political stance, at scale, and given what I see about how people were treated after arrest, I would not hesitate to go seek proper advice.
Sounds dramatic? Yes if you are not within targeted communities / ethnicities.
(but Iām not sure thatāll, probably impact / block iMessage too; you could also specifically allow the relevant .apple domains for iMessage and then block all .apple completely).
)