I have chopped some info from a guide i’ll be posting soon regarding defenses against Cellebrite/Graykey.
Use latest iPhone model or 1 below. Advanced data protection enabled. Delete the screenshot of recovery key after setup. Uncheck access icloud data on the web. Don’t use icloud keychain or passkeys or passwords app. Only use third party password manager (ProtonPass, 1pass, etc.) Toggle usb accessories. Use long alphanumeric password. Disable control center access from lockscreen. Don’t display content in push notifications. Frequently clear in app caches if the setting is available. Follow up with an app delete after clearing the cache. Make sure icloud isn’t backing up the app data for that specific app as well. You may have to check that each time you reinstall it. Enable screen time and disable installation of apps (enable when needed). If in eu you have a special option to block third party app marketplaces. Turn off significant locations (important).
If you know you won’t be near your phone for a period of time put it in bfu. A iphone in afu is a dead iphone in most cases. You can quickly do this by hitting power button 5 times or using a Killswitch - Shortcut [put it on your home screen]. Enabling stolen device protection is a must as it interferes with modern forensic tools even if they have obtained your password. On ios 18.2 beta you can lock apps with face id. Lock all social media and financial apps. Destroy your apple watch if you have one. The watch itself is a liability. Especially the ultra 2.
If using a 6-8 digit pin on your mobile device do not use your atm pin, gatecode, in-app pins (most important), zip code, birthday, mobile account pin, house alarm pin, parental controls pin, roku pin, roblox pin, firetv pin, windows pin, xbox pin, netflix pin, bank pin, voicemail pin. In-app pins can show up in bfu extraction of iphone, meaning they don’t even need to BF your password.
use imessage WITH icloud backups (so that only the most recent messages are stored locally and the cloud ones are protected by advanced data protection), set icloud messages to auto delete after 30 days, orrrrrrr
signal with temp number + disappearing chat, telegram with no username/disappearing chat, privnote.com (exchanging private info over non secure apps) (beware of fake domains). delete your google account, switchover to Proton suite.
never have more than one apple device powered on at once. Never unlock device in a area where you can’t see the majority of your surroundings. Matter of fact only use face id and if your full password is required wait until you are in a secluded area. Assume you are being watched at all times. Power off devices when not in use. Delete unused accounts. Never speak to law enforcement without a lawyer. Monitor forensic groups and news to stay hooked on capabilities of law enforcement. Research court cases involving modern forensic tools.
Advanced data protection makes subpoenas and search warrants to apple nearly useless. Unless there is something valuable in your contacts app, mail app, or generic account/device info.