With the latest iOS software, your iPhone has significant privacy and security enhancements to help protect your data even better than Apple has done before. From protecting your iPhone, to password-protecting files, and making it easy to browse the web safely, there’s a lot you need to know and start using.
While many of the features listed below became available in September 2022 when iOS 16.0 was released, Apple has released subsequent software updates, each with an update or new feature specifically related to your privacy or security. So if you think you know all the ways that iOS 16 protects your privacy and makes your iPhone more secure, check your knowledge below.
1. Security check
The Security Review feature, available since iOS 16.0, lets you view and change the sharing and data access permissions granted to apps. The Sharing Permissions section is for people suffering from domestic or partner violence. However, anyone can use it to regain control of their location, documents, and other general information.
The security check has two main features: emergency reset, which removes all app and people permissions and checks account and device privacy and security, and sharing and access control, which lets you manually view everything to choose which people and apps you want needed. and must not share data and content with.
2. Automatic security updates
In iOS 16.0 and later, Apple may automatically download and install Rapid Security Responses on your iPhone before they are included in the next minor iOS update.
The new feature can help protect your iPhone from more serious vulnerabilities, such as some zero-day exploits, without having to wait for regular software updates. In addition, answers may fix system files that can be attacked (such as issues with Safari) and vulnerable supported accessories (such as AirPods).
It’s enabled by default, but you can check your “Security Answers and System Files”settings via Settings -> General -> Software Update -> Automatic Updates. Security issues affecting iOS should restart your iPhone after installation, while app updates might require you to close and reopen the app.
Any Rapid Security Response can be uninstalled via Settings -> General -> About -> iOS Version -> Uninstall Security Response, but they will be reinstalled during the next regular iOS minor update.
3. Passwords for apps and websites
In an attempt to replace traditional passwords for online accounts, Apple introduced passkeys with iOS 16 that are designed to protect user information from database hacks, phishing attempts, and password cracking attacks.
In short, passwords use unique public and private keys for each account. The public key is stored on the website or app’s servers, while the private key, which no one can see, including you, not even Apple, is stored in your iCloud keychain. Since the private key is invisible to everyone and requires biometric authentication, it is almost impossible to hack into password-protected accounts.
Because the passkeys are synced with iCloud, you can sign in from any of your Apple devices. When you sign in to your account from a non-Apple device, you can use your iPhone to scan the QR code.
To use passwords, go to a website or app that supports them. To create an account, enter your username and select the “Password”option. To use access keys for the current account, go to that account’s security settings and select the Access key option. You can save your iCloud passkey from your current device, and even save it to another device, such as an external security key, depending on the account.
Best Buy, Dashlane, eBay, Google, Kayak, PayPal, Robinhood (see below), Shopify and WordPress are just some of the apps and websites that work with access keys.
4. Security keys for Apple ID
With the iOS 16.3 update, Apple added support for security keys to help you log into your Apple ID account more securely and prevent phishing and unauthorized login attempts. Security keys replace two-factor verification codes sent to your trusted Apple devices whenever you try to sign in on another device, access your online account, reset your Apple ID password, unlock your Apple ID, or add or remove security keys.
You can use any FIDO (Fast IDentity Online) certified security key. Dongles with a Lightning connector, USB-C connector, and a Lightning to USB-C or NFC (Near Field Communication) adapter will work. NFC dongles only work with iPhones, so if you want something to work on your iPhone, iPad, and Mac, you’ll need a dongle with a connector. Some options include:
- FEITIAN iePass K44 Security Key with USB-C and Lightning Connectors (~$38 at Amazon)
- Yubicon YubiKey 5 Security Key with NFC and USB-A Connector (~$50 at Amazon)
- Cryptnox Security Key Smart Card with NFC (~$29 at Amazon)
You need two keys, which is fail safe in case you lose one. Apple ID security keys also only work on the latest operating systems, so all of your devices must be running at least iOS 16.3, iPadOS 16.3, or macOS 13.2 Ventura. If you’re signed in to any Apple devices with older software, you’ll be prompted to update those devices before continuing. If you have not used or unlocked these devices for more than 90 days, this will allow you to log out of these devices in place, but you will need to update them if you end up needing to use them.
5. Lock mode
Lockdown Mode is a huge new privacy and security feature that comes with iOS 16 that gives your iPhone the best protection from spyware, phishing attempts, and other sophisticated cyber attacks. While it is intended for potential targets of malware and spyware attacks, such as politicians, journalists, military personnel, investors, human rights activists, dissidents, lawyers, activists, celebrities, and government officials, anyone can use it when the situation calls for it.
When enabled, this feature reduces the potential attack surfaces and penetration paths that can be exploited, but it will affect certain apps and services on your iPhone. For example, it blocks hyperlinks, rich link previews and most message attachments, FaceTime calls from unknown users, installation of new configuration profiles, complex web technologies, smart home control prompts, shared albums, unknown USB accessories, and more. Visit our ban mode guide for a full rundown of what’s going on and their exceptions.
This may seem a little extreme, but there may be situations where blocking mode is useful. Phone calls, regular text messages, and emergency functions continue to work. You can exclude certain websites from Block Mode if you need them to work properly while your iPhone is protected. And you can also disable lock mode for some apps.
6. Advanced data protection for iCloud
Enhanced Data Protection, which is disabled by default, is a new iCloud security feature in iOS 16.2 and later in the US and iOS 16.3 and later for the rest of the world. It may surprise you, but not all of your iCloud content is end-to-end encrypted. Some items already protected by E2E include passwords, messages, your Safari history, health data, home data, and even Memoji. But by turning on Advanced Data Protection in Settings -> [your name] -> iCloud, you get E2E encryption for nine more categories, including your notes, photos, reminders, Safari bookmarks, wallet passes, voice memos, shortcuts, backups. iCloud copies, and iCloud Drive files.
7. Landscape Face ID
If you have an iPhone with Face ID, you probably rely heavily on Apple’s facial recognition system to not only unlock your iPhone, but also unlock personal photos and videos, secure notes, password managers, emails, financial accounts, text documents and even entire Programs. However, it doesn’t always play nice.
iOS 16 introduces a new Face ID feature that lets you work in landscape, not just portrait. So you can hold your iPhone in any orientation to unlock it as long as your fingers don’t cover the TrueDepth camera. This can come in handy when using your iPhone in bed, at your desk, with an external keyboard/mouse, watching videos, and more, but is only available on iPhone 12 and later.
8. Locked hidden and recently deleted photo albums
Starting with iOS 10, it became possible to hide photos and videos by moving them to the Hidden album. This removes them from your other albums and the Photos widget, and everything syncs to your other iCloud-connected Apple devices if you have iCloud Photos turned on.
iOS 14 introduced the ability to hide the Hidden album in case someone gets hold of your iPhone and knows where to look for private content. That still wasn’t enough for complete privacy, and iOS 16 addresses that issue by letting you lock a hidden album with Face ID, Touch ID, or your passcode. To increase the security of your valuable photos, consider hiding the album after turning on the lock.
9. More Ways to Unlock Notes
In iOS 16.0 and later, you have another way to lock notes in the Notes app. Previously, you could use a special Notes password to lock notes on each account, and you could also use Face ID or Touch ID for convenience. Now you don’t have to worry about losing your Notes passwords and locking your secure notes because you can use your iPhone’s passcode instead.
If you use more than one Apple device, each device’s passcode or password will allow you to access your password-protected notes, as well as Face ID and Touch ID if enabled. On iCloud.com, your Apple ID password should work, and two-factor authentication using a trusted device.
To change the password of each Notes account to your device’s passcode, go to Settings -> Notes -> Password -> Use Device Password, and then lock each note one by one if necessary. You may also be prompted to select “Use Device Password”when you lock a note or open an already locked note. In any case, keep in mind that you can’t block quick and collaborative notes, audio, video, PDFs, and other file attachments such as Keynote, Pages, or Numbers documents.
10. Automatically verified CAPTCHAs
With iOS 16, your iPhone can help you bypass all those annoying online CAPTCHAs that you’ll have to interact with to prove you’re not a bot on the web or log into web accounts. It bypasses verification thanks to iCloud and Private Access Tokens (PAT). This process verifies your device and sends HTTP requests without revealing your identity or sharing personal information such as IP addresses.
You can go to “Settings”-> “[your name]”-> “Password & Security”-> “Auto Check”to make sure it’s enabled.
Image via Apple
11. Emergency SOS changes
In iOS 16.3 and later, Apple has changed how some emergency SOS features work on your iPhone. Call Hold and Release (previously Call Hold) now requires you to release the hardware buttons after the countdown has ended to call the emergency services, which should prevent accidental calls.
“5 Button Click Call”(previously just “5 Button Click Call”) works the same way, but adds “Button”to the name to make it more clear what you’re pressing.
And “Silent Call”(formerly “Countdown Sound”) works similarly to its predecessor, but instead of enabling “Countdown Sound”to play warning sounds during an emergency SOS call countdown, you need to disable “Silent Call”.
The Emergency SOS menu in iOS 16.2 (left) and iOS 16.3 (right).
12. Improved AirDrop Security
To prevent people from continuing to abuse AirDrop to send unwanted photos, videos, web pages, files, and other content to others, Apple has changed how AirDrop works on iOS 16.2 and later. Via Settings -> General -> AirDrop, the Everyone option that allowed anyone to share content with you is now called Everyone for 10 Minutes.
So, instead of a “set it and forget it”setting, you need to manually open AirDrop for people outside of your contact list if more than ten minutes have passed since you last enabled this setting. To make the switch more efficient, expand the connection control panel in the Control Center and tap the AirDrop button.
13. Disable IP address hiding in Safari.
When you use iCloud Private Relay through an iCloud+ subscription, your IP address is hidden from websites you visit in Safari. In iOS 16.1.2 and earlier, this was an all or nothing option, unless you wanted to temporarily disable it over the Internet via Settings -> iCloud -> Private Relay -> Private Relay.
However, in iOS 16.2 and later, you can turn off private relay for specific sites through the website settings menu in Safari (click the “AA”button, then “Show IP Address”). As Apple states, this can come in handy when “a website uses IP filtering, monitoring, or rate limiting, may require your IP address to be visible.”
14. Key exchange in the wallet
If you have digital keys stored in the Wallet app, you can share them on iOS 16.1 and later with other iPhone users through Messages, WhatsApp and other messaging apps, and others can share their keys with you. This is handy when someone needs to get into your car, or when you need to share your hotel key with guests or someone you’re staying with.