How to Stop Apps From Tracking You on iPhone (2026)
Stop apps from tracking you on iPhone in 10 minutes. A step-by-step iOS 26 guide that goes beyond App Tracking Transparency: location, DNS, browser, mail.
How to Stop Apps From Tracking You on iPhone (2026 Step-by-Step)
A friend texted me last month with a screenshot. She had been at dinner the night before, complaining out loud — phone face-down on the table — about a specific brand of orthopedic insole she'd been considering. The next morning, the first ad in her Instagram feed was for that exact brand. Not a competitor, not a category, the brand. She wanted to know if her phone was listening, and she wanted to know how to stop apps from tracking you on iPhone for good.
It almost certainly wasn't. I've spent enough time inside Apple's Platform Security Guide and the FTC's data-broker filings to know that the boring explanation is almost always the right one. She had searched for insoles three weeks earlier on a laptop signed into the same Google account. She'd shared a location with a running buddy who had searched for the same thing. Two ad networks she had never heard of had quietly stitched all of that together into a profile, and the profile was sold to a buyer who used it to target her Instagram impressions. No microphone needed.
That's what people mean when they say they want to stop apps from tracking them on iPhone — they want to break the pipeline that takes one casual action and turns it into an ad in a different app the next morning. The good news is that iOS 26 gives you most of the tools to do it. The bad news is that the tools are scattered across nine different Settings menus, several of them are off by default, and the names don't match what they actually do. This guide walks through the ones that work.
If you only have four minutes, start with the free Chapter 1: three settings to change right now. If you want the full audit of every iOS 26 privacy toggle ranked by impact, see I Audited Every iOS 26 Privacy Setting. This post is the middle path: a comprehensive how-to for someone who wants to spend ten or fifteen minutes and meaningfully shut tracking down.
What "Tracking" Actually Means (And Why It Matters)
Almost every guide on the internet uses "tracking" as a single word for three completely different things. They have different mechanisms, different fixes, and different ceilings. Conflating them is why people turn off one toggle, see no change in their ad experience, and conclude that nothing works.
In-app tracking is the data the app itself collects about your behavior inside the app. What you tapped, how long you watched, what you searched. The app developer owns this and there is no iOS toggle that prevents it short of deleting the app. Your only real lever is choosing apps from companies whose data practices you trust, and reading their App Store privacy labels with skepticism. The Washington Post showed years ago that those labels are routinely misleading.
Cross-app tracking is what happens when an app you used in the morning sells signals about you to a network that an app you open in the evening also belongs to. The ad industry's primary key for this on iPhone is the IDFA — the Identifier for Advertisers — and it is exactly what App Tracking Transparency targets. When most people say "stop apps from tracking me on iPhone," this is the layer they care about. It is also the one Apple has actually done something about.
Network-level tracking is everything your carrier, your Wi-Fi network, your DNS resolver, and the websites you visit can see about you regardless of which app made the request. Your IP address, the domains you look up, the rough size of every request. None of this goes through App Tracking Transparency. Most iPhone privacy guides skip it entirely, which is why so many people lock down ATT and then leak everything at the network layer.
You need to do something at all three layers. The rest of this post tells you what.
The 60-Second Nuclear Option to Stop Apps From Tracking You on iPhone
Before anything else, do this one thing.
Open: Settings > Privacy & Security > Tracking
Turn OFF OFF OFF "Allow Apps to Request to Track."
That's the entire move. Every app that wants to track you across other apps and websites is required by Apple's App Tracking Transparency framework to ask permission first. With this global toggle off, the prompt never appears, every app is automatically told no, and the system returns a blanked-out IDFA — a license plate of all zeros — to anyone who asks. Apps that ignore the rule and try to track anyway have their App Store listings pulled.
Then scroll down the same page and audit any apps that already have permission from before you flipped the global toggle. Tap each one and turn it off. The global setting blocks future requests but doesn't retroactively revoke the yeses you tapped in 2022.
Why this matters
This is the single highest-impact tracking setting on the phone. What it does: cuts off the IDFA-based stitching that makes "I searched it on my phone, I saw the ad on my friend's phone" possible. What it doesn't do: stop apps from fingerprinting you with screen size, fonts, and battery level. Doesn't stop your IP address from leaking. Doesn't stop in-app tracking. We'll get to those.
The Financial Times reported that after Apple rolled out ATT, Facebook lost an estimated $10 billion in 2022 ad revenue because it could no longer track iPhone users across other apps with the same precision. That is the size of the lever you are pulling.
The 10-Minute Deep Clean
This is the section to actually work through with your phone in hand. Each setting has a path, what it does, and an honest tradeoff. Do them in order.
1. App Tracking Transparency (you just did this)
Open: Settings > Privacy & Security > Tracking Turn OFF OFF OFF "Allow Apps to Request to Track."
Covered above. If you skipped the nuclear option, do it now.
2. Apple's Own Ad Network
Open: Settings > Privacy & Security > Apple Advertising Turn OFF OFF OFF "Personalized Ads."
This one is worth doing but is not the same as the previous setting, despite what most listicles imply. This only affects Apple's small in-house ad network in the App Store, News, and Stocks. With it on, Apple uses your purchase history, what you read, and your account information to choose which ads to show inside Apple's own apps. With it off, the ads still appear; they're just generic. It does not affect any third-party app's tracking. The tradeoff is essentially zero — you'll see the same number of ads, just less relevant ones. Two seconds. Toggle it.
3. Stop Sharing Diagnostics With Apple
Open: Settings > Privacy & Security > Analytics & Improvements Turn OFF OFF OFF "Share iPhone Analytics."
What this does: stops your phone from sending Apple anonymized usage data, crash reports, and feature engagement metrics. The data is genuinely scrubbed, but the only person who benefits from sharing it is Apple's product team. While you're here, also turn off "Share iCloud Analytics" and "Share with App Developers."
The tradeoff: a small philosophical one. Some people argue that turning this off makes Apple's products worse over time because Apple gets less feedback. Decide for yourself. I leave it off.
4. Audit Every Location Permission
Open: Settings > Privacy & Security > Location Services
Don't just glance. Open every single app in the list. For each one, change "Always" to "While Using the App" or, better, to "Never." The only app I leave on "Always" is Find My iPhone, and the only ones I leave on "While Using" are Maps, weather, ride-share apps, and food delivery while I'm actively using them.
The tradeoff is real: some apps will nag you to re-enable location, and a few features (geofenced reminders, automated check-ins) genuinely won't work. Worth it.
Why this matters
The "Always" permission is the one being abused at scale. The New York Times' "One Nation, Tracked" investigation showed a single data broker holding records for 12 million phones, accurate enough to identify individual people walking into medical clinics, places of worship, and domestic violence shelters. Most of those records came from weather apps, prayer apps, and games that had been granted "Always" access years earlier and forgotten. In 2024 the FTC permanently banned a broker called X-Mode/Outlogic for selling exactly this kind of data. The pipeline is real, it is documented, and the only way to break it is one app at a time.
5. Turn Off Precise Location Per App
Open: Settings > Privacy & Security > Location Services > tap any app > Precise Location
For every app that doesn't strictly need turn-by-turn navigation — weather, news, social, retail, basically everything except Maps and a ride-share — Turn OFF OFF OFF Precise Location. The app drops from knowing your exact GPS coordinates to knowing roughly which neighborhood-sized area you're in. Plenty for "what's the weather like." Useless for mapping your daily routine.
The tradeoff: weather forecasts get slightly less accurate at the edges of your area, and "find a coffee shop near me" results get a bit fuzzier. Worth it.
6. Turn On the App Privacy Report
Open: Settings > Privacy & Security > App Privacy Report Turn ON ON ON "App Privacy Report."
Then wait a week. Come back. iOS will show you a 7-day log of every time each app accessed your camera, microphone, location, contacts, and photos — plus every internet domain each app contacted in the background, categorized as Advertising, Analytics, or System Functional.
This is your evidence locker. If a flashlight utility is hitting an ad network at 3 AM, this is where you'll see it. Anything that looks wrong, delete the app. Tradeoff: the log lives on your device, takes up trivial storage, and only helps if you actually open it. Set a calendar reminder.
7. Hide Your IP From Trackers in Safari
Open: Settings > Apps > Safari > Hide IP Address
Set it to "Trackers and Websites" if you have iCloud+, or "Trackers Only" if you don't. With iCloud+, this routes your traffic through iCloud Private Relay's two-hop architecture so neither Apple nor the destination site can tie your identity to the page you're visiting. Without iCloud+, you still get protection against known trackers.
The tradeoff: some sites that key off your IP for region detection (local sports streams, certain news paywalls) will think you're somewhere else. You can disable Private Relay per network if it gets in the way.
8. Turn On Advanced Tracking and Fingerprinting Protection
Open: Settings > Apps > Safari > Advanced > Advanced Tracking and Fingerprinting Protection
Set it to All Browsing, not just Private Browsing. This is the single most-skipped Safari setting on the phone. Fingerprinting reads your screen size, available fonts, battery level, time zone, and dozens of other signals to build a unique device profile that survives across sessions without any cookies. Setting this to All Browsing makes your iPhone return standardized values so it looks identical to millions of other iPhones. Most guides tell you to set it to Private Browsing only and stop, which leaves most of your browsing exposed.
The tradeoff: I haven't personally hit a site that broke from this, but Apple's documentation notes occasional layout glitches on sites that aggressively probe device characteristics. Tiny cost.
9. Turn On Mail Privacy Protection
Open: Settings > Apps > Mail > Privacy Protection Turn ON ON ON "Protect Mail Activity."
Marketing emails contain invisible tracking pixels — a 1x1 transparent image hosted on the sender's server. The moment you open the email, your client requests the image, and the server logs your IP, device, and the exact timestamp. With Protect Mail Activity on, Apple pre-fetches every remote image through its proxy at random times whether you opened the email or not. Open rates from iOS Mail users effectively become noise. The EFF has a good writeup on the mechanism. Highest-impact, lowest-effort setting in this entire list. The only tradeoff: this only works in Apple Mail. If you read mail in Gmail, Outlook, or Spark, it doesn't apply. Turn it on.
10. Audit Sensor and Usage Data Access
Open: Settings > Privacy & Security > Motion & Fitness
Then check the related menus on the same Privacy & Security page: Sensor & Usage Data Access, and Research Sensor & Usage Data. Most people will have nothing here. If you do, audit it. These are deeper sensor permissions that can leak surprisingly intimate information — accelerometer data alone can be enough to infer what room or building you're in. If an app is in this list and you don't remember why, revoke.
The tradeoff: fitness and health apps that legitimately need motion data will stop working as well. Re-grant case by case.
The Browser Problem
Most "tracking" on a modern phone happens through the browser, not through native apps. And here is where most iPhone privacy guides go quiet, because the right answer is uncomfortable: if you use Chrome on iPhone, you are negating most of the work above.
Chrome on iPhone uses Apple's WebKit rendering engine — Apple requires this — but the browser app itself is built by Google. Your browsing history, your search queries, and a meaningful slice of your behavioral data go to Google by design. Chrome on iOS does not honor Safari's tracking protections, doesn't get iCloud Private Relay, doesn't get Hide My Email, and doesn't get Advanced Tracking and Fingerprinting Protection. If you've turned off ATT and audited every location permission and then opened Chrome to search for something, you've handed Google a clean signal that the rest of the system was specifically designed to obscure.
Three real options. Safari, with the settings above and ideally with iCloud+ for Private Relay and Hide My Email, is the most private mainstream browser on iPhone today and the one I use as a default. DuckDuckGo ships with tracker blocking, fingerprint protection, and email protection on by default and is a fine choice if you don't want to think about settings. Brave is more aggressive about ad and tracker blocking and has better fingerprinting defenses than Safari for power users, with the tradeoff that some sites break.
The non-option is Chrome. If you're using it because you've memorized the address-bar gestures, the muscle memory is not worth what you're giving up.
The DNS Layer
This is the layer almost nobody touches and where you can make a surprisingly large difference in five minutes.
Every time any app on your phone — not just the browser, every app — wants to talk to a server, it first asks a DNS resolver "what is the IP address for this domain." By default, your iPhone uses whatever resolver your carrier or Wi-Fi network provides, which means your carrier and your network operator see a real-time list of every domain your phone ever requests. Coffee shop Wi-Fi sees that you checked your bank, looked up a medical condition, and opened a dating app. So does your ISP at home.
You can change this.
Open: Settings > General > VPN, DNS & Device Management > DNS
Add a DoH (DNS-over-HTTPS) profile from one of these:
- Cloudflare 1.1.1.1 — free, fast, has a public no-logs commitment audited annually by KPMG
- Quad9 — free, run by a Swiss nonprofit, blocks known malicious domains by default
- NextDNS — free up to 300,000 queries per month, lets you block tracker, ad, and analytics domains across every app on your phone with a configurable blocklist
NextDNS in particular is the closest thing iOS has to a network-wide ad blocker. You can subscribe to public blocklists like Hagezi's that block tens of thousands of advertising and telemetry domains, and it applies system-wide — Safari, Chrome, native apps, everything.
Why this matters
The honest tradeoff: aggressive DNS blocking can break apps in confusing ways. An app might fail to load content, time out at sign-in, or just silently misbehave because a tracker domain it depends on is being blocked. NextDNS lets you see which domains are blocked and pause blocking for specific apps. Start with a moderate blocklist, expand as you get comfortable, and know how to turn the profile off when you need to debug.
What You Can't Fix From Settings
A guide that promises you can stop all tracking is lying. Here's the honest ceiling.
SDK fingerprinting. Even with a zeroed IDFA, an app can still combine your screen size, your installed font list, your battery level, your time zone, your accelerometer noise pattern, and dozens of other signals into a probabilistic identifier that follows you across apps. Apple has been tightening the rules — the SKAdNetwork framework and the requirement that apps declare "required reasons" for using fingerprintable APIs are both directly aimed at this — but it's an arms race and Apple is not winning every round.
IP-based tracking. Outside Safari with Private Relay, every app sees your real IP address. That's enough for moderately accurate geolocation and, when correlated with other signals, enough to link sessions across apps. A DNS change doesn't fix this. Only a real VPN or Private Relay does, and Private Relay only works in Safari.
Voice assistant data. Anything you say to Siri that gets routed to a third-party model — and in 2026 that includes complex queries handed off to Gemini or ChatGPT — leaves your device. Apple says these are anonymized and contractually prohibited from being used for training. Those are legal commitments, not hardware constraints. You can disable third-party integrations in Settings > Apple Intelligence & Siri.
Data brokers. Once an app has your data — location, contacts, behavior — it can sell it to a broker, who can sell it to a buyer, who can attach it to other data they've bought, and there is no setting on your phone that stops the downstream pipeline. This is why the location audit in step 4 matters so much: the toggle on your phone is the only point in the chain you control. After that, the data is gone.
Cell tower triangulation. Your carrier knows where you are at all times. There is no app and no setting that changes this; it's how cellular networks work. If your threat model involves your carrier, the answer isn't a phone setting — it's a different device.
The realistic ceiling for an iPhone user who works through this entire post: you've cut cross-app advertising tracking by something like 80–90%, you've made yourself a hard target for the data broker pipeline, and you've shifted from being a cooperative source of behavioral data to being a meaningfully harder one. That's a huge improvement. It is not invisibility, and anyone who tells you otherwise is selling you something.
The 33-Setting Walkthrough
Everything above is the substance of what works. If you want the rest — the full 33-setting walkthrough with tappable deep links that open each Settings page directly on your phone, plus the AI privacy chapter, the iCloud lockdown, the Stolen Device Protection setup, and the parts of iOS 26 most guides miss — that's iPhone Lockdown, the $19 ebook this post is a chapter of. It's a 30-minute setup that hardens your phone for years. You do this once and you're done.
Otherwise: do the Tier 1 settings here tonight. Come back next week and check your App Privacy Report. If a flashlight utility is talking to an ad server, you'll know what to do.
Moiz writes iPhone privacy guides at BetterBetterBooks. Reporters working on an iOS 26 privacy story can request the full methodology and source sheet.