Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Security Guide book

In this book we will try to keep up with the latest security features and best practices.

iOS 26.2.1 Security and Privacy Settings Guide

A comprehensive guide to configuring security and privacy settings on iOS 26.2.1 (the latest version as of January 29, 2026) to protect your personal data and secure your iPhone.

Table of Contents

  1. What’s New in iOS 26
  2. Device Authentication
  3. Stolen Device Protection
  4. App Privacy Controls
  5. Location Services
  6. Lock and Hide Apps
  7. Safari Privacy Settings
  8. Mail Privacy Protection
  9. Passwords App
  10. Advanced Data Protection for iCloud
  11. Lockdown Mode
  12. Communication Safety & Parental Controls
  13. Safety Check
  14. Find My iPhone
  15. Advertising and Tracking Controls
  16. Apple Intelligence Privacy
  17. Wi-Fi Aware & Network Security
  18. Wired Accessories Security
  19. AirDrop Security (iOS 26.2)
  20. Additional Security Recommendations

What’s New in iOS 26

iOS 26 (released September 15, 2025) represents Apple’s biggest security and privacy update in years. Apple jumped from iOS 18 to iOS 26 to align version numbers with the year across all operating systems.

Major Security & Privacy Additions in iOS 26

  • Wi-Fi Aware – Secure peer-to-peer connections without internet access points
  • Post-Quantum Cryptography – Hybrid key exchange protecting against future quantum computing threats
  • Expanded Passkey Support – Automatic passkey creation and migration from passwords
  • Advanced Tracking Protection for All Browsing – Anti-fingerprinting expanded beyond Private Browsing
  • Wired Accessories Security – Explicit permission controls for USB-C/Lightning accessories
  • Enhanced Parental Controls – Stronger child account management and content filtering
  • Password Version History – Track changes to saved passwords over time
  • Secure Password Export – FIDO Alliance standard for moving credentials between managers
  • Liquid Glass Design – New translucent interface (including privacy-focused opacity controls)

iOS 26.2 Security Updates (December 2025)

  • 26+ security vulnerabilities patched, including two actively exploited WebKit zero-days
  • AirDrop security codes – One-time codes for sharing with unknown contacts
  • Hidden Photos fix – Addressed vulnerability allowing unauthorized access
  • FaceTime caller ID spoofing – Patched to prevent impersonation attacks
  • iMessage privacy controls – Improved data handling

iOS 26.2.1 (January 26, 2026)

iOS 26.2.1 is a minor update focused on new hardware support and bug fixes.

New Features:

  • AirTag (2nd Generation) support – Required for the new AirTag with:
    • Second-generation Ultra Wideband (UWB) chip for 50% longer Precision Finding range
    • Precision Finding on Apple Watch (Series 9+, Ultra 2+) for the first time
    • 50% louder speaker for easier locating and enhanced anti-stalking measures
    • Expanded Bluetooth range for better Find My network detection
    • Share Item Location with 36+ airlines for lost luggage recovery

Bug Fixes:

  • Emergency calling fix for older mobile phones
  • Unspecified stability improvements

Security Notes:

  • No published CVE entries for iOS 26.2.1 itself
  • Users on iOS 26-compatible devices should update to maintain security (older iOS versions only receive certificate updates)

Also Released:

  • iOS 18.7.4, iOS 16.7.13, iOS 15.8.6, iOS 12.5.8 – Certificate updates for iMessage, FaceTime, and Apple account sign-in (valid until January 2027)

Critical: iOS 26.2.1 is required for AirTag (2nd Generation). Update via Settings > General > Software Update.

1. Device Authentication

Face ID / Touch ID Setup

Biometric authentication provides secure and convenient device access.

How to set up Face ID:

  1. Open Settings
  2. Tap Face ID & Passcode
  3. Enter your passcode
  4. Tap Set Up Face ID
  5. Follow on-screen instructions to position your face
  6. Move your head in a circle to complete the scan

Configure Face ID uses:

  • iPhone Unlock
  • iTunes & App Store purchases
  • Apple Pay
  • Password AutoFill
  • Other Apps (toggle individually)

Strong Passcode Configuration

How to set a strong passcode:

  1. Go to Settings > Face ID & Passcode
  2. Tap Change Passcode
  3. Tap Passcode Options
  4. Select Custom Alphanumeric Code (8-12 random characters recommended)

Two-Factor Authentication (2FA)

How to enable 2FA:

  1. Go to Settings > [Your Name] > Sign-In & Security
  2. Tap Turn On Two-Factor Authentication
  3. Tap Continue
  4. Enter a trusted phone number
  5. Verify with the code sent to your phone

Auto-Lock Settings

  1. Go to Settings > Display & Brightness > Auto-Lock
  2. Select a time interval (30 seconds to 5 minutes recommended)

2. Stolen Device Protection

Stolen Device Protection adds security when your iPhone is away from familiar locations.

Key Features

Biometric Authentication Required (no passcode fallback):

  • Accessing passwords stored in iCloud Keychain
  • Using saved payment methods in Safari
  • Turning off Lost Mode
  • Erasing all content and settings
  • Viewing Apple Card virtual card number
  • Opening locked and hidden apps

Security Delay (1-hour wait + second biometric scan):

  • Changing Apple Account password
  • Signing out of Apple Account
  • Turning off Stolen Device Protection
  • Changing Face ID or Touch ID settings
  • Changing device passcode
  • Resetting all settings
  • Turning off Find My

How to Enable

  1. Go to Settings > Face ID & Passcode
  2. Enter your passcode
  3. Scroll down and tap Stolen Device Protection
  4. Toggle on

Configuration Options

  • Away from Familiar Locations – Security features activate only when away from home/work
  • Always – Security features are always active

Requirements

  • iOS 17.3 or later (enhanced in iOS 26)
  • Two-factor authentication enabled
  • Face ID or Touch ID configured
  • Device passcode set
  • Find My enabled
  • Significant Locations enabled

3. App Privacy Controls

App Tracking Transparency

How to configure:

  1. Go to Settings > Privacy & Security > Tracking
  2. Toggle Allow Apps to Request to Track off to block all tracking
  3. Or manage individual app permissions below

App Privacy Report

View detailed app data access:

  1. Go to Settings > Privacy & Security > App Privacy Report
  2. Toggle on App Privacy Report
  3. Review 7-day history of sensor, camera, microphone, and network access

Clipboard Access Alerts

iOS 26 continues to notify you whenever apps access your clipboard, preventing silent data harvesting.

Review All Permissions

  1. Go to Settings > Privacy & Security
  2. Review each category: Location, Contacts, Photos, Microphone, Camera, etc.
  3. Revoke unnecessary permissions

4. Location Services

Per-App Location Settings

For each app, choose:

  • Never – No location access
  • Ask Next Time Or When I Share – Prompts each time
  • While Using the App – Access only when app is open
  • Always – Background access (use sparingly)

Precise vs. Approximate Location

  1. Go to Settings > Privacy & Security > Location Services
  2. Select an app
  3. Toggle Precise Location off for approximate area sharing

Significant Locations

  1. Go to Settings > Privacy & Security > Location Services > System Services
  2. Tap Significant Locations
  3. View, toggle off, or clear history

5. Lock and Hide Apps

How to Lock an App

  1. Touch and hold the app icon on Home Screen
  2. Tap Require Face ID (or Touch ID/Passcode)
  3. Confirm your choice

How to Lock and Hide an App

  1. Touch and hold the app icon
  2. Select Hide and Require Face ID
  3. App moves to Hidden folder in App Library

To access hidden apps:

  1. Swipe left to App Library
  2. Scroll to bottom, tap Hidden folder
  3. Authenticate with Face ID/Touch ID

What Happens When Apps Are Locked

  • No notification previews
  • Hidden from Spotlight search
  • Hidden from Siri suggestions
  • Call history from locked apps is hidden

Integration with Stolen Device Protection

When Stolen Device Protection is enabled, locked apps can only be opened with Face ID/Touch ID—passcode fallback is disabled.

6. Safari Privacy Settings

Advanced Tracking and Fingerprinting Protection (NEW in iOS 26)

iOS 26 expands anti-fingerprinting protection to all browsing, not just Private Browsing:

  1. Go to Settings > Apps > Safari > Advanced
  2. Set Advanced Tracking and Fingerprinting Protection to All Browsing

This normalizes browser data to make your device look generic to tracking scripts, significantly reducing fingerprinting effectiveness.

Private Browsing with Face ID Lock

  1. Go to Settings > Apps > Safari
  2. Enable Require Face ID to Unlock Private Browsing

Hide IP Address

  1. Go to Settings > Apps > Safari > Hide IP Address
  2. Choose:
    • Trackers Only – Hides IP from known trackers
    • Trackers and Websites – Hides IP from all sites (requires iCloud+ Private Relay)

Intelligent Tracking Prevention

  1. Go to Settings > Apps > Safari
  2. Enable Prevent Cross-Site Tracking

Fraudulent Website Warning

  1. Go to Settings > Apps > Safari
  2. Enable Fraudulent Website Warning

iOS 26 automatically strips tracking parameters (UTMs) from URLs in Safari Private Browsing, Messages, and Mail.

7. Mail Privacy Protection

Features

  • Hides your IP address from senders
  • Prevents open tracking
  • Blocks invisible tracking pixels

How to Enable

  1. Go to Settings > Apps > Mail > Privacy Protection
  2. Enable Protect Mail Activity

Or configure separately:

  • Hide IP Address
  • Block All Remote Content

8. Passwords App

iOS 26 significantly enhances the standalone Passwords app.

New Features in iOS 26

  • Password Version History – View previous passwords for any account with timestamps
  • Secure Export – FIDO Alliance standard for moving passwords, passkeys, and verification codes to other managers
  • Automatic Passkey Upgrades – When you sign in with a password, system can create a passkey for next time
  • Credential Management Endpoints – Prompts to upgrade passwords to passkeys
  • Websites to Exclude – Manage sites where passwords shouldn’t be saved

How to Access

  1. Open the Passwords app
  2. Authenticate with Face ID/Touch ID

View Password History

  1. Open Passwords
  2. Select a saved login
  3. Tap View History (appears when multiple versions exist)

Export Passwords Securely

  1. Open Passwords
  2. Tap Settings (gear icon)
  3. Select Export Passwords
  4. Choose destination app (uses encrypted FIDO Alliance format)

Security Alerts

The app warns about:

  • Credentials in known data breaches
  • Weak passwords
  • Reused passwords

9. Advanced Data Protection for iCloud

End-to-end encryption for the majority of your iCloud data.

What It Protects (25 categories total)

  • iCloud Backup (including Messages)
  • iCloud Drive
  • Photos
  • Notes
  • Reminders
  • Safari Bookmarks
  • Voice Memos
  • Freeform boards
  • And more…

Cannot be encrypted:

  • iCloud Mail, Contacts, Calendars (due to interoperability requirements)

How to Enable

  1. Go to Settings > [Your Name] > iCloud
  2. Tap Advanced Data Protection
  3. Tap Turn On Advanced Data Protection
  4. Set up recovery method first:
    • Recovery Contact – Trusted person to help regain access
    • Recovery Key – 28-character code to store securely

Important

  • Apple cannot recover your data if you lose access
  • All devices must run supported OS versions
  • iCloud.com access is disabled by default

10. Lockdown Mode

Extreme protection for users who may be targeted by sophisticated attacks. This mode significantly restricts device functionality to reduce attack surfaces, but also provides robust defense against mercenary spyware.

Who Should Use It

  • Journalists, activists, diplomats
  • High-profile individuals
  • Anyone targeted by mercenary spyware

What Lockdown Mode Does

  • Messages: Most attachments blocked
  • Web: Complex technologies disabled (JIT JavaScript)
  • FaceTime: Incoming calls blocked from unknown contacts
  • Photos: Location excluded from shared photos
  • Device: Wired connections blocked when locked
  • Wireless: 2G cellular disabled, won’t auto-join insecure Wi-Fi

How to Enable

  1. Go to Settings > Privacy & Security
  2. Scroll down and tap Lockdown Mode
  3. Tap Turn On Lockdown Mode
  4. Tap Turn On & Restart
  5. Enter your passcode

11. Communication Safety & Parental Controls

Enhanced Parental Controls (iOS 26)

iOS 26 significantly strengthens parental controls:

  • Child Accounts – Create or move kids into managed accounts easily
  • Communication Controls – Decide who children can text/call
  • Third-Party App Management – Control messaging in gaming and social apps
  • Unknown Number Blocking – Block calls/messages from unknown numbers
  • Age Limits – Set strict age limits for app downloads
  • Explicit Content Detection – Blurs inappropriate content in shared albums and FaceTime

Communication Safety

Protects children from sensitive content in Messages:

  1. Go to Settings > Screen Time
  2. Tap Communication Safety
  3. Toggle on Communication Safety

Sensitive Content Warning (Adults)

  1. Go to Settings > Privacy & Security > Sensitive Content Warning
  2. Toggle on to blur sensitive images

12. Safety Check

Quickly review and reset access you’ve granted to others.

How to Access

  1. Go to Settings > Privacy & Security
  2. Tap Safety Check

Options

Manage Sharing & Access: Granular control over individual permissions

Emergency Reset: Immediately stops all sharing, resets permissions, signs out of iCloud on other devices

Quick Exit: Instantly returns to Home Screen (progress saved)

13. Find My iPhone

How to Enable

  1. Go to Settings > [Your Name] > Find My
  2. Tap Find My iPhone
  3. Enable:
    • Find My iPhone
    • Find My Network (locate even when offline)
    • Send Last Location

Activation Lock for Parts (iOS 26)

iOS 26 extends Activation Lock to individual components (batteries, cameras, displays), making stolen parts unusable.

AirTag (2nd Generation) - iOS 26.2.1 Required

The new AirTag (released January 26, 2026) requires iOS 26.2.1 or later and includes significant security and tracking improvements:

Enhanced Finding Capabilities:

  • 50% longer Precision Finding range via second-generation Ultra Wideband chip
  • Precision Finding on Apple Watch – Works on Apple Watch Series 9+, Ultra 2+ (first time on wrist)
  • Expanded Bluetooth range – Better detection by Find My network devices
  • 50% louder speaker – Easier to locate and harder for stalkers to mask

Anti-Stalking Improvements:

  • Louder alert sounds when separated from owner’s device
  • Improved detection notifications on iPhones
  • Same separation alert timing (approximately 8 hours)

Share Item Location:

  • Securely share AirTag location with airlines for lost luggage
  • 36 airlines supported at launch, 15+ more coming
  • End-to-end encrypted sharing

How to Set Up AirTag (2nd Gen):

  1. Ensure iOS 26.2.1 is installed
  2. Bring AirTag near your iPhone
  3. Tap Connect when prompted
  4. Name your AirTag and assign an emoji
  5. Register to your Apple ID

14. Advertising and Tracking Controls

Disable Advertising Identifier

  1. Go to Settings > Privacy & Security > Tracking
  2. Toggle off Allow Apps to Request to Track

Disable Apple Personalized Ads

  1. Go to Settings > Privacy & Security > Apple Advertising
  2. Toggle off Personalized Ads

Analytics & Improvements

  1. Go to Settings > Privacy & Security > Analytics & Improvements
  2. Toggle off data sharing options

15. Apple Intelligence Privacy

On-Device Processing

Most Apple Intelligence features process data locally on your device.

Private Cloud Compute

For complex requests:

  • Uses Apple’s Private Cloud Compute
  • Data never stored on servers
  • Cryptographically verified privacy

Control AI Learning

  1. Go to Settings > Apple Intelligence & Siri
  2. Scroll to Apps
  3. Toggle off Learn from this App for sensitive apps

16. Wi-Fi Aware & Network Security (NEW in iOS 26)

Wi-Fi Aware

A new peer-to-peer networking framework allowing secure connections without access points:

  • Direct encrypted links between devices
  • Ideal for file transfers, gaming, media streaming
  • No internet connection required
  • Third-party apps can use this for secure local sharing

Post-Quantum Cryptography (iOS 26)

iOS 26 adds hybrid post-quantum key exchange to TLS connections:

  • Pairs classic elliptic curve math with lattice-based schemes
  • Protects current data against future quantum computing threats
  • Works automatically with Apple’s networking frameworks

Captive Assist

When you connect to public Wi-Fi by filling out a form, iOS 26 can automatically share that form information with your other Apple devices, making it easier to connect securely.

17. Wired Accessories Security (NEW in iOS 26)

Enhanced USB-C/Lightning Port Security

iOS 26 gives you explicit control over what happens when accessories connect:

How to configure:

  1. Go to Settings > Face ID & Passcode
  2. Scroll to Accessories
  3. Choose behavior:
    • Allow when unlocked (default)
    • Always ask
    • Never allow

Why This Matters

  • Malicious cables can extract data while appearing to charge
  • Compromised chargers in public places pose real risks
  • You now get immediate notification when a cable tries to do more than charge
  • Stops “juice jacking” attacks at airports, hotels, and other public charging stations

18. AirDrop Security (NEW in iOS 26.2)

One-Time AirDrop Codes

iOS 26.2 introduces secure codes for sharing with unknown contacts:

How it works:

  1. When sharing with someone not in your contacts, generate a temporary code
  2. The receiver displays the code on their device
  3. Sender enters the code to complete transfer
  4. Code is valid for 30 days for that contact

Tighter Proximity Detection

AirDrop now shows only devices within close physical proximity, reducing:

  • Accidental transfers
  • Unsolicited content (“AirDrop spam”)
  • Faster peer-to-peer connections in crowded areas

19. Additional Security Recommendations

Lock Screen Security

Disable Control Center from lock screen:

  1. Go to Settings > Face ID & Passcode
  2. Under Allow Access When Locked, toggle off:
    • Control Center
    • Notification Center
    • USB Accessories

Automatic Software Updates

  1. Go to Settings > General > Software Update
  2. Tap Automatic Updates
  3. Enable all options including Security Responses & System Files

Lock Screen Notifications

  1. Go to Settings > Notifications > Show Previews
  2. Select When Unlocked or Never

Liquid Glass Opacity (iOS 26)

For better readability and reduced glare:

  1. Go to Settings > Display & Brightness > Liquid Glass
  2. Choose Clear (sharper) or Tinted (softer, less glare)

Restart After Security Updates

After installing iOS 26.2 or any security update, restart your device. Some spyware lives only in volatile memory and is cleared by a reboot.

Erase Data After Failed Attempts

  1. Go to Settings > Face ID & Passcode
  2. Enable Erase Data (erases after 10 failed passcode attempts)

Quick Reference: Essential Settings Checklist

SettingLocationRecommended
Face ID/Touch IDSettings > Face ID & Passcode✅ Enable
Strong PasscodeSettings > Face ID & Passcode✅ Alphanumeric
Two-Factor AuthenticationSettings > [Name] > Sign-In & Security✅ Enable
Stolen Device ProtectionSettings > Face ID & Passcode✅ Enable
App TrackingSettings > Privacy & Security > Tracking❌ Disable
Advanced Tracking ProtectionSettings > Apps > Safari > Advanced✅ All Browsing
Mail PrivacySettings > Apps > Mail > Privacy Protection✅ Enable
Advanced Data ProtectionSettings > [Name] > iCloud > Advanced Data Protection✅ Enable
Find MySettings > [Name] > Find My✅ Enable
Automatic UpdatesSettings > General > Software Update✅ Enable
Wired AccessoriesSettings > Face ID & Passcode > Accessories⚙️ Always Ask
Lock Screen PreviewsSettings > Notifications > Show Previews⚙️ When Unlocked

Conclusion

iOS 26.2 represents Apple’s most comprehensive security and privacy update to date. Key priorities:

  1. Update to iOS 26.2 immediately – Patches actively exploited zero-day vulnerabilities
  2. Enable lockdown mode – Prevents sophisticated spyware attacks
  3. Enable Stolen Device Protection – Prevents thieves from accessing data even with your passcode
  4. Turn on Advanced Data Protection – End-to-end encrypts your iCloud data
  5. Enable Advanced Tracking Protection for All Browsing – Major anti-fingerprinting improvement
  6. Configure Wired Accessories security – Protects against malicious charging cables
  7. Use Passkeys – Let iOS 26 automatically upgrade your passwords to phishing-resistant passkeys
  8. Restart after updates – Clears memory-resident threats

By configuring these settings, you significantly strengthen your privacy and security against both common and sophisticated threats.

Last updated: January 29, 2026 | Applies to iOS 26.2.1 Device requirements: iPhone 11 or later (A13 Bionic chip minimum) AirTag (2nd Generation) requires iOS 26.2.1

Android 16 Security and Privacy Settings Guide

A comprehensive guide to configuring security and privacy settings on Android 16 to protect your personal data and secure your device.

Table of Contents

  1. What’s New in Android 16
  2. Advanced Protection Mode
  3. Device Authentication
  4. Identity Check
  5. Theft Protection
  6. App Permissions
  7. Location Services
  8. Private Space
  9. Google Play Protect
  10. Google Password Manager & Passkeys
  11. Scam & Spam Protection
  12. Network Security
  13. USB Protection
  14. Find My Device
  15. Advertising & Tracking Controls
  16. Google Account Privacy
  17. Chrome & Browser Privacy
  18. Additional Security Recommendations

What’s New in Android 16

Android 16, released in June 2025, represents Google’s most significant security update, featuring a comprehensive “Advanced Protection Mode” that consolidates multiple security features into one easy toggle.

Major Security & Privacy Additions

  • Advanced Protection Mode – One-tap activation of all major security features
  • Identity Check – Biometric authentication required for sensitive settings when away from trusted locations
  • AI-Powered Privacy Controls – Contextual permission management based on usage patterns
  • Enhanced Theft Protection – Theft Detection Lock, Offline Device Lock, Inactivity Reboot
  • Intrusion Logging – Encrypted activity logs for post-breach analysis (coming in QPR3, March 2026)
  • USB Protection – Default charging-only mode when locked
  • Improved Scam Detection – Real-time AI-powered scam call and message protection
  • Enhanced Factory Reset Protection – Stolen devices become harder to use
  • Trade-in Mode – Secure device preparation for resale
  • Fixed Approximate Location – Prevents apps from inferring precise location through workarounds
  • Local Network Protection – New runtime permission for local network access
  • Restore Credentials – Seamless passkey migration to new devices

Device Requirements

  • Android 16 stable released June 2025
  • Available on Google Pixel and expanding to other manufacturers
  • Some features require specific hardware (e.g., motion sensors for Theft Detection Lock)

1. Advanced Protection Mode

Advanced Protection Mode is Android 16’s flagship security feature—a single toggle that activates Google’s strongest device protections.

What It Enables

Device Security:

  • Theft Detection Lock (AI-powered theft detection)
  • Offline Device Lock (locks when disconnected)
  • Inactivity Reboot (restarts after 72 hours locked)
  • USB Protection (charging-only when locked)

App Security:

  • Google Play Protect (cannot be disabled)
  • Blocks installation from unknown sources
  • Android Safe Browsing

Network Security:

  • Disables 2G connections
  • Blocks auto-reconnect to insecure networks
  • Forces HTTPS in Chrome

Communication Protection:

  • Scam Detection in Phone app
  • Spam filtering in Google Messages
  • Unsafe link warnings

Coming Soon:

  • Intrusion Logging (encrypted activity logs)
  • Enhanced app permission controls

How to Enable

  1. Open Settings
  2. Tap Security & Privacy
  3. Tap Advanced Protection
  4. Toggle on Device Protection
  5. Tap Turn on and then Restart

Who Should Use It

  • Journalists, activists, public figures
  • Anyone wanting maximum protection
  • Users who don’t need to sideload apps

Considerations

  • Cannot sideload apps from unknown sources
  • JavaScript optimizer disabled in Chrome (may break some websites)
  • Some call screening may flag legitimate calls
  • Easy to turn on/off, so no harm in trying

2. Device Authentication

Screen Lock Options

Android 16 supports multiple screen lock methods:

How to configure:

  1. Go to Settings > Security & Privacy > Device Unlock > Screen Lock
  2. Choose your lock type:
    • PIN – 6+ digits recommended
    • Password – Most secure (alphanumeric)
    • Pattern – Less secure, avoid simple patterns
    • Fingerprint – Convenient biometric
    • Face Unlock – Available on supported devices

Best Practice: Use a PIN with 6+ digits or an alphanumeric password. Add fingerprint for convenience.

Two-Factor Authentication (2FA) for Google Account

How to enable:

  1. Go to Settings > Google > Manage your Google Account
  2. Tap Security
  3. Under “How you sign in to Google,” tap 2-Step Verification
  4. Follow setup instructions
  5. Add multiple verification methods (authenticator app, backup codes, security key)

Biometric Settings

  1. Go to Settings > Security & Privacy > Device Unlock > Fingerprint (or Face Unlock)
  2. Add your biometrics
  3. Configure what biometrics can unlock (device, apps, payments)

3. Identity Check

Identity Check requires biometric authentication for sensitive actions when you’re away from trusted locations—similar to iOS’s Stolen Device Protection.

What It Protects

When outside trusted locations, biometric authentication is required for:

  • Changing device PIN or password
  • Changing biometric settings
  • Disabling theft protection
  • Accessing passkeys
  • Factory resetting the device
  • Changing Google Account settings

How to Enable

  1. Go to Settings > Security & Privacy > Device Unlock > Theft Protection
  2. Tap Identity Check
  3. Follow setup instructions
  4. Add trusted locations (home, work)

Requirements

  • Android 16 on supported devices (Pixel, Samsung One UI 7, others)
  • Screen lock and biometrics enabled
  • Location services enabled

Best Practice

  • Only add truly trusted private locations
  • Never add public places as trusted locations

4. Theft Protection

Android 16 consolidates multiple theft protection features.

Theft Detection Lock

Uses AI and device sensors to detect if someone snatches your phone and runs.

How to enable:

  1. Go to Settings > Google > All services > Theft Protection
  2. Toggle on Theft Detection Lock

How it works:

  • Monitors motion sensors, Wi-Fi, and Bluetooth
  • Automatically locks screen if theft is detected
  • Won’t trigger during stable connections

Offline Device Lock

Automatically locks your device if it goes offline (thief turns off internet).

How to enable:

  1. Go to Settings > Google > All services > Theft Protection
  2. Toggle on Offline Device Lock

Failed Authentication Lock

Locks device after repeated failed unlock attempts.

How to enable:

  1. Go to Settings > Google > All services > Theft Protection
  2. Toggle on Failed Authentication Lock (may be on by default)

Inactivity Reboot

Automatically restarts device after 72 hours of being locked, making data unreadable until fresh unlock.

Enabled automatically with Advanced Protection

Remote Lock

Lock your device remotely via Find My Device with security challenge question.

Factory Reset Protection

Enhanced in Android 16 to restrict all functions on devices reset without authorization.

5. App Permissions

Permission Manager

Review and control what data apps can access:

  1. Go to Settings > Security & Privacy > Privacy Controls > Permission Manager
  2. Review each category:
    • Location
    • Camera
    • Microphone
    • Contacts
    • Files and media
    • Calendar
    • Phone
    • SMS
    • Body sensors / Health
    • Nearby devices

Permission Options

For each app, you can choose:

  • Allow all the time – Background access (use sparingly)
  • Allow only while using the app – Access only when app is open
  • Ask every time – Prompts each use
  • Don’t allow – No access

One-Time Permissions

For camera, microphone, and location, you can grant one-time access that revokes when you close the app.

Auto-Reset Unused App Permissions

Android automatically resets permissions for apps you haven’t used in a while.

  1. Go to Settings > Apps > [App name] > Permissions
  2. Ensure Pause app activity if unused is enabled

AI-Powered Permission Controls (Android 16)

Android 16 introduces contextual permission management:

  • System evaluates if permission requests match your usage patterns
  • Unusual requests (e.g., location at midnight) may trigger additional confirmation
  • Detailed permission logs explain automated decisions

Local Network Protection (New in Android 16)

Apps now need explicit permission to access your local network (smart home devices, etc.):

  1. Go to Settings > Security & Privacy > Privacy Controls > Permission Manager
  2. Review Nearby devices and Local network permissions

6. Location Services

Global Location Settings

  1. Go to Settings > Location
  2. Toggle Use location on or off

Per-App Location Permissions

  1. Go to Settings > Location > App location permissions
  2. For each app, choose:
    • Allowed all the time
    • Allowed only while using
    • Ask every time
    • Not allowed

Precise vs. Approximate Location

Android 16 fixes a flaw that allowed apps to infer precise location even with approximate permission.

How to configure:

  1. Go to Settings > Location > App location permissions > [App]
  2. Toggle Use precise location off for apps that don’t need exact coordinates

Location History

  1. Go to Settings > Google > Manage your Google Account > Data & privacy
  2. Under “History settings,” review Location History
  3. Turn off or set auto-delete (3 months, 18 months, 36 months)

7. Private Space

Private Space lets you hide and secure sensitive apps behind a separate authentication.

Features

  • Hidden apps in a separate space
  • Separate Google account for private apps
  • Requires PIN/biometric to access
  • Apps don’t appear in app drawer, search, or notifications

How to Set Up

  1. Go to Settings > Security & Privacy > Private Space
  2. Follow setup instructions
  3. Create or sign into a Google account for Private Space
  4. Set up lock (PIN, pattern, or password)

Adding Apps to Private Space

  1. Open Private Space (swipe up and scroll to bottom of app list)
  2. Tap Install apps
  3. Install or move apps to Private Space

Best Practice

Use Private Space for:

  • Banking and financial apps
  • Personal health apps
  • Sensitive documents
  • Apps you want to keep private

8. Google Play Protect

Play Protect scans your device for harmful apps.

Features

  • Automatic app scanning
  • Real-time threat protection
  • Identifies harmful apps and malware
  • Cannot be disabled when Advanced Protection is on

How to Check Status

  1. Open Google Play Store
  2. Tap your profile icon
  3. Tap Play Protect
  4. Tap Scan to run manual scan

Settings

  1. In Play Protect, tap Settings (gear icon)
  2. Ensure Scan apps with Play Protect is on
  3. Enable Improve harmful app detection to send unknown apps to Google

Live Threat Protection (Android 16)

Enhanced scanning detects apps that:

  • Change their icon to hide
  • Attempt to evade detection
  • Show malicious behavior

Available on Pixel 6+ and newer devices from other manufacturers.

9. Google Password Manager & Passkeys

Google Password Manager

Built-in password manager that syncs across devices.

How to access:

  1. Go to Settings
  2. Search for Password Manager
  3. Or open the Passwords app

Features:

  • Save and autofill passwords
  • Generate strong passwords
  • Password checkup (finds weak, reused, compromised passwords)
  • Syncs to Google Account

Passkeys

Passkeys are phishing-resistant replacements for passwords.

Benefits:

  • More secure than passwords
  • Cannot be phished
  • Synced across devices via Google Password Manager
  • Authenticate with fingerprint, face, or PIN

How to use passkeys:

  1. When a site/app supports passkeys, you’ll be prompted to create one
  2. Confirm with your screen lock (fingerprint, face, PIN)
  3. Passkey is saved to Google Password Manager
  4. Sign in using your device’s biometric/PIN

Automatic Passkey Creation (Android 16):

  • When you sign in with a password, Android can automatically create a passkey for future use

Restore Credentials (Android 16):

  • When setting up a new device, passkeys and app credentials transfer automatically

Settings

  1. Go to Settings > Passwords, passkeys & accounts
  2. Configure your password manager
  3. Enable Offer to save passwords
  4. Enable Automatically create a passkey to sign in faster

10. Scam & Spam Protection

In-Call Protection (Android 16)

Blocks dangerous actions during calls with non-contacts:

  • Cannot sideload apps for the first time
  • Cannot disable Google Play Protect
  • Cannot grant accessibility permissions
  • Screen-sharing reminder when call ends

Scam Detection in Phone App

AI-powered real-time scam detection warns you during suspicious calls.

Types detected:

  • Package delivery scams
  • Job-seeking scams
  • Toll road and billing scams
  • Crypto scams
  • Financial impersonation
  • Gift card and prize scams
  • Tech support scams

How to enable:

  1. Open Phone app
  2. Tap More (⋮) > Settings > Caller ID & spam
  3. Enable See caller and spam ID
  4. Enable Filter spam calls

Scam Detection in Messages

Detects suspicious conversation patterns and unsafe links.

How to enable:

  1. Open Messages app
  2. Tap More (⋮) > Settings > Spam protection
  3. Enable Enable spam protection

OTP Protection (Android 16)

One-time passwords won’t show on lock screen for devices that:

  • Haven’t been recently unlocked
  • Aren’t connected to known Wi-Fi

11. Network Security

Disable 2G

2G networks are vulnerable to interception and cell site simulators.

How to disable (if not using Advanced Protection):

  1. Go to Settings > Network & internet > SIMs > [Your SIM]
  2. Toggle off Allow 2G

Wi-Fi Security

Disable auto-join for insecure networks:

  1. Go to Settings > Network & internet > Internet
  2. Tap Network preferences
  3. Disable Connect to open networks

Forget insecure networks:

  1. Go to Settings > Network & internet > Internet > Saved networks
  2. Remove networks you don’t trust

VPN

Use a VPN on public Wi-Fi:

  1. Go to Settings > Network & internet > VPN
  2. Configure your VPN provider

DNS Settings

Use encrypted DNS:

  1. Go to Settings > Network & internet > Private DNS
  2. Select Private DNS provider hostname
  3. Enter a provider (e.g., dns.google or cloudflare-dns.com)

12. USB Protection

Android 16 defaults USB connections to charging-only when locked.

Features

  • Prevents data transfer via USB when device is locked
  • Protects against “juice jacking” attacks at public charging stations
  • Blocks physical data extraction attempts

How It Works

When Advanced Protection is enabled:

  • USB defaults to charging-only when locked
  • Must unlock device to enable data transfer

Manual Configuration

  1. Go to Settings > Connected devices > USB
  2. When connected, choose Charging only unless you need data transfer

13. Find My Device

How to Enable

  1. Go to Settings > Security & Privacy > Find My Device
  2. Toggle on Use Find My Device
  3. Ensure location is enabled

Features

  • Locate your device on a map
  • Play sound to find nearby device
  • Secure device (lock with message)
  • Erase device remotely
  • Locate offline devices using nearby Android devices

Find My Device Network

Android can find your device even when offline using Bluetooth signals from nearby Android devices.

  1. Go to Settings > Google > All services > Find My Device
  2. Toggle on Find your offline devices

Using Find My Device

  1. Go to android.com/find or use Find My Device app on another device
  2. Sign in with your Google Account
  3. Select your device
  4. Choose action: Locate, Play Sound, Secure Device, Erase Device

14. Advertising & Tracking Controls

Delete Advertising ID

Disabling AAID makes it harder for advertisers to track you.

How to delete:

  1. Go to Settings > Security & Privacy > Privacy Controls > Ads
  2. Tap Delete advertising ID
  3. Confirm

Disable Personalized Ads

  1. Go to Settings > Google > Ads
  2. Toggle off Opt out of Ads Personalization

Unknown Tracker Alerts

Android detects unfamiliar tracking devices (like AirTags) moving with you.

How to check:

  1. Go to Settings > Security & Privacy > More security & privacy > Unknown tracker alerts
  2. Ensure it’s enabled

15. Google Account Privacy

Privacy Checkup

  1. Go to Settings > Google > Manage your Google Account
  2. Tap Data & privacy
  3. Tap Review your privacy settings

Activity Controls

Control what Google saves about your activity:

  1. Go to Settings > Google > Manage your Google Account > Data & privacy
  2. Under “History settings,” review:
    • Web & App Activity – Search and app activity
    • Location History – Places you’ve been
    • YouTube History – Videos watched

For each:

  • Turn off to stop saving
  • Enable auto-delete (3, 18, or 36 months)

Privacy Dashboard

View recent permission usage:

  1. Go to Settings > Security & Privacy > Privacy Controls > Privacy dashboard
  2. See which apps accessed location, camera, microphone in last 24 hours

16. Chrome & Browser Privacy

Safe Browsing

Enable Enhanced Protection:

  1. Open Chrome
  2. Tap More (⋮) > Settings > Privacy and security > Safe Browsing
  3. Select Enhanced protection

Privacy Settings

  1. Open Chrome > Settings > Privacy and security
  2. Configure:
    • Clear browsing data – Regularly clear history, cookies, cache
    • Always use secure connections – Forces HTTPS
    • Do Not Track – Send request to sites (limited effectiveness)
    • Preload pages – Disable for more privacy

Incognito Mode

For private browsing:

  1. Open Chrome
  2. Tap More (⋮) > New Incognito tab

Note: Incognito doesn’t make you anonymous—your ISP and websites can still see your activity.

Third-Party Cookies

  1. Go to Chrome > Settings > Site settings > Cookies
  2. Select Block third-party cookies

17. Additional Security Recommendations

Software Updates

  1. Go to Settings > System > Software update
  2. Enable automatic updates
  3. Install security patches promptly

Lock Screen Notifications

  1. Go to Settings > Notifications > Notifications on lock screen
  2. Choose Show sensitive content only when unlocked or Don’t show any notifications

App Installation from Unknown Sources

  1. Go to Settings > Apps > Special app access > Install unknown apps
  2. Ensure all apps show Not allowed
  3. Only enable temporarily when needed, then disable

Backup Encryption

  1. Go to Settings > Google > Backup
  2. Ensure Backup by Google One is on
  3. Backups are encrypted with your screen lock

SIM Lock

  1. Go to Settings > Security & Privacy > More security & privacy > SIM lock
  2. Toggle on Lock SIM
  3. Set a PIN (different from screen lock)

Repair Mode (Android 16)

Securely prepare device for repair without exposing data:

  1. Go to Settings > System > Repair Mode
  2. Follow instructions to wipe data while allowing hardware diagnostics

Trade-in Mode (Android 16)

Safely prepare device for resale:

  1. Go to Settings > System > Trade-in Mode
  2. Allows buyer to test hardware without accessing personal data

Quick Reference: Essential Settings Checklist

SettingLocationRecommended
Advanced ProtectionSettings > Security & Privacy > Advanced Protection✅ Enable
Strong Screen LockSettings > Security & Privacy > Device Unlock✅ PIN 6+ digits or password
Two-Factor AuthenticationGoogle Account > Security✅ Enable
Identity CheckSettings > Security & Privacy > Theft Protection✅ Enable
Theft Detection LockSettings > Google > Theft Protection✅ Enable
Play ProtectPlay Store > Play Protect✅ Ensure active
PasskeysSettings > Passwords, passkeys & accounts✅ Use where available
App PermissionsSettings > Security & Privacy > Permission Manager⚙️ Review regularly
LocationSettings > Location > App permissions⚙️ Minimize “All the time”
Advertising IDSettings > Security & Privacy > Ads❌ Delete
2GSettings > Network & internet > SIMs❌ Disable
Find My DeviceSettings > Security & Privacy > Find My Device✅ Enable
Unknown SourcesSettings > Apps > Install unknown apps❌ Disable all
Lock Screen NotificationsSettings > Notifications⚙️ Hide sensitive

Conclusion

Android 16 represents Google’s most comprehensive security update, with Advanced Protection Mode making it easy to enable maximum security with one toggle. Key priorities:

  1. Enable Advanced Protection Mode – Activates all major security features at once
  2. Set up Identity Check – Protects sensitive settings when away from trusted locations
  3. Enable Theft Protection features – Theft Detection Lock, Offline Device Lock, Remote Lock
  4. Use Passkeys – More secure than passwords, phishing-resistant
  5. Review app permissions regularly – Revoke unnecessary access
  6. Delete your Advertising ID – Reduces tracking
  7. Keep software updated – Security patches are critical

By configuring these settings, you significantly strengthen your privacy and security against both common threats and sophisticated attacks.

Last updated: January 2026 | Applies to Android 16 Note: Settings may vary slightly by device manufacturer (Pixel, Samsung, etc.)