I run a women's health practice in Honolulu, and I've seen how much sensitive health information patients share through their phones--appointment reminders, test results, and telehealth visits. After a patient told me her ex accessed her medical records through her open uped iPhone, I started including basic privacy guidance in our wellness discussions. **1. App Tracking Transparency (Settings - Privacy & Security - Tracking)**: Turn off "Allow Apps to Request to Track." Health apps, period trackers, and even restaurant apps don't need to follow you across the web. One patient finded her fertility app was sharing data with advertisers--that's your most private information being sold. **2. Location Services (Settings - Privacy & Security - Location Services)**: Set most apps to "While Using" instead of "Always." Your phone doesn't need to log every visit to your gynecologist's office or pharmacy. I recommend patients especially restrict this for social media apps. **3. Health app lock (Settings - Face ID & Passcode - Health)**: Enable Face ID for the Health app specifically. Many women store sensitive data here--pregnancy tracking, mental health logs, medications. It adds a critical extra layer if someone grabs your open uped phone. **4. Safari privacy settings (Settings - Safari - Hide IP Address)**: Turn this on so websites can't track your browsing. When patients research symptoms or conditions online, that search history shouldn't follow them around with targeted ads about yeast infections or menopause treatments.
I've spent 40+ years handling personal injury cases, and I can tell you--what people post, share, or leave accessible on their phones has torpedoed more claims than bad driving records. Insurance adjusters *love* mining your device data to deny or lowball settlements. **Four settings I now tell every client to lock down immediately:** First, disable Siri suggestions and search under Settings > Siri & Search--it logs your app usage patterns and can reveal contradictory activity (we lost leverage in a "too injured to work" case when Siri data showed hours of active gaming apps daily). Second, turn off "Share My Location" entirely under Settings > Privacy & Security > Location Services > Share My Location--I've seen defense attorneys subpoena location history to disprove a client was at the accident scene. Third, disable automatic photo uploads to shared albums or iCloud links--one client's beach photos auto-shared to family while claiming debilitating back pain. Fourth, turn off Lock Screen notifications under Settings > Notifications--sensitive texts from doctors or attorneys shouldn't display when your phone's sitting on a table during a deposition break. In slip-and-fall and wrongful death cases, we've documented over 40,000 injury matters, and the pattern is clear: your own phone becomes exhibit A against you if you're not careful. One DUI victim's family nearly lost a wrongful death claim because the defendant's lawyer pulled the victim's "FindMy" data suggesting erratic movement before impact--it was GPS drift, but we spent months fighting it.
I built NanoLisse after watching the skincare industry overcomplicate everything, and that same philosophy applies to privacy--simpler is usually safer. Here are four settings that actually matter for protecting your daily data without paranoia: **First, go to Settings > Privacy & Security > Location Services and switch it to "While Using" instead of "Always" for every app.** Most skincare and shopping apps don't need to track where you are 24/7, but they'll grab that data to build purchase profiles and sell to advertisers. I noticed our own app partners were requesting "Always" by default even though they only needed location during checkout. **Second, disable Settings > Privacy & Security > Tracking > Allow Apps to Request to Track.** When we ran our first ad campaigns, I saw how much customer data these tracking pixels actually collect--not just what you buy, but when you browse, what you almost bought, even how long you stared at a product photo. That data gets sold to dozens of brokers you've never heard of. **Third, turn off Settings > [Your Name] > iCloud > Show All > Safari and disable Safari syncing if you share devices or accounts.** I learned this the hard way when my business partner's teenager could see every skincare ingredient I'd been researching because we shared an iCloud family plan. Your search history reveals more about your health and concerns than you'd ever post publicly. **Fourth, go to Settings > Face ID & Passcode and disable "USB Accessories" when locked.** This prevents data extraction tools from pulling your information if your phone gets lost at a gym or coffee shop--which happened to one of our early customers who had all her payment info compromised from a phone she thought was just stolen, not data-mined.
I run a men's health clinic in Providence where we handle incredibly sensitive patient data--testosterone levels, erectile dysfunction treatments, STI results. After 17 years in practice, I've seen what happens when this information leaks: destroyed marriages, workplace discrimination, insurance complications. The first thing I tell every patient is to turn off app tracking transparency exceptions (Settings > Privacy & Security > Tracking > Allow Apps to Request to Track: OFF). Health apps love selling your search history around ED or low-T to data brokers, and I've had patients get targeted ads for our services show up on family iPads. Second critical one: disable location services for health apps unless absolutely necessary (Settings > Privacy & Security > Location Services). We had a patient whose wife finded he was visiting our clinic because his Health app was logging the Richmond Square address every week. For fertility treatments or STI testing, location history can reveal things people aren't ready to share. Set everything to "Never" or "While Using" at minimum. Third, review which apps have access to your Photos (Settings > Privacy & Security > Photos). Patients often photograph insurance cards, prescriptions, or lab results and forget. I've seen cases where cloud backup services or photo-editing apps uploaded these to unsecured servers. One patient had his testosterone prescription details exposed when a "free photo improver" app harvested his camera roll--it showed up in a data breach six months later. Fourth, turn on Advanced Data Protection for iCloud (Settings > [your name] > iCloud > Advanced Data Protection). Most people don't realize Apple can technically access your iCloud health data by default. We work with partners whose hormone levels and injection schedules sync through Health app--if that data isn't end-to-end encrypted, it's vulnerable during transmission or if Apple gets a subpoena.
Running a dental practice in Houston, I handle sensitive patient information daily--insurance details, medical histories, payment data. We've had patients whose phones were compromised, and suddenly their health records were exposed because of poor privacy settings. Here's what I tell every patient who syncs health apps or stores insurance cards on their iPhone. First, disable location tracking for apps that don't need it (Settings > Privacy & Security > Location Services). Your dental insurance app doesn't need to know where you are 24/7, but many track your movements and sell that data. Second, turn off ad personalization (Settings > Privacy & Security > Apple Advertising > Personalized Ads: Off)--I had a patient whose dental anxiety searches started showing up in ads visible to coworkers. Third, review app permissions regularly (Settings > Privacy & Security)--delete access for apps you don't use anymore, especially photo access where people often screenshot insurance cards or prescriptions. Fourth, enable "Require Face ID" for sensitive apps individually through Screen Time settings. One patient's kid grabbed their open uped phone and accidentally shared their entire photo library--including dental X-rays and treatment cost estimates--to a group chat. These aren't hypothetical; I see the aftermath when patients' private health information gets leaked because they assumed their phone was secure by default. The biggest mistake I see is people thinking Face ID alone protects everything. Your phone might be locked, but individual apps can still leak data through notifications, widgets, or background activity if you haven't locked down those specific permissions.
As a gastroenterologist, I handle incredibly sensitive health data daily--colonoscopy reports, biopsy results, medication lists that patients photograph and text to our office. One data breach could expose someone's entire medical history, which is why I've become obsessive about phone security for both my practice and patients. **Four settings I actually changed after a close call:** First, disable Siri on the lock screen (Settings > Face ID & Passcode > Allow Access When Locked > Siri > Off)--voice assistants will read your messages and emails out loud to anyone who asks, and I watched a patient's full prescription list get announced in our waiting room when their phone responded to someone else's "Hey Siri." Second, turn off automatic iCloud backup for Health app data (Settings > [Your Name] > iCloud > Health > Off)--your medical conditions, medications, and even steps tracked can paint a detailed picture of your health status that's sitting in cloud storage. Third, disable Control Center access from lock screen (Settings > Face ID & Passcode > Control Center > Off)--people don't realize you can turn on screen recording or access cameras without open uping the phone. Fourth, set apps to require Face ID for opening (Settings > Face ID & Passcode > Other Apps)--banking apps, health apps, and photo apps should need authentication every single time, not stay logged in. The wake-up call for me was when a patient accidentally AirDropped their entire endoscopy report with personal health details to someone in our parking lot while trying to send it to their spouse. That metadata and sharing capability is enabled by default, and most people have no idea how much information is one tap away from being public.
Hey, running an auto body shop means we handle customer data constantly--insurance claims, personal info, photos of damaged vehicles--so I've learned a lot about data protection the hard way after a customer's phone was stolen from their car during repairs and used to file fraudulent insurance claims. **First, Settings > Screen Time > Content & Privacy Restrictions > Location Services > System Services and disable "Significant Locations."** Your iPhone secretly keeps a detailed history of everywhere you go regularly--your home, work, gym, even your mechanic. We finded this when helping a customer file a police report; turns out her phone had logged every location she visited before her car was broken into at a specific parking lot she frequented. **Second, Settings > Photos and disable "Shared Albums" if you use it.** One of our customers had all their accident scene photos automatically uploaded to a shared album with their ex-spouse who then used those images against them in a custody dispute. Those photos included license plates, addresses, and timestamps that revealed way more than intended. **Third, Settings > Privacy & Security > Analytics & Improvements and turn off all the toggles.** Apple collects crash reports and usage data that include surprising details--we saw this when a customer's insurance company requested their phone data for a claim, and the analytics showed they were using their phone right before an accident based on app crash timestamps. **Fourth, Settings > Passwords > Password Options and disable "AutoFill Passwords."** After someone's phone was left in their car during bodywork, our tech accidentally triggered an autofill that showed their insurance portal login--made me realize how easily someone could access your entire digital life through one open uped moment.
I've handled dozens of cases where someone's iPhone became evidence in legal disputes--divorce, custody battles, business litigation--and what surprises most people is that the biggest privacy risk isn't hackers, it's your own backup data. Here are four settings that actually matter when your data ends up in court or the wrong hands: **First, go to Settings > Messages > Keep Messages and change it from "Forever" to "30 Days."** In my 40 years practicing law, I've seen more legal cases won or lost based on old text messages than almost anything else. One divorce client had a joke from three years ago used against her in custody proceedings because her iPhone had kept every single message since 2019. **Second, disable Settings > Photos > Shared Albums if you've ever created them with an ex-partner or former business associate.** I had a business dissolution case where the opposing party was still uploading to a shared album my client forgot existed--they were literally watching his new venture unfold in real-time through photos he didn't even know were being shared. **Third, turn on Settings > Screen Time > Use Screen Time Passcode, then enable "Content & Privacy Restrictions."** This isn't just for kids--it prevents someone who gets your phone passcode (spouse, employee, whoever) from changing your Apple ID password and locking you out of your own accounts. I saw this happen to a small business owner whose bookkeeper changed the owner's Apple ID and held the company's financial records hostage. **Fourth, go to Settings > [Your Name] > Find My > Share My Location and audit who's on that list every few months.** I've worked with clients who forgot they were sharing location with a former employee, old roommate, or ex-relationship from years ago--people who suddenly had proof of everywhere they'd been when it became relevant in legal proceedings.
I'm a personal injury attorney who's handled dozens of distracted driving cases, and I've seen how phone data becomes critical evidence after accidents. The settings most people miss aren't just about privacy--they can literally determine liability in a crash. **Four settings to adjust:** First, turn off Location Services for social media apps (Settings > Privacy & Security > Location Services)--I've seen cases where Snapchat's speed filter data proved drivers were racing at 90+ mph before a collision. Second, disable app tracking (Settings > Privacy & Security > Tracking > Allow Apps to Request to Track: OFF)--insurance companies subpoena this data to prove you were using apps while driving. Third, review which apps have access to your photos (Settings > Privacy & Security > Photos)--we had a case where metadata from a photo posted seconds before a crash proved the driver was on their phone. Fourth, turn off "Share My Location" except for essential contacts (Settings > Privacy & Security > Location Services > Share My Location)--this prevents apps from creating minute-by-minute movement records that become evidence. After handling the Christal McGee case where Snapchat's speed filter was used during a crash, I've seen how every app permission becomes a potential liability. One client lost their case because their iPhone showed they'd opened Instagram 30 seconds before impact--data they didn't even know was being recorded. These settings aren't just about privacy anymore. In Florida, where we saw that 43% increase in crash fatalities, your phone's data trail can mean the difference between winning or losing a personal injury claim worth hundreds of thousands of dollars.
Managing IoT construction projects and IT implementations for entities like the City of San Antonio and University Health Systems taught me that the biggest security holes aren't technical--they're in default settings nobody thinks to change. After seeing LinkedIn accounts hijacked at 5000% higher rates in 2023 and tracking how only 33% of people change passwords after breaches, I've become militant about iPhone settings that stop data leaks before they happen. **Four settings I force every employee at VIA Technology to change:** First, disable Location Services for apps that don't need it (Settings > Privacy & Security > Location Services)--we finded sales reps were leaking client visit patterns because fitness apps were tracking every building they entered. Second, turn off ad tracking and app tracking (Settings > Privacy & Security > Tracking > Allow Apps to Request to Track > Off)--those 23 Android apps we covered that leaked 100M users' data all exploited similar tracking permissions. Third, disable USB Accessories when locked (Settings > Face ID & Passcode > USB Accessories > Off)--this stops data extraction tools that law enforcement and criminals both use. Fourth, review which apps have access to your Photos (Settings > Privacy & Security > Photos) and switch everything possible to "Selected Photos" instead of "Full Access"--remember that Screen Recorder app with 10M downloads that stored everyone's screenshots in exposed cloud storage? The wake-up call for us was managing HMIS data for San Antonio's homeless population--one leaked location history or photo could literally endanger lives. Most people don't realize their iPhone is broadcasting their entire life story through permissions they granted years ago and forgot about.
I run an addiction recovery centre, and I've seen how privacy breaches during vulnerable moments can derail someone's recovery journey. When clients are researching help for alcohol problems or attending virtual support sessions, the last thing they need is that data leaking to employers, insurance companies, or even well-meaning family members who aren't ready to know. **First, disable Settings > Siri & Search > Learn from this App for your health, banking, and therapy apps.** One of my clients finded Siri was suggesting her AA meeting app right on her lock screen during a work presentation. Siri learns from everything you do and will helpfully surface your most "relevant" apps at exactly the wrong moments. **Second, turn off Settings > [Your Name] > Family Sharing > Purchase Sharing if you're in a family plan.** I had a client whose teenage daughter saw her mother had downloaded multiple sobriety apps through the shared purchase history, which forced a conversation the mum wasn't ready to have. Your app downloads reveal incredibly sensitive information about your mental health, finances, and personal struggles. **Third, go to Settings > Screen Time > Share Across Devices and disable it.** When someone is trying to establish healthy boundaries or distance themselves from toxic situations, having their phone usage and app activity visible across shared iPads or family devices undermines their privacy completely. I've watched families weaponize this data during custody disputes. **Fourth, check Settings > Passwords > Password Options and turn off AutoFill for sensitive accounts.** After nine years in recovery, I've learned that making things slightly harder to access--whether it's alcohol or your banking app--creates crucial pause moments that prevent impulsive decisions you'll regret.
Through my work at EnCompass handling IT security for businesses in the Cedar Rapids Corridor, I've seen how weak iPhone settings create real data breaches. We had a client lose $47K after their employee's work phone exposed company credentials through simple configuration gaps that most people ignore. First critical setting: Turn off VoiceOver password announcements (Settings > Accessibility > VoiceOver > Speech). Apple just patched a massive flaw where this feature was literally reading passwords out loud--we documented cases where login credentials were exposed in public spaces. Second, disable SMS preview on lock screen (Settings > Notifications > Show Previews: When Open uped). SMS Trojans that we tracked grew 614% in 2013 and still drain accounts by sending premium texts--if previews show verification codes, attackers nearby can steal them. Third, enable Login Notifications in iCloud settings so you get alerts when your Apple ID is accessed from unfamiliar devices. I caught three attempted breaches on my own account this way during tech conferences. Fourth, use App-Specific Passwords for third-party apps instead of your main Apple ID password (appleid.apple.com > Sign-In and Security). One compromised fitness app shouldn't hand over your entire iCloud. The pattern I see repeatedly: people assume their four-digit passcode protects everything, but individual services bleed data through poorly configured notification settings and authentication methods. Your phone's locked, but your data isn't.
Here's the reality from the trenches: I've dealt with over 1,000 business clients whose iPhones got compromised, and the damage usually comes from settings most people never touch. Let me give you four that actually matter based on what I've seen hackers exploit. First, turn off Safari AutoFill for credit cards and passwords (Settings > Safari > AutoFill). I had a client whose phone got a malicious pop-up that captured their stored card data without them typing anything--the AutoFill just handed it over. Second, disable Siri on the lock screen (Settings > Face ID & Passcode > Allow Access When Locked: Siri OFF). A hacker at a coffee shop asked someone's locked iPhone "Hey Siri, show me my recent messages" and got immediate access to their two-factor authentication codes. Third, turn off automatic app updates (Settings > App Store > App Updates: OFF). Sketchy app developers push malicious updates that suddenly request access to your contacts, photos, and microphone--I've seen legitimate apps get sold to bad actors who inject data harvesting code. Update manually so you can review what changed. Fourth, disable USB accessories when locked (Settings > Face ID & Passcode > USB Accessories: OFF). Police-grade hacking tools plug into your charging port--this setting blocks them completely. The CNET research I reference in our cybersecurity work shows 42% of users don't update their devices, but honestly, the bigger problem is people who DO update without checking what those updates are accessing. Your Face ID means nothing if apps are siphoning data in the background with permissions you granted months ago and forgot about.
I've spent 17+ years managing sensitive business data and leading tech implementations across multiple industries, which means I've seen how easily personal information gets compromised--usually through settings people don't even know exist. **Four settings I always configure:** First, disable location tracking for apps that don't need it (Settings > Privacy & Security > Location Services > scroll through each app)--most people don't realize social media apps are logging every coffee shop and gym visit, building detailed movement patterns that third parties can purchase. Second, turn off ad personalization and app tracking (Settings > Privacy & Security > Tracking > Allow Apps to Request to Track > Off)--this stops the data broker pipeline that sells your browsing habits to hundreds of companies. Third, review and revoke app permissions regularly (Settings > Privacy & Security > Photos/Contacts/Microphone)--I once audited my phone and found 14 apps with full photo library access that I'd used once months ago. Fourth, enable "Hide IP Address" for Safari and Mail (Settings > Safari > Hide IP Address > All Browsing)--your IP address reveals your location and browsing patterns to every website you visit. I learned this the hard way when managing vendor contracts--one supplier accidentally exposed how much personal data they were harvesting from mobile users, and it was staggering. Most of that collection happens because default iPhone settings prioritize convenience over privacy, and companies know most people never dig into those menus.
I've spent four decades protecting high-profile clients' reputations, and I can tell you that data breaches don't just come from hackers--they come from people you know scrolling through your photos at dinner parties. The settings nobody talks about are the social ones. First, disable Photo Location Services entirely for your Camera app (Settings > Privacy & Security > Location Services > Camera: Never). I've seen society figures get their private estate locations exposed because a single candid shot at home contained GPS coordinates that ended up in the wrong hands. Second, turn off Bluetooth findability (Settings > Bluetooth--only turn it on when actively pairing, then immediately off). At galas and events, I've witnessed people's iPhones broadcasting their device names to everyone nearby, and those names often include real names that become social engineering goldmines. Third, disable iCloud Photo Sharing's public links feature and review who has access to your shared albums (Settings > Photos > Shared Albums). A client finded their assistant had been accessing intimate family photos for months through an album share they'd forgotten about from years prior. Fourth, check Significant Locations (Settings > Privacy & Security > Location Services > System Services > Significant Locations). Your iPhone quietly builds a complete map of where you go regularly--your home, your gym, your therapist's office--and anyone who picks up your open uped phone can see your entire routine. The real threat isn't the sophisticated hack--it's the trusted friend who borrows your phone and suddenly knows too much about your life. These settings protect you from proximity threats, which in my experience cause far more damage than remote attacks.
After 17+ years in IT security and running Sundance Networks, I've seen what actually gets exploited in real-world breaches--and it's rarely what people expect. **Four settings I immediately change:** First, turn off "Significant Locations" tracking (Settings > Privacy & Security > Location Services > System Services > Significant Locations > Off)--this creates a detailed map of everywhere you go including your home, office, and daily patterns that gets stored on-device and synced to iCloud. Second, disable ad personalization and tracking (Settings > Privacy & Security > Tracking > Allow Apps to Request to Track > Off, plus Settings > Privacy & Security > Apple Advertising > Personalized Ads > Off)--most people don't realize Apple shares your activity data with advertisers by default. Third, review and revoke unnecessary app permissions monthly (Settings > Privacy & Security > then check Location Services, Camera, Microphone, Contacts)--I regularly find clients have given 30+ apps access to their contacts or location when only 5-7 actually need it. Fourth, enable "Lockdown Mode" for high-risk individuals (Settings > Privacy & Security > Lockdown Mode)--this disables message attachments, web fonts, and link previews that are common attack vectors. We had a client in the legal field who finded their iPhone had been tracking and storing their exact courthouse visit times, client meeting locations, and home address for three years in Significant Locations. When their phone was briefly stolen from their car, that data could have exposed client identities and case strategies. The feature was enabled by default, and they had no idea it existed until we did their security audit.
I've been dealing with the aftermath of mobile breaches at businesses across New Jersey since 2008, and I can tell you the most overlooked privacy holes aren't the obvious ones. Here are four settings that actually stop the data leaks I see costing my clients thousands: **First, enable Advanced Data Protection under Settings > [Your Name] > iCloud.** This encrypts your iCloud backups, photos, and notes so even Apple can't access them during a cloud breach. When that MIT study showed 2.6 billion records breached in just 2021-2022, most were from cloud storage that wasn't encrypted end-to-end. I've had three clients this year alone who had business data exposed through compromised iCloud accounts that could've been prevented with this one toggle. **Second, go to Settings > Privacy & Security > App Privacy Report and actually review what your apps accessed in the last seven days.** I checked mine last month and found a recipe app had accessed my photos 47 times in one week for no reason. That's how business owners accidentally leak client information--some random app they installed is quietly accessing their camera roll where they screenshot sensitive documents. **Third, disable Settings > [Your Name] > Find My > Find My iPhone > Send Last Location if you handle any business data on your phone.** This sounds counterintuitive, but it constantly pings your location to Apple's servers right before your battery dies, creating a location history log that's subpoenaed in legal cases. I've seen two divorce proceedings where this data was pulled to establish patterns. **Fourth, turn off Settings > Siri & Search > Learn from this App for every app that touches sensitive information.** Siri indexes everything to "help" you, but that means your banking app transactions, health app entries, and email contents get cached in Siri's learning database. One of my financial advisor clients nearly violated compliance regulations because Siri suggestions were showing client account numbers in his spotlight search.
I've raised over $500M in capital and sat on boards for tech companies handling sensitive data across 140+ countries--privacy breaches don't just cost money, they kill trust. Here are four iPhone settings people miss that I've seen exploited in enterprise environments. First, disable "Significant Locations" (Settings > Privacy & Security > Location Services > System Services > Significant Locations). This feature logs every place you regularly visit with timestamps. I watched a company's M&A deal nearly collapse when an executive's phone data revealed undisclosed site visits to a competitor's office--all because this tracking was on by default. Second, turn off "Share My Location" in iMessage for individual contacts (open a conversation > tap their name > Info > Stop Sharing My Location). A Premise contributor in Eastern Europe had their safety compromised when an old contact they'd forgotten about tracked their real-time location through this feature. Most people don't realize it stays active indefinitely once enabled. Third, disable "Allow Apps to Request to Track" entirely (Settings > Privacy & Security > Tracking > toggle OFF). When we analyzed data flows at Premise, we found apps requesting tracking permissions weren't just measuring ad performance--they were building shadow profiles linking your behavior across dozens of unrelated services. The average person has 80+ apps; even 10% tracking you creates a detailed dossier. Fourth, review "Background App Refresh" and kill it for apps that don't need it (Settings > General > Background App Refresh). At Accela, we finded a government employee's phone was uploading constituent data to a third-party weather app that had background refresh enabled--the app was harvesting contacts and calendar entries while idle. Your battery life improves too, but the real win is stopping silent data exfiltration.
I run a surveillance company, and after reviewing thousands of hours of footage from our AI units, I can tell you the biggest security risks come from what people broadcast *without realizing it*. iPhones leak location data constantly through features most people never think about. **Four settings I'd change based on what I've seen:** First, disable "Significant Locations" (Settings > Privacy & Security > Location Services > System Services > Significant Locations)--this tracks every place you regularly visit and creates predictable patterns that anyone with access to your phone can see. Second, turn off app tracking across other companies' apps (Settings > Privacy & Security > Tracking > Allow Apps to Request to Track > Off)--retail apps are building profiles of your shopping behavior and selling that data. Third, disable "Share My Location" unless you're actively using it (Settings > Privacy & Security > Location Services > Share My Location > Off)--I've seen cases where old contacts still had access years after breakups. Fourth, review which apps can access your photos (Settings > Privacy & Security > Photos) and change them from "Full Access" to "Selected Photos"--social media apps don't need to scan your entire camera roll. We've caught people casing dealership lots who were clearly checking their phones for patterns--they knew when guards changed shifts, when lots were busiest. That kind of predictable behavior data gets harvested from location tracking, and most people broadcast it 24/7 without knowing. The moment I realized how much iPhones leak was when a client's stolen phone led thieves straight to their home address through saved locations. It wasn't hacking--just default settings doing exactly what they're designed to do.
The four privacy configurations I recommend are App Tracking Transparency, Mail Privacy Protection, Location Services, and Analytics sharing. Turning off tracking and mail monitoring significantly stops the collection of hidden information to refine ad targeting, while setting Location Services as "While Using" prevents an app from running in the background. Turning off Analytics and ad personalization will also limit unnecessary sharing. In my practice I have had clients notice less advertising, and greater privacy immediately after making these simple adjustments.