New vulnerabilities in the code that runs in your devices and apps are found every day. The developers who write that code cannot predict where they will be found, because the code is so complex. Malicious attackers may exploit these vulnerabilities to get into your devices. But software developers do regularly release code that fixes those vulnerabilities. That is why it is very important to install updates and use the latest version of the operating system for each device you use. We recommend setting your device to automatically update so you have one less task to remember to do.

Lockdown Mode limits infection strategies used by sophisticated spyware like Pegasus. Features of the Lockdown Mode should be used by everyone and should really be part of a standard operating system.

Apple's App Store is the official app store for macOS. Having apps in one place makes it easy for you to find and install the ones you want, and it also makes it easier for Apple to monitor apps for major security violations. Only install apps from the App Store.

If you're really sure about what you're doing, you can install certain apps from the websites of the developers themselves. "Mirror" download sites may be untrustworthy, unless you know and trust the people who provide those services. If you decide that the benefit of a particular app outweighs the risk, take additional steps to protect yourself, like planning to keep sensitive or personal information off that device.

To learn how to decide whether you should use a certain app, see how Security in a Box chooses the tools and services we recommend.

New vulnerabilities in the code that runs in your devices and apps are found every day. The developers who write that code cannot predict where they will be found, because the code is so complex. Malicious attackers may exploit these vulnerabilities to get into your devices. Removing apps you do not use helps limit the number of apps that might be vulnerable. Apps you do not use may also transmit information about you that you may not want to share with others, like your location.

Mac computers come with built-in software, like Safari or iTunes, that have a history of privacy and security issues. Instead, you can use more privacy-friendly apps to browse the web, read your email and much more.

Apps that access sensitive digital details or services — like your location, microphone, camera or device settings — can also leak that information or be exploited by attackers. So if you do not need an app to use a particular service, turn that permission off.

Many of our devices keep track of where we are, using GPS, cell phone towers and the wifi networks we connect to. If your device is keeping a record of your physical location, it makes it possible for someone to find you or use that record to prove that you have been in certain places or associated with specific people who were somewhere at the same time as you.

We strongly recommend not sharing devices you use for sensitive work with anyone else. However, if you must share your devices with co-workers or family, you can better protect your device and sensitive information by setting up separate users on your devices in order to keep your administrative permissions and sensitive files protected from other people.

If you don't intend for someone else to access your device, it is better to not leave that additional "door" open on your machine (this is called "reducing your attack surface"). Additionally, checking what user accounts are associated with your device could reveal accounts that have been created on your device without your knowledge.

Most devices have accounts associated with them, like Apple ID accounts for your macOS laptop, Apple Watch, iPad and Apple TV. More than one device may be logged in at a time (like your phone, laptop and maybe your TV). If someone else has access to your accounts without your authorization, the steps included in this section will help you see and stop this.

While technical attacks can be particularly worrying, your device may as well be confiscated or stolen, which may allow someone to break into it. For this reason, it is smart to set a strong passphrase to protect your computer and user account, so that nobody can access your machine just by turning it on and guessing a short password.

We do not recommend login options other than passphrases. If you are arrested, detained or searched, you might easily be forced to unlock your device with your fingerprint. Someone who has your device in their possession may use software to guess short passwords. And if you set a fingerprint lock, someone who has dusted for your fingerprints can make a fake version of your finger to unlock your device.

For these reasons, the safest protection you can set for logging into your device is a longer passphrase.

A strong screen lock will give you some protection if your device is stolen or seized — but if you don't turn off notifications that show up on your lock screen, whoever has your device can see information that might leak when your contacts send you messages or you get new email.

If you set up a device so you can speak to it to control it, it becomes possible for someone else to install code on your device that could capture what your device is listening to.

It is also important to consider the risk of voice impersonation: someone could record your voice and use it to control your computer without your permission.

If you have a disability that makes it difficult for you to type or use other manual controls, you may find voice control necessary. This section provides instructions on how to set them up more safely. However, if you do not use voice controls for this reason, it is much safer to turn them off.

While we often think of attacks on our digital security as highly technical, you might be surprised to learn that some human rights defenders have had their information stolen or their accounts compromised when someone looked over their shoulder at their screen or used a security camera to do so. A privacy filter makes this kind of attack, often called shoulder surfing, less likely to succeed. You should be able to find privacy filters in the same shops where you find other accessories for your devices.

Malicious software may turn on the camera on your device in order to spy on you and the people around you, or to find out where you are, without you knowing it.

All wireless communication channels (like wifi, NFC or Bluetooth) could be abused by attackers around us who may try to get to our devices and sensitive information by exploiting weak spots in these networks.

When you turn Bluetooth or wifi connectivity on, your device tries to look for any Bluetooth device or wifi network it remembers you have connected to before. Essentially, it "shouts" the names of every device or network on its list to see if they are available to connect to. Someone snooping nearby can use this "shout" to identify your device, because your list of devices or networks is usually unique. This fingerprint-like identification makes it easy for someone snooping close to you to target your device.

For these reasons, it is a good idea to turn off these connections when you are not using them, particularly wifi and Bluetooth. This limits the time an attacker might have to access your valuables without you noticing that something strange is happening on your device.

When you turn wifi connectivity on, your computer tries to look for any wifi network it remembers you have connected to before. Essentially, it "shouts" the names of every network on its list to see if they are available to connect to. Someone snooping nearby can use this "shout" to identify your device, because your list is usually unique: you have probably at least connected to your home network and your office network, not to mention networks at friends' houses, favorite cafes, etc. This fingerprint-like identification makes it easy for someone snooping in your area to target your device or identify where you have been.

To protect yourself from this identification, erase wifi networks your device has saved and tell your device not to remember networks. This will make it harder to connect quickly, but saving that information in your password manager instead will keep it available to you when you need it.

Many devices give us the option to easily share files or services with others around us — a useful feature. However, if you leave this feature on when you are not using it, malicious people may exploit it to get at files on your device.

Firewalls are a security option that stops unwanted connections to your device. Like a security guard posted at the door of a building to decide who can enter and who can leave, a firewall receives, inspects and makes decisions about communications going in and out of your device. We recommend turning yours on to prevent malicious code from trying to access your computer. The default firewall configuration should be enough protection for most people.

It may not always be obvious when someone has accessed your devices, files or communications. These additional recommendations and checklists may give you more insight into whether your devices have been tampered with.