Last Updated: December 2025
Compatible Systems: iOS 18+, Android 14+, HarmonyOS 5, MagicOS 8, HyperOS 2
Setup Time: 5-10 minutes
No Jailbreak/Root Required
- I. Configuration Goals
- II. iOS Configuration Guide
- III. Android Stock/AOSP Configuration Guide
- IV. Huawei/HarmonyOS Configuration Guide
- V. Honor/MagicOS Configuration Guide
- VI. Xiaomi/HyperOS Configuration Guide
- VII. General Security Recommendations
- VIII. Frequently Asked Questions
This guide uses native system settings (no third-party tools required) to achieve three main objectives:
- Use PIN (≥6 digits) as the first line of defense
- Avoid weak passwords like birthdays or phone numbers
- Disable system analytics, telemetry, and crash log uploads
- Turn off advertising identifiers
- Stop personalized ad tracking
- Use encrypted DNS (DoH) to prevent hijacking and tracking
- Keep keyboard clipboard data local (no cloud sync)
- Use open-source/encrypted communication tools
iPhone 12 and above (iOS 17+)
| # | Item | Path | Steps | Verification |
|---|---|---|---|---|
| 1 | Set PIN Lock | Settings → Face ID & Passcode → Change Passcode | 1. Tap "Passcode Options" 2. Choose "Custom Numeric Code" 3. Enter ≥6 digits (avoid sequential numbers) |
Lock screen shows only numeric keypad |
| 2 | Disable Analytics | Settings → Privacy & Security → Analytics & Improvements | Turn off all options: - Share iPhone Analytics - Share iCloud Analytics - Improve Siri & Dictation - Share Routing & Network Analytics |
Enter "Analytics Data" - no new logs |
| 3 | Disable Ad Tracking | Settings → Privacy & Security → Tracking | Turn off "Allow Apps to Request to Track" | Toggle grayed out, apps no longer show tracking prompts |
| 4 | Configure Encrypted DNS | Settings → General → VPN & Device Management | Option 1: Profile (Recommended) 1. Visit in Safari: https://adguard-dns.io/kb/en/ios/solving-problems/configuration-profile/ 2. Download "Default" profile 3. Install in Settings Option 2: 18bit DNS (China-based, Ad Blocking) 1. Visit in Safari: https://go.18bit.cn/help-docs/help-docs-ios.html 2. Download 18bit DNS profile 3. Install in Settings 4. Auto-enabled after installation Option 3: App Method Download "AdGuard" or "DNSCloak" |
AdGuard Verification: Visit https://dns.adguard.com/info Shows "DNS Protection: Yes" 18bit Verification: Visit https://dtest.18bit.cn/ Red screen shows "18bit Blocked" |
| 5 | Localize Keyboard | Settings → General → Keyboard → Keyboards | 1. Keep only "Simplified Chinese - Pinyin" or use Gboard 2. If using Gboard, disable in settings: - Cloud clipboard - Input predictions - Auto-learning |
Copy sensitive content, paste after 5 min Should show "Clipboard cleared" |
| 6 | Limit Location Tracking | Settings → Privacy & Security → Location Services | 1. Review app permissions individually 2. Change to "While Using" or "Never" 3. Disable "Precise Location" |
Location icon no longer appears frequently in status bar |
| 7 | Disable Background Refresh | Settings → General → Background App Refresh | Disable background refresh for rarely-used apps | Battery life improves |
- iCloud Backup: Backs up all app data. Disable iCloud backup for sensitive apps (banking, messaging)
- Siri Suggestions: Settings → Siri & Search, disable "Learn from this App" for sensitive apps individually
- Photo Privacy: Use "Hidden Album" and disable "Show Hidden Album" in Photos settings
Pixel, Stock Android, OnePlus OxygenOS, Nothing OS, etc.
| # | Item | Path | Steps | Verification |
|---|---|---|---|---|
| 1 | Set PIN Lock | Settings → Security → Screen Lock → PIN | Enter ≥6 digits (avoid sequential numbers) | Lock screen shows only numeric keypad |
| 2 | Disable Telemetry | Settings → Google → Usage & Diagnostics | Turn off "Send usage and diagnostics data" | Search "usage" in settings shows "Disabled" |
| 3 | Delete Ad ID | Settings → Google → Ads | Tap "Delete advertising ID" (Android 12+) or disable "Personalized ads" |
Shows "Advertising ID deleted" |
| 4 | Configure Private DNS | Settings → Network & Internet → Private DNS | Select "Private DNS provider hostname" Recommended Options: - 18bit DNS (China, ad blocking): dns.18bit.cn- AdGuard DNS (International, ad blocking): dns.adguard-dns.com- Alibaba DNS (China, no blocking): dns.alidns.com- Cloudflare (International, no blocking): 1dot1dot1dot1.cloudflare-dns.com |
Status shows "Connected" 18bit Verification: Visit https://dtest.18bit.cn/ Red screen shows success AdGuard Verification: Visit https://dns.adguard.com Shows "DNS Protection: Yes" |
| 5 | Localize Keyboard | Settings → System → Languages & Input → Gboard | Enter Gboard settings: - Disable "Clipboard cloud sync" - Disable "Personal dictionary cloud sync" - Disable "Share usage statistics" |
Copy password, switch apps Long press paste shows no history |
| 6 | Review Permissions | Settings → Privacy → Permission Manager | Check individually: - Location (change to "Only while using") - Camera/Microphone (disable unnecessary apps) - Contacts (keep only necessary apps) |
Permission icons no longer appear frequently in status bar |
| 7 | Limit Background Activity | Settings → Apps → Special App Access → Unrestricted Data Usage | Keep only necessary communication apps | Data usage decreases |
Mate 60 series, Pura 70 series, Mate X5, nova series, etc. (HarmonyOS 4.0+)
| # | Item | Path | Steps | Verification |
|---|---|---|---|---|
| 1 | Set PIN Lock | Settings → Biometrics & Password → Lock Screen Password | Choose "PIN" Enter ≥6 digits (disable "Simple password") |
Lock screen shows only numeric keypad |
| 2 | Disable Experience Program | Settings → Huawei Account → Privacy Center → Experience Improvement | Turn off all options: - User Experience Improvement Program - Crash log upload - Diagnostic data |
Page shows "Disabled" |
| 3 | Delete Ad Identifier | Settings → Huawei Account → Privacy Center → Ads & Privacy | Tap "Delete advertising identifier" | Shows "Advertising identifier disabled" |
| 4 | Disable System Telemetry | Settings → System & Updates → User Experience Improvement Program | Turn off "Join User Experience Improvement Program" | Search "experience improvement" shows disabled |
| 5 | Configure Encrypted DNS | Settings → More Connections → Encrypted DNS | Select "Manual" Recommended: - dns.18bit.cn (China, ad blocking)- dns.adguard-dns.com (International, ad blocking)- dns.alidns.com (China, no blocking) |
Status shows "Connected" Verify: Visit https://dtest.18bit.cn/ Red screen shows success |
| 6 | App Lock + Background Blur | Phone Manager → Privacy Center → App Lock | 1. Lock sensitive apps like WeChat, email 2. Enable "Background blur preview" |
Recent tasks show blurred content |
| 7 | PrivateSpace (Optional) | Settings → Privacy → PrivateSpace | Create independent fingerprint/password | File Manager shows "PrivateSpace" entry at bottom |
| 8 | Pure Mode | Settings → System & Updates → Pure Mode | Keep enabled (default) | Can only install apps from AppGallery and official channels |
Use Settings search bar, search these keywords to ensure all are disabled:
- ✅ "Experience improvement" → All toggles off
- ✅ "Ads" → Advertising identifier deleted
- ✅ "Diagnostic" → All diagnostic toggles off
- ✅ "Cloud" → Check if sensitive data cloud sync is disabled
Magic V3/V5, Magic6 series, Magic7 series, etc. (MagicOS 8.0+)
| # | Item | Path | Steps | Verification |
|---|---|---|---|---|
| 1 | Set PIN Lock | Settings → Biometrics & Password → Lock Screen Password | Choose "PIN" Enter ≥6 digits (disable "Simple password") |
Lock screen shows only numeric keypad |
| 2 | Disable Experience Program | Settings → Honor Account → Privacy Center → Experience Improvement | Turn off "Join Experience Improvement Program" | Page shows "Disabled" |
| 3 | Delete Ad ID | Settings → Honor Account → Privacy Center → Ads | Tap "Delete advertising identifier" | Shows "Advertising ID disabled" |
| 4 | Disable Remote Diagnostics | Settings → System & Updates → Honor Remote Diagnostics | Turn off "Allow remote log collection" | Search "remote diagnostics" shows disabled |
| 5 | Configure Encrypted DNS | Settings → More Connections → Encrypted DNS | Select "Manual" Recommended: - dns.18bit.cn (China, ad blocking)- dns.adguard-dns.com (International, ad blocking)- dns.alidns.com (China, no blocking) |
Status shows "Connected" Verify: Visit https://dtest.18bit.cn/ Red screen shows success |
| 6 | App Lock | Phone Manager → App Lock | 1. Lock sensitive apps 2. Enable "Background blur" |
Recent tasks show blurred content |
| 7 | On-Device AI (Magic V3/V5) | Settings → Privacy → On-Device AI | Choose "Local processing only" Turn off "Cloud enhancement" |
Knowledge base page shows "Pure on-device mode" |
Settings search bar, search sequentially:
- ✅ "Experience improvement" → Disabled
- ✅ "Ads" → ID deleted
- ✅ "Remote diagnostics" → Disabled
- ✅ "Cloud" → Check sync items
Xiaomi 14 series, Redmi K70 series, Xiaomi 15 series, etc. (HyperOS 1.0+)
| # | Item | Path | Steps | Verification |
|---|---|---|---|---|
| 1 | Set PIN Lock | Settings → Password & Security → Lock Screen Password | Choose "PIN" Enter ≥6 digits (disable "Simple password") |
Lock screen shows only numeric keypad |
| 2 | Disable Experience Program | Settings → Password & Security → System Security → User Experience Program | Turn off "Join User Experience Program" | Toggle grayed out |
| 3 | Delete Ad ID | Settings → Password & Security → System Security → Ad Services | Tap "Delete advertising ID" | Shows "Advertising identifier disabled" |
| 4 | Disable Diagnostic Data | Settings → Password & Security → System Security → Diagnostic Data | Turn off "Send diagnostic data" | Search "diagnostic data" shows disabled |
| 5 | Disable Personalized Ads | Settings → Accounts & Sync → Mi Account → Privacy → Ad Preferences | Turn off "Personalized ads" | Page shows "Disabled" |
| 6 | Configure Private DNS | Settings → Connection & Sharing → Private DNS | Select "Manual" Recommended: - dns.18bit.cn (China, ad blocking)- dns.adguard-dns.com (International, ad blocking)- dns.alidns.com (China, no blocking) |
Status shows "Connected" Verify: Visit https://dtest.18bit.cn/ Red screen shows success |
| 7 | App Lock + Blur Snapshot | Settings → App Settings → App Lock | 1. Lock sensitive apps 2. Enable "Blur snapshot" |
Recent tasks show blurred content |
| 8 | Disable MIUI Recommendations | Settings → Search "recommendations" | Turn off all "Content recommendations" options | Negative screen no longer shows ads |
Settings search bar, search sequentially:
- ✅ "Experience program" → Disabled
- ✅ "Ads" → ID deleted + personalized disabled
- ✅ "Diagnostic data" → Disabled
- ✅ "Recommendations" → All content recommendations disabled
-
Recheck Toggle Status
Search in Settings for these keywords to ensure they haven't been silently re-enabled:- "Experience improvement"
- "Diagnostic data" / "usage"
- "Advertising ID" / "ads"
-
Clear Cache & Logs
- Android: Settings → Storage → Cached Data → Clear
- iOS: Settings → General → iPhone Storage → Clear "Other"
-
Check Permission Changes
Review new permission requests in "Permission Manager"
- Ensure Encrypted DNS is Enabled (Steps 4/5 above)
- Avoid Sensitive Operations: No banking, password changes, etc.
- Use HTTPS: Check URL prefix is
https:// - Optional: Use VPN
Recommended open-source solutions:- iOS: WireGuard, Shadowrocket
- Android: WireGuard, v2rayNG
⚠️ Avoid free Chinese accelerators (may log data)
| Tool | Function | Link |
|---|---|---|
| 18bit DNS Test | Check if 18bit DNS is active | https://dtest.18bit.cn/ |
| AdGuard DNS Test | Check if AdGuard DNS is active | https://dns.adguard.com/info |
| DNS Leak Test | Check if DNS leaks real IP | https://www.dnsleaktest.com/ |
| 18bit Service Status | View 18bit DNS real-time status | https://status.18bit.cn/ |
| Platform | Recommended Solution | Configuration |
|---|---|---|
| iOS | System default / Gboard | Gboard needs "Cloud clipboard" disabled |
| Android | Gboard / System default | Disable "Cloud sync" and "Statistics" |
| Chinese ROMs | System default | Avoid third-party input methods |
Security Tips:
- After copying passwords/codes, system auto-clears in 5 minutes
- Don't use Sogou, Baidu, or other internet-connected third-party keyboards
| App Type | Recommendation |
|---|---|
| Messaging (WeChat/QQ) | Enable app lock + hide notification content |
| Financial (Banking/Payment) | Enable app lock + disable cloud backup |
| Notes | Use local notes (Apple Notes/Google Keep) or E2E encrypted notes (Notion/Obsidian) |
| Disable auto-load images (prevent tracking pixels) | |
| Browser | Use Safari (iOS)/Chrome (Android) Enable "Prevent cross-site tracking" |
| Platform | Update Recommendation | Notes |
|---|---|---|
| iOS | Keep auto-update enabled | Apple responds quickly to security issues, safe to upgrade |
| Android Stock | Keep auto-update enabled | Google pushes security patches first week of each month |
| Huawei/Honor/Xiaomi | Only install "Security patches" | Wait 1-2 weeks before major version updates to avoid issues |
Cause: DNS with ad blocking (18bit, AdGuard) blocks some ads and tracking domains. Some apps require ads to function.
Solutions:
- Temporary: Disable encrypted DNS, re-enable after using the app
- Permanent: Switch to non-blocking DNS
- Alibaba DNS (China, no blocking):
dns.alidns.com - Cloudflare (International, malware blocking only):
1dot1dot1dot1.cloudflare-dns.com
- Alibaba DNS (China, no blocking):
| Comparison | 18bit DNS | AdGuard DNS |
|---|---|---|
| Server Location | 🇨🇳 China Mainland | 🌍 Overseas (Singapore, USA, etc.) |
| China Speed | ✅ Fast (latency <20ms) | |
| Ad Blocking | ✅ Optimized for Chinese ads | ✅ Optimized for international ads |
| Privacy Policy | 🔍 Check official website | ✅ Open source, has audit reports |
| Stability | ✅ High | |
| Use Case | Chinese users daily use | Privacy-focused or frequent international app users |
Recommended Choice:
- 🏠 China users priority:
dns.18bit.cn(fast, blocks Chinese ads) - 🌏 Privacy priority/overseas apps:
dns.adguard-dns.com(open source transparent) - ⚡ Stability priority (no ad blocking):
dns.alidns.com(Alibaba Public DNS)
| Platform | Solution |
|---|---|
| iOS | Need to restore device via iTunes/Finder (data will be lost) If "Find My iPhone" is enabled, can remotely erase |
| Android | After multiple wrong attempts, can unlock with Google account or restore factory settings via Recovery (data loss) |
| Chinese ROMs | Most can recover via brand account or use "Forgot password" (need pre-bind) |
💡 Suggestion: Use password manager (1Password/Bitwarden) to backup PIN
Yes, but ads won't be personalized.
- Before: Apps push targeted ads based on browsing history, location, purchase records
- After: Apps can only push generic ads (all users see same ads)
Key Difference: Protects privacy, doesn't completely remove ads (ad removal requires encrypted DNS)
| Mode | Pros | Cons | Recommendation |
|---|---|---|---|
| Pure Mode | Only install apps from official channels Blocks malware |
Can't install third-party APKs (e.g., GitHub open-source apps) |
✅ Regular users keep enabled ❌ Developers/geeks can disable |
Android 9 and below don't natively support Private DNS, need third-party app:
Recommended App: Intra (Google developed)
- Download & Install: Search "Intra" on Google Play or APKMirror
- Configure 18bit DNS:
- Open Intra → Settings → Choose "Custom server URL"
- Enter:
https://doh.18bit.cn/dns-query - Return to home, enable protection
- Verify: Visit https://dtest.18bit.cn/ shows red
Note: Intra uses VPN channel for DoH, may conflict with other VPNs
No, may actually be smoother.
- Disabling telemetry and ad tracking reduces background network requests
- Disabling background refresh lowers power consumption
- Encrypted DNS doesn't affect speed (latency difference <10ms)
- Password Managers: 1Password, Bitwarden, KeePassXC
- Open-Source Browsers: Firefox, Brave (built-in ad blocking)
- Encrypted Messaging: Signal (end-to-end encrypted SMS)
| Date | Version | Changes |
|---|---|---|
| 2025-12 | v1.0 | Initial release, supports iOS 18, Android 14, HarmonyOS 5, MagicOS 8, HyperOS 2 |
If you encounter any of the following, feel free to submit an Issue or Pull Request:
- ✅ System updates causing menu path changes
- ✅ New privacy leak points discovered
- ✅ Better configuration solutions
This guide is for educational reference only. The author is not responsible for any issues arising from configuration. Please backup important data before configuration.
📌 Final Reminder
Privacy protection is an ongoing process, not a one-time setup. Recommend quarterly reviews and stay informed about system update notes.
If this guide helps you, please give it a ⭐ Star!
中文版本 | English