The end of the year means it’s time to reflect on what’s really important in life: friends, family — and Windows PC tips.
That may sound silly, but I’ve always believed it’s true. Useful tech tips and solutions help people get work done and accomplish tasks quickly so they can get back to what’s actually important in their lives.
I’ve shared a lot of PC tips over the last year. It’s easy for some of that to get lost in the hustle and bustle. So, as we wrap up 2024, it’s a good time to look back at the best advice of the year — especially useful Windows suggestions that can take your computing to the next level, whether you’re being productive on the job or just tweaking your personal PC at home.
We all have phones, and we all need to transfer files back and forth — even if it’s just a few quick photos now and then. Here are lots of easy ways to get that done, with something for practically every type of workflow.
Keyboard shortcuts are an essential tool to take your PC productivity up a notch. This list is a great place to get started — you’ll almost certainly learn something new!
As PC users, we tend to wrangle with browser tabs all day. These ideas will make you even more efficient in your web browser of choice, whether that’s Google Chrome, Microsoft Edge, Mozilla Firefox, Brave, or anything else.
Dark mode has come a long way on Windows in the last few years, but it still has a way to go. If you’re a dark mode fan, this advice will make your dark mode experience much better on Windows.
Does Windows Update restart your PC when you least expect it? If you’d like more control, there’s a lot you can do to take much more control of Update so it will work on your schedule.
Microsoft’s Cortana voice assistant is long gone, but Windows still has a suite of powerful voice-powered features. You can use your voice to type and even to navigate the desktop and apps — no third-party software necessary!
Did you know you can trim a video file on Windows in a few clicks, cutting just the portion you want? It’s possible with a quick tool buried in Windows — no big Clipchamp video editor necessary.
If you haven’t set up the Phone Link app yet, you should! And if you have set it up, it’s worth a deeper look. This useful app included with Windows is packed with features for both Android phones and iPhones — although it’s more powerful with an Android phone.
Windows PC tips: #12—14: Excellent apps to install
I’m a big fan of Microsoft’s free and frequently updated PowerToys package for Windows PCs. It’s packed with especially useful utilities you can install in a few clicks. Here’s a tour of many of the most useful ones.
Microsoft’s new Workspaces PowerToy is a particularly useful and customizable app launcher that could transform many workflows. It might just be the best way to launch and arrange your apps after powering on your PC and signing in.
Microsoft axed Android app support in Windows 11. But don’t let that stop you: If you want to run Android apps on a Windows 11 PC, there are still some great alternatives.
As always, I hope you find some especially helpful PC tips and tricks. And I’ll see you in 2025 for even more Windows wizardry.
Why wait? Uncover even more useful Windows tips and tricks with my free Windows Intelligence newsletter — three new things to try every Friday and a free Windows Field Guide as soon as you sign up.
The US has intensified its campaign to counter China’s ambitions in technology leadership, with the Biden administration initiating a high-stakes investigation into China’s expanding dominance in legacy semiconductor manufacturing.
The US Trade Representative (USTR) is probing whether China’s practices — backed by extensive state support — constitute unfair competition, endangering American industries and national security.
For more than two years, I’ve been working with WinGet daily to monitor and maintain the apps on my Windows 10 and 11 PCs. For those not already in the know, WinGet is the built-in, command-line interface to Microsoft’s Windows Package Manager service. It works in both PowerShell and Command Prompt with equal facility.
WinGet is designed to enable users to “discover, install, upgrade, remove and configure applications on Windows 10 and 11 computers,” according to Microsoft Learn. In my experience, WinGet is helpful for checking and updating most applications that run on Windows.
Please note: WinGet is included with Windows 10 version 1709 and later, and all versions of Windows 11 as the App Installer. If you’re running an earlier version of Windows 10, visit the WinGet home page at GitHub. There, click the Latest button under “Releases” at right, and download the item named “Microsoft.DesktopAppInstaller…msixbundle” (the missing characters identify Microsoft Store apps). Double-click on this item to install it.
(Don’t worry: if you do this on a newer Windows version, it will inform you, “The App Installer is already installed.”)
Exploring a PC using WinGet
Using WinGet starts with opening an administrative command line session. Press the Windows key + X, then pick Terminal (Admin) or PowerShell (Admin) from the pop-up menu. (I use PowerShell and will use it for examples throughout this story.) Given that WinGet runs in PowerShell, it uses straightforward PowerShell syntax to provide information or perform actions.
WinGet tells you about itself if you enter the command:
winget --info
(Although I’ve followed Microsoft’s lead in labeling this command “WinGet,” the command line doesn’t care about capitalization.)
As you can see in Figure 1, the output from this command shows the running version of Windows Package Manager, along with the OS Build number, system architecture, Microsoft.DesktopAppInstaller version, and symbol values for WinGet directories, links, and Admin Settings.
Figure 1: Output from WinGet’s info command tells you about the system, plus WinGet-related software and settings.
Ed Tittel / IDG
This information can be helpful, but it’s not terribly interesting, nor have I found it super-useful in day-to-day WinGet use and troubleshooting.
Things get more interesting with WinGet’s two information display subcommands: list and show. The list subcommand shows what’s currently installed on the target PC, while the show subcommand searches an online database of available packages to show you information about matching search hits.
With no qualifiers or queries, winget list shows a list of every item installed on your PC (177 items on an up-to-date Windows 11 production PC; 339 items on a heavily used production Windows 10 PC). All standard executables and Microsoft Store apps are included in this count.
Winget show won’t do anything unless you provide it with a search string. It’s normally used to search for specific packages, or to see if they exist. Try it with search strings such as windows, power, powershell and so forth. It’s soon obvious that this is a more focused tool. I use it primarily when WinGet tells me a package needs an upgrade. It helps me find complete IDs, version numbers, and publisher, and tells me where it came from. (That usually means WinGet’s package repository or the Microsoft Store.)
The winget search command can be more helpful than show if you’re looking for something specific. It lists all items that include the search string. Thus, if you use the same strings recommended in the preceding paragraph, you’ll get more — and more interesting — results.
Figure 2 shows the output for winget search PowerShell as an illustration. (It shows items with PowerShell in their names, IDs, and tags, so it’s more inclusive.)
Figure 2: Matching on ‘PowerShell’ is especially useful for tagged items, particularly Windows Terminal and related applications.
Ed Tittel / IDG
WinGet’s star subcommand: upgrade
My favorite among the WinGet subcommands is the upgrade item. It offers insight into available upgrades and offers various ways to perform upgrades on a Windows PC. Indeed, three variants of winget upgrade are likely to be both useful and informative:
winget upgrade
winget upgrade --all
winget upgrade --all --include-unknown
By itself, winget upgrade (no additional arguments or modifiers) simply tells you if newer versions of installed packages are available. Figure 3 shows an example of this command from one of my production level test PCs, with some items in need of update. Notice that the Version column identifies the version that’s currently installed. The Available column identifies the corresponding new (updated) version one could apply in its stead, if desired.
Figure 3: Seven updates are available for the target PC, as shown.
Ed Tittel / IDG
The next command, winget upgrade --all, tells WinGet to update all items from the upgrade list for which a version number is known. In Figure 3, all items have values in the Version column. Note further that all packages shown come from the default WinGet package repository (named winget in Figure 3).
The third command, winget upgrade --all --include-unknown, tells WinGet to update all items even if the version column is blank. In general, this command is more useful because it involves less additional work. Thus, I use it as my go-to for all winget upgrade commands, just to make sure I cover everything.
Figure 4 shows results after running that catch-all command on the target PC. (I’ll have more to say about this figure later.)
Figure 4: On this production PC, WinGet finds and installs four upgrades, but leaves the fifth alone.
Ed Tittel / IDG
Note that you’ll sometimes see installer windows and even PowerShell or Command Prompt sessions open and close as WinGet goes through the necessary motions involved in performing those updates. Note further: when updating web browsers — Edge, Chrome, or Firefox, for example — if the browser is running when you run WinGet, you must relaunch that browser manually before the update fully completes. If it’s closed, it completes on its own. (WinGet always applies an abundance of caution when it encounters running processes.)
Running winget upgrade again after performing all updates shows nothing left to do. In Figure 5, the message “No installed package found matching input criteria” translates into “Nothing to upgrade.”
Figure 5: “No installed package found matching input criteria” means “Nothing to upgrade.”
Ed Tittel / IDG
About pinned applications (and other experimental WinGet features)
If you look back at Figure 4, you’ll see the sentence “The following packages have an upgrade available, but require explicit targeting” fairly near the top, with Discord listed below. What does that mean, and why does this happen? Some application developers, including Discord, use advanced WinGet features — pinning in this case (look back at the final line of Figure 4) — to prevent unwanted changes to the Discord app. It usually updates inside the app so this approach (mostly) prevents WinGet from getting involved.
On the other hand, you can always use WinGet to uninstall an app, and then use WinGet one more time to reinstall. For Discord, that command sequence looks like this:
winget uninstall Discord.Discord
winget install Discord.Discord
(Note at the head of Figure 4, the ID value for Discord is Discord.Discord, so that’s how we specify these commands.)
The first command removes (the old version of) Discord; the second command installs (the new version of) Discord. It’s what I call a remove-replace operation, and it works pretty well for general WinGet troubleshooting, too. I’ve also used it recently for Zoom Workplace, various Teams versions, and other occasional vexations.
For the record, the pin command is a relatively new subcommand for WinGet. It first appeared in general release in July 2024. According to Microsoft Learn, “the winget pin command allows you to limit the Windows Package Manager from upgrading a package to specific ranges of versions, or it can prevent it from upgrading a package altogether.”
Another special qualifier, namely --include-pinned, lets you override this restriction. But because Discord is the only item in my stable of apps that uses this restriction, it’s not worth adding to my go-to command string.
When the upgrade command fails or falls short
Sometimes, WinGet updates don’t clear the items that appear when you enter the winget upgrade command by itself. That means something remains on your PC that WinGet couldn’t handle. Through experience, I’ve observed the following possibilities, each of which has its own potential solution:
Multiple copies of the same app or application are resident. If you have multiple installations of the same program, only one is likely to be current and up to date. Unless you require older versions, the simplest fix is to uninstall them so only the current, updated version remains present.
I’ve seen this happen with PowerShell, for example, where some of my PCs retained version 7.2.5 even when 7.4.5 or 7.4.6 (the current version as I write this) was also present. Using Programs and Features (or some equivalent third-party tool like Revo Uninstaller Free), you can find and uninstall out-of-date versions.
Strange programs that you’ve never seen before and don’t need show up. Case in point: occasionally an item named “Teams machine-wide installer” shows up on my PCs. It’s something Microsoft uses that apparently gets left behind from time to time. Uninstalling this item causes no noticeable issues with Teams, and it removes the item from further upgrade consideration.
Current WinGet packages aren’t available for some apps. One of WinGet’s limitations is that it only works with items registered in its package database. You may need to visit the app publisher’s website to find current updates that aren’t registered with WinGet.
In the past, I’ve covered using third-party automated tools such as UpdateStar and Patch My PC to keep apps updated in Windows 10 and 11. These and other update scanners may find items in need of updating on your PC that WinGet doesn’t handle. On my PCs, that includes applications such as Nitro Pro (a PDF reader/editor), Amazon Kindle (for which only an outdated package is available via WinGet), FileZilla, various Intel tools (e.g., Intel Driver & Support Assistant), and more.
If you’re willing to research your applications and their sources for updates, you can almost always find a way to get them updated. That said, WinGet cannot handle all apps on its own. Many or most of them, yes; all of them, no.
A WinGet for all seasons
As you become familiar with WinGet, you’ll find it to be a terrific tool for helping keep Windows systems (and reference or canonical Windows images for automated deployments) up to date. It’s become my tool of choice for keeping apps updated because it’s fast and easy to use. Although I still use UpdateStar to scan my systems to tell me what needs updates and Patch My PC to handle a handful of things that WinGet can’t, WinGet remains my go-to tool to keep systems current. I use WinGet every day; the other tools weekly, at most.
If you try it for yourself, I believe you’re likely to continue using WinGet for the very same reasons. See Microsoft’s WinGet documentation for a complete list of commands and options.
One final note: If you know someone who could benefit from WinGet but isn’t comfortable using the command line, see this article by Chris Hoffman detailing how to use WingetUI, a package that wraps a graphical interface around WinGet.
This article was originally published in January 2023 and updated in December 2024.
President-elect Donald Trump has tapped Sriram Krishnan, a seasoned entrepreneur and former Andreessen Horowitz partner, as the Senior Policy Advisor for Artificial Intelligence within the White House Office of Science and Technology Policy.
Krishnan’s appointment signals a renewed focus on maintaining US leadership in AI innovation, alongside a push to reshape how AI interacts with industries and digital infrastructure.
On the surface, Android and privacy might not seem like the most natural of bedfellows. Google is known for its advertising business, after all — it’s how the company makes the lion’s share of its money — and it can be tough to square the notion of data collection with the concept of carefully controlled information.
In actuality, though, Google gives you a good amount of authority over how and when it taps into your Android-associated info. (And even at its worst, the company never shares your data with anyone or sells it to third parties, despite some broad misconceptions to the contrary.) Ultimately, it just comes down to a matter of educating yourself about the possibilities and then determining what balance of privacy and function makes the most sense for you.
And you’d better believe the onus falls squarely on you to do that. By default, most Google privacy valves are opened up to the max — to the setting that allows the most feature-rich and ad-supporting experience and that uses your data in the most free-flowing manner possible. That isn’t necessarily a bad thing, but it may or may not be what you want, particularly from a professional perspective. And navigating the layers of settings, not only with Google itself but also with the various third-party services that interact with your phone, is often easier said than done.
Well, consider this your guide to the labyrinth. I’ll take you through a series of 18 Android privacy adjustments, starting with the easiest and most broadly advisable tweaks and ending with higher-level tactics for the most privacy-minded users. Along the way I’ll explain what each setting accomplishes, how long it should take to implement, and how much inconvenience it’ll cause.
Make your way through the list and think thoroughly about each item’s pros and cons — and before you know it, you’ll have a deliberate Android privacy plan that’s less about defaults and more about your own preferences.
Section I: Easy Android privacy adjustments that are advisable for anyone
1. Uninstall unused apps
Time required: 2 minutes
Inconvenience level: 0/10
This first Android privacy step is a no-brainer and something everyone should do periodically: Look through all of the installed apps on your phone and remove anything you haven’t used in the past month or two (so long as it isn’t required by your IT department, of course!). Unused apps not only take a toll on your device’s resources; they also have the potential to leave open doors to sensitive info that’d be better off closed.
So open up your app drawer and mull over every icon you see there. If you haven’t used an app in a while, press and hold its icon and select “Uninstall” — or, if you don’t see that as an option, select “App info” and then find the Uninstall button. On certain Android versions, you might have to drag the app toward the top of the screen to access those same options; once you see them appear at the top of your display, drag the app up to that area and then release it.
With apps that came preinstalled on your phone out of the box, you may not always be able to uninstall but can often disable them — with the option to do so appearing either in that same long-press menu or within the aforementioned “App info” screen. That won’t get the app off your device entirely but will stop it from running and actively accessing any of your information.
2. Check on apps with access to your Google account
Time required: 2 minutes
Inconvenience level: 0/10
In addition to the phone-specific permissions, apps and services can request access to certain types of data within your Google account — things like your contacts, your Gmail messages, or even your Google Drive storage. Again, such access may be completely warranted and no cause for concern (and it’d be present only if you explicitly authorized it at some point), but once you’re no longer actively using the associated app, you don’t want to leave that pathway open.
Luckily, it’s an especially easy one to close — and another painless privacy step worth performing periodically. Just open up the Google account connections page and look over everything in the list. For any items you no longer use or don’t recognize, click their title and then click the “Delete all connections” option on the screen that comes up next.
Clamping down on third-party app access to your Google account is a simple way to secure forgotten pathways and strengthen your privacy.
JR Raphael / IDG
Click “Confirm” on the confirmation box that pops up after, then rest easy knowing that teensy crack into your data is closed up and patched over.
3. Revisit your Android app permissions
Time required: 5 minutes
Inconvenience level: 0/10
Now that we’ve taken care of apps you’re no longer using, let’s think about the ones you are still actively engaging with — because even those may have permissions you once granted but no longer require.
So open up the Security & Privacy section of your system settings and tap “Permission Manager.” Depending on your specific software and device, you might have to first tap a line that says “Privacy” or “Privacy controls” before you see it. (If you don’t see anything like that, try searching your system settings for the word permission to find the closest equivalent.)
Then, one by one, tap on each permission type in the list, look over the apps that have access to it, and consider whether each app’s access still strikes you as being necessary.
If you see something that seems questionable, tap the name of the app and then change its setting to “Deny.” There’s a chance the app will stop being able to perform one of its functions as a result, but at worst, it’ll prompt you to re-enable the permission at some future moment and you can then reconsider it.
And provided you’re using 2019’s Android 10 version or higher — and if you aren’t, you’ve got far bigger privacy problems to ponder! — pay extra attention to the “Location” section of permissions. As of that release, you can get more nuanced with that setting and allow an app to access to your location all the time or only when the app is actively in use, which gives you a lot more flexibility than the traditional all-or-nothing approach.
With 2020’s Android 11 version and higher, you can also grant apps access to your location, camera, and microphone only on a limited, single-session basis — meaning the permissions will expire and have to be requested anew each time, whenever you exit the app and move on to something else.
And with 2021’s Android 12 software and up, you can specify whether you want an app to have access to your precise location or only your approximate location, too.
Android lets you get incredibly granular about what data different apps can access, but it’s up to you to check up on it and make any necessary changes.
JR Raphael / IDG
For even more insight, look for the “Privacy dashboard” option within that same section of your system settings (or “Permissions used in last 24 hours,” for the closest equivalent in Samsung’s heavily modified version of the operating system). That’ll let you see exactly which apps have accessed different permission-requiring areas over the past 24 hours in a visual timeline view.
4. Put invisible app tracking on notice
Time required: 2 minutes
Inconvenience level: 1/10
Aside from their actual system-level permissions, apps on Android are able to track your activity in a variety of ways and then share that data elsewhere — provided they have access to the internet (which itself is a system-level permission).
Often, this is nothing nefarious. Lots of apps rely on these sorts of mechanisms to monitor performance and spot possible bugs, while others use technology considered “trackers” as part of the advertising that allows them to be monetized and continue offering you ongoing services for little to no ongoing expense.
Even so, you can take control of this type of tracking and make yourself aware of what, exactly, apps are doing in the background — and put a stop to it, if you want.
The key to making this happen comes in the unlikely-seeming spot of an Android web browser called DuckDuckGo. But you don’t need to do anything related to the actual browser function of the app to tap into it (though you certainly can, if you’d like!).
Instead, install the app, then open it up, make your way through its welcome screens, and once you see the main web browsing interface, tap the three-dot menu icon in the upper-right corner. Select “Settings,” then “App Tracking Protection.”
Flip the toggle at the top of the next screen into the on position, confirm that you want to activate the feature, and then keep an eye on your notifications.
There, DuckDuckGo will show you exactly what trackers it’s finding and blocking in apps on your device. You can also always see that same info by going back to that same settings screen within the browser.
DuckDuckGo’s App Tracking Protection feature gives you rare insight into — and control over — the typically-invisible ways apps track your activity.
JR Raphael / IDG
Now for the asterisk here: Since most of this activity isn’t actually anything to worry about, it’s possible that seeing this data will (a) cause you unnecessary stress and waste your time and (b) potentially cause some functions within apps to stop working properly — since DuckDuckGo is blocking mechanisms that may be crucial to an app’s operation.
But that same area of the browser’s settings make it easy to enable or disable the blocking on an app-by-app basis, so you can fine-tune and adjust things as you see fit.
Whether you ultimately decide to peek at the info for a while and then disable the feature or keep it running and blocking indefinitely, it’s a valuable bit of knowledge — and, optionally, power — to have.
5. Clamp down on your lock screen privacy
Time required: 1 minute
Inconvenience level: 1/10
By default, Android is typically set to show all of your notification content on your lock screen — and that means if someone else picks up your phone, they might see sensitive info without even having to put in a PIN, pattern, or passcode.
Change that by opening up the Display section of your phone’s settings, selecting “Lock screen,” then selecting “Privacy” and switching the setting to either “Show sensitive content only when unlocked” or “Don’t show notifications at all,” depending on your comfort level. (On a Samsung phone, you’ll instead open the Notifications section of the system settings and then tap “Lock screen notifications” to find a similar set of options.)
6. Opt out of Samsung’s data-sharing systems and consider avoiding its apps
Time required: 5 minutes
Inconvenience level: 1/10
If you have a Samsung phone, listen up: The company is quite possibly selling your data — not just using it internally and privately but outright selling it to third parties (and without being even remotely up-front about what’s going on).
As I’ve reported before, Samsung’s Galaxy phones have a disconcertingly intricate system for collecting different types of data from people who use its devices and then generating extra revenue by selling that data to other companies. And clearly, that’s not what you want to have happening.
So at the very least, opt of this obnoxiousness everywhere you can — most importantly by searching your system settings for customization service and then making sure the associated option is off everywhere it appears, including within the settings for the Samsung Calendar app, Samsung Clock app, Samsung Gallery app, and Samsung My Files app as well as within the “General management” settings and the settings for your Samsung account.
And if you really want to be proactive about your privacy, just ditch Samsung’s default apps altogether. You’ll get better all-around experiences by turning to other Android apps for those same purposes, anyhow, and you’ll have an easier time syncing or moving your data to non-Samsung devices now and in the future, too. And, y’know, you won’t be subjecting yourself to sneaky selling of your personal and/or company information with no discernible benefit to you.
Section II: Moderately advanced Android privacy modifications some people may want to perform
7. Turn off Google’s ad personalization system
Time required: 2 minutes
Inconvenience level: 2/10
Google makes its money by showing ads around the internet — that’s no secret. And it uses data about you to select ads that are, in theory, catered to your interests and more likely to be relevant to you. It never shares your data with advertisers, as mentioned at the top of this story, and all of the matching happens within Google and in a completely automated, machine-driven sense.
At the end of the day, you’re bound to see some of those ads no matter what you do — so there’s an argument that having the ads be catered to your interests at least creates the potential for them to be appealing as opposed to just random. But if you’d rather not have your data used for that purpose, you can turn the personalization system off.
Just head into the Google section of your system settings, tap your name and account name at the top, then tap “Manage your Google Account.”
Next, tap the Data & Privacy tab, scroll down to the “Personalized ads” section, and tap “My Ad Center” — then turn off the toggle at the top of the screen that comes up and confirm you want to make the change.
Google lets you opt out of its ad personalization system entirely, if you’re so inclined.
JR Raphael / IDG
If you’d rather take a more measured approach, you can also tap on any individual parts of your Google profile on that same screen to disable ad personalization based only on those specific variables — for instance, your gender, age, and marital status.
And one more thing to check: Make your way back to the Google settings menu where we started and tap your name and account name there one more time. If you see any additional Google accounts show up as options, be sure to tap them and follow the same steps we just went over for each subsequent account. Every Google account has its own separate settings, so you’ll have to make sure your ad personalization preferences are adjusted everywhere for them to become truly universal.
8. Reset or erase your Android advertising ID
Time required: 2 minutes
Inconvenience level: 2/10
As an alternate path to the full ad personalization opt-out, you can also now reset or erase something known as your “advertising ID” on Android.
That ID is a unique string of numbers specific to your phone that apps can use to identify you. They may not know your name or anything personal about you — unless you choose to share such info — but that advertising ID lets them learn about your interests and behaviors, even so, and then use that data to show you ads that are allegedly more likely to be up your alley.
When you reset or delete that ID, all of that data is lost — and apps have no way to connect your behavior to any consistent identifier associated with you. Again, just like with our last item, that doesn’t mean you won’t see ads within apps or around the web anymore. It just means those ads won’t be programmatically selected based on your ongoing activities and what those suggest about your interests.
Here, too, there’s some nuance available: If you reset the advertising ID, you’ll basically give yourself a fresh start and eliminate any data that’s been associated with your activity up until that moment. If you delete the ID, you’ll make it impossible for apps to identify you entirely (again, unless you choose to provide them with identifying info).
Either way, you can find the option by looking in the Security & Privacy section of your system settings, then tapping either “Privacy Controls” or “More Privacy Settings” followed by “Ads.” You’ll find both possible paths in that area, along with options to see and customize exactly which subject areas apps currently have associated with your ID, to see and customize if and how apps are able to use that data to control ads in other environments, and to opt in or out of allowing advertisers to request info that’d help them measure their ad performance over time.
Android’s advertising ID options are an untapped gold mine of privacy choices.
JR Raphael / IDG
9. Start using a VPN
Time required: 5 minutes
Inconvenience level: 2/10
If you’re using a company-connected phone, there’s a decent chance your employer is already providing you with a corporate VPN (virtual private network). But if not, it may be worth your while to set one up on your own.
A VPN, in short, keeps all the data you send and receive on your phone encrypted, private, and secure. Without it, someone could snoop on your connection and intercept sensitive info without your knowledge. (It’s an especially common concern when public Wi-Fi networks are involved.)
With widespread improvements to web security over the past several years, there’s now some debate as to whether a VPN is actually needed in most professional scenarios — especially outside of countries where authoritarian control over internet access is an issue.
Still, as long as you’re using a trustworthy and reputable provider, there’s certainly no harm in having that extra layer of protection in place. And if you’re working with sensitive company data in particular, there may be some significant benefits.
So where to begin? If you’re using a Google Pixel phone, you’ve got a VPN built right into your device and ready to roll without any expense. Just look for the “VPN” option within the Network & Internet section of your system settings, then tap the “VPN By Google” line to get it set up.
If you’re using a non-Pixel phone with the Google Fi wireless service, you also have access to a similar sort of built-in always-on VPN option. Like the Pixel VPN path, it’s free, secure, and as simple as can be to use. You can activate and manage it by tapping your name and then selecting “Privacy & security” within the Google Fi Android app. Look for the line labeled “Protect your online activity” to get started.
If you’re using any other phone and carrier, you’ll need to turn to a third-party provider to get that same sort of functionality. In its latest rankings, our sister publication, PCWorld, recommends ExpressVPN and NordVPN as its top two choices. Both have been consistently well-reviewed for years now.
Both are also minimal hassle once set up on your phone and shouldn’t change much about the way you work, but they do require an ongoing payment — roughly 13 bucks a month for either, with discounts available if you pay for a year or more up front — hence the inconvenience level score. But they’re absolutely more advisable to use than most free or dirt-cheap VPN options you’ll encounter, as those frequently mishandle data and stick you with unreasonably low usage limits in order to make up for their low costs.
10. Add extra encryption onto especially sensitive files
Time required: 3 minutes
Inconvenience level: 3/10
Give sensitive files on your phone an extra layer of encryption with Solid Explorer, which costs $3 after a two-week trial. The app lets you encrypt any file so it can be accessed only after your personal password or biometric authentication has been applied. That does mean you’ll have to unlock the file every time you want to view or share it, which can be mildly annoying — but depending on what type of material you have on your device, it might be worth it for the added peace of mind.
Solid Explorer lets you add an extra layer of encryption onto especially sensitive files.
JR Raphael / IDG
11. Find your Private and/or Safe Space
Time required: 3 minutes
Inconvenience level: 3/10
As of 2024’s Android 15 release, Android offers a native way to separate out sensitive apps and add in an extra layer of authentication to protect the information within them. The system also optionally allows you to hide those apps entirely and make ’em visible only after said authentication.
If your device is running Android 15 or higher, you can get started by searching your phone’s settings for Private Space and then selecting the “Private Space” option that shows up in the results.
Samsung devices also offer a similar feature called Secure Folder that’s available even on earlier Android builds. Search the system settings of any Galaxy gizmo for Secure Folder to find that.
And, no matter what type of Android device you’re carrying, you can find similar systems for keeping both files and photos out of sight and password-protected within the Google Files and Google Photos Android apps, respectively. Those systems don’t involve encryption, like our last measure, but they do make it far more unlikely for sensitive files and photos to be found in the first place — should anyone else ever have their hands on your device.
You can find ’em by looking for the “Safe Folder” tile on the Files app’s main screen and the “Locked” option at the bottom of the Photos app’s Collections tab.
12. Rethink your browser setup
Time required: 4 minutes
Inconvenience level: 4/10
Google’s Chrome Android browser has all sorts of impressive features, but many of them inherently require some manner of privacy tradeoff in order to work. For instance, you can easily find any page you visited on any device with a super-fast search — but in order for that to happen, Google has to maintain a cross-device record of every site you visit.
Only you can decide whether the conveniences outweigh the privacy tradeoffs, but if you want to make your Android web browsing as private as possible, Mozilla’s Firefox Focus app is hands-down the simplest, most minimal-effort way to make it happen.
Firefox Focus is designed at its core to provide an ephemeral, single-session-only sort of Android browsing experience: No history, cookies, or passwords are ever saved, and the app automatically blocks trackers and ads across the web. When you’re done with a page, you tap a trash can icon in the corner of the screen, and poof: It’s gone for good.
The app also offers a host of “enhanced tracking protection” features that make it incredibly easy to block scripts, cookies, and other forms of tracking, too. You can also configure it to require authentication every time you open it or switch to it from another app, in case you have a browsing session active and want to be sure no one else who holds your phone could possibly find it.
The downside, of course, is that there’s no syncing whatsoever — no ability to access or revisit your browsing history and also no way to find recently opened tabs from within the same browser on another device. Beyond that, aggressive blocking of cookies and other script-oriented elements on the web can often break websites and cause key functions to fail, without any obvious outward indication to you of what’s happening or why. (Believe me, I troubleshoot this stuff with people all the time!)
So if you’d rather stick with Chrome, there are things you can do to crank up its privacy protection and create a happy-medium of sorts for yourself. Start in the Sync section of the app’s settings, where you can scale down or even completely disable how different forms of your browsing data are shared with Google. Just remember that the more you disable, the more sacrifices you’ll make in terms of convenience — particularly when moving from your phone to your computer and maintaining a common collection of settings and history.
Firefox Focus and Chrome both offer a fair amount of privacy-related options, depending on which path you prefer.
JR Raphael / IDG
Other places to look include:
The app’s Google Services section, where you can stop Chrome from sending your browsing data back to Google for different reasons
The Search Engine section, where you can select any default search service you want
The Payment Methods section, where you can tell Chrome not to save or store any of your payment info
The Addresses and More section, where you can turn off Chrome’s on-by-default habit of saving your address and other such details and then offering to fill that in for you in the future
The Privacy and Security section, where you can control what info sites are allowed to see about you when serving you ads as well as prevent sites from detecting if you have payment info saved, opt out of having Chrome preload pages for faster browsing, and activate an option to lock any incognito tabs every time you exit the app
And the Site Settings section, where you can prevent all sites from accessing your location, camera, and microphone as well as control if and how cookies are allowed
13. Disable Android’s location history feature
Time required: 3 minutes
Inconvenience level: 4/10
By default, Google keeps track of everywhere you go with your Android phone in tow. That allows the software to proactively give you traffic and commute alerts for places you commonly visit and lets your phone make more intelligent suggestions based on your behavior — but it also, of course, gives Google quite the docket of data on your day-to-day whereabouts. (Again, the company doesn’t actually share that info with anyone but does use it to determine what ads are shown to you in certain places.)
If you want to turn off the system-level location tracking, open the Google section of your system settings, tap your name and account name at the top of the screen, then tap the Manage Your Google Account button. Next, tap the Data & Privacy tab and select “Location History” within the “History settings” section. (Note, too, that Google is in the midst of renaming this feature to “Timeline,” so the branding around it may change at some point before long.)
Tap the “Turn off” button on the screen that appears next and select either to turn the system off or turn it off and delete any activity that’s already been stored at the same time — and, either way you go, that’s it: Your phone won’t keep track of your treks anymore.
With a couple quick taps, you can stop Google from keeping track of your location — and optionally also eliminate all the existing data it’s stored.
JR Raphael / IDG
For a more nuanced option, look instead at the “Auto-delete” section directly beneath that button within the same Google account settings screen. There, you can instruct your phone to automatically delete all location data on a rolling three-month, 18-month, or 36-month basis — for a middle-ground possibility that’ll give you some of the standard location-oriented advantages without having quite as much data at play.
Here, too, by the way, settings are controlled on an account-by-account basis, so you’ll want to repeat this process as many times as needed for however many Google accounts you have associated with your device.
Section III: High-level Android privacy enhancements that won’t be for everyone
14. Ditch Gmail or Outlook for a more privacy-conscious email setup
Time required: 4 minutes
Inconvenience level: 6/10
If you’re really serious about privacy, ProtonMail is the inbox you want to use. ProtonMail applies end-to-end encryption to every message you send, which makes sure no one other than its intended recipient can ever set eyes on it. It’s a whole other level of protection from what you get with Gmail’s encryption or the encryption provided by most third-party mail servers.
The downside is that you have to either use a special ProtonMail.com address with the service or set up your own domain to work with ProtonMail’s servers — and anytime you’re emailing someone who isn’t a fellow ProtonMail user, you’ll have to encrypt your message with a password and a hint that they’ll then need in order to open it. That isn’t exactly easy, and it requires you to forfeit a fair amount of Gmail’s flexibility and power, but it does give you an awful lot of added privacy in return.
ProtonMail is free at its most basic level, which includes one address and 1GB of storage. If you need more storage or want any extra features — such as unlimited folders and labels and support for custom domains — you’ll have to subscribe to a paid plan, which starts at $48 a year for individuals or $84 per user per year for teams.
15. Encrypt your calls and messages
Time required: 4 minutes
Inconvenience level: 6/10
For full encryption on the calling and messaging front, Signal is the service you want. It adds end-to-end encryption only when you’re communicating with other Signal users, however — which severely limits its usefulness — and it doesn’t allow you to send and receive text messages from your computer, as most regular messaging apps now do.
Signal is free to use.
16. Consider other privacy-minded app alternatives
Time required: 4 minutes
Inconvenience level: 6/10
If you’re really concerned about maximizing your privacy, you don’t have to stop with swapping out your email, calling, and messaging tools. There’s a whole host of standard Android app alternatives — and also supplements — that offer extra privacy assurances at varying convenience-oriented costs.
These options won’t be right for everyone, and they require at times significant quality-of-life sacrifices compared to the standard Google equivalents. But if privacy is paramount, they’re well worth your while to weigh out.
17. Disable your Google Web & App Activity
Time required: 2 minutes
Inconvenience level: 7/10
By default, Google keeps track of what you do on the web and within its apps, whenever you’re signed into your account (as you generally are while using an Android device). It uses that info to serve up those targeted ads we keep coming back to, of course, but it also uses it to power personalization, results, and recommendations in places like Search, Maps, and also Google Assistant — in the places where that service is still active. Without it enabled, in fact, some of Assistant’s most useful commands won’t work — whether you’ve still got Assistant present on your phone or you’re interacting with it on other Assistant-connected devices.
If you want to disable that tracking, though, you can: Just head back to the Google section of your system settings, tap your name and Google account name once more, and then tap the Manage Your Google Account button followed by “Data & privacy.”
Find and tap “Web & App Activity,” then tap the Turn Off button and decide if you want to simply turn the system off or turn it off and simultaneously delete any already-collected data within it.
Once again, just like with the location history, you can also get more nuanced and instead ask Google to automatically delete this data on a rolling three-, 18-, or 36-month cycle. And you can specify certain areas of data that you do and don’t want included, too.
Deep within your Android device settings are all sorts of options for disabling or just scaling back the amount of activity Google stores about you.
JR Raphael / IDG
18. Disable your device backups
Time required: 2 minutes
Inconvenience level: 9/10
Last but not least, Android has the ability to back up your system data and then restore much of your system setup when the need arises. That’s a supremely handy option to have — but it invariably requires some of your information to be stored within Google Drive in order to work.
Specifically, Google maintains a record of what apps you have installed along with a limited amount of app setting data. It also stores your call history, phone settings, and in some cases your SMS messages for future use.
Disabling Android’s automatic backups will make your life significantly more difficult the next time you move to a new phone or reset your current phone, as everything from your previous setup will essentially be lost (or will need to be moved over manually, which is a pretty massive hassle).
If you’d rather reclaim the privacy required by this feature, however, you can turn the feature off by opening up the System section of your phone’s settings, tapping the Backup option, and flipping the toggle next to “Backup by Google One” into the off position.
On Samsung phones, the option is located within the Accounts and Backup section of the settings, under “Back up data” — beneath the “Google Drive” heading. Samsung also maintains its own separate and redundant backup system, which you’ll also see in this same settings section and can also disable, if you so choose.
As with any of these areas, only you can weigh out the added privacy against the lost convenience and figure out what arrangement makes the most sense for you. But now you know where to look — and you can make your own educated decisions.
This article was originally published in June 2020 and updated in December 2024.
Arm has lost a battle over licensing of its microprocessor designs to Qualcomm, ending doubt over the immediate future of some of the chip maker’s products.
The jury in the US District Court for the District of Delaware spent the week listening to arguments in the protracted and increasingly rancorous licensing dispute between Arm and Qualcomm over whether Qualcomm is properly licensed to use technology acquired when it bought startup Nuvia in 2021.
The verdict, delivered Friday, is hugely significant, not only for the parties involved but for the maze of other companies that have built their product development around their technology, however, the battle is not over yet. Although the jury found that Qualcomm did not breach Nuvia’s license with Arm, and Qualcomm’s chips using Nuvia technology are properly licensed, it could not agree on whether Nuvia had breached the terms of its license with Arm. That means there could potentially be yet another trial.
After the verdict was delivered, each company released a brief statement.
“We are pleased with today’s decision,” Qualcomm said in a press release. “The jury has vindicated Qualcomm’s right to innovate and affirmed that all the Qualcomm products at issue in the case are protected by Qualcomm’s contract with ARM. We will continue to develop performance-leading, world class products that benefit consumers worldwide, with our incredible Oryon ARM-compliant custom CPUs.”
But for Arm, the fight isn’t over.
“We are disappointed that the jury was unable to reach consensus across the claims,” an Arm spokesperson said in an email. “We intend to seek a retrial due to the jury’s deadlock. From the outset, our top priority has been to protect Arm’s IP and the unparalleled ecosystem we have built with our valued partners over more than 30 years. As always, we are committed to fostering innovation in our rapidly evolving market and serving our partners while advancing the future of computing.”
However, instead of a retrial, Judge Maryellen Noreika, who presided over the case, recommended that the two companies try to resolve their differences through mediation, reportedly noting that she doesn’t see either company having a clear victory if the case is retried.
It’s an extraordinary clash between companies that until as recently as 2021 seemed like firm allies.
The legal case started with Qualcomm’s 2021 acquisition of Nuvia, designer of the Phoenix datacenter chip, which used Arm’s v8.7-A instruction set. Under Qualcomm, the Phoenix was reinvented as the Oryon chip, the CPU core of a more general microprocessor used inside the company’s Snapdragon system-on-a-chip (SoC).
Importantly, the royalty that Qualcomm agreed to pay under its Architecture License Agreement (ALA) with Arm was lower than that of Nuvia. Qualcomm believed this more favorable deal should apply to Nuvia development going forward because most of its subsequent Snapdragon development was done after the acquisition.
Arm disagreed, and argued that Qualcomm should pay the rate agreed with Nuvia. According to court testimony by Arm CEO Rene Haas this week, the lower royalty would cause a drop in revenue of $50 million. Failing to reach an agreement with Qualcomm, the company decided to sue, the first time it has taken such action against a customer since its founding in 1990.
This is where things became a bit muddy. Why did Arm decide to sue over a relatively small sum, and why did Qualcomm refuse to concede? This week in court, a wide range of arguments and counter arguments were laid out, mostly saying that each company believed the other was trying to sabotage its business.
Make Qualcomm great again
As it attempts to diversify away from relying on mobile chips, Qualcomm’s Snapdragon SoC platform is seen as critical for its future. This, it hopes, will allow it to take on Intel and AMD in the general microprocessor market while integrating the new-fangled AI capabilities important to the PC sector.
In October, Arm cancelled Qualcomm’s license to the Nuvia ALA. It also demanded the destruction of Nuvia designs developed prior to the merger. Clearly, a verdict in favor of Arm would put Qualcomm in a tight corner, and also a who’s who of tech companies — Microsoft, Acer, Asus, Dell, HP, Lenovo, and Samsung — currently using Qualcomm’s Snapdragon designs.
This week, Qualcomm put forward an alternative view to explain Arm’s motivations. According to Qualcomm’s lawyers, Arm harbors ambitions to develop competing chips of its own, making it a direct competitor to Qualcomm. Evidence for this remains circumstantial, but to back this up Qualcomm claimed that Arm at one point misled it into disbanding its development team.
Stop being cheap
A difficulty for outsiders is untangling exactly what is really at issue and whether there’s more to this than meets the eye. According to Arm, it’s about licensing agreements and the fees that arise from them. It believes Qualcomm used its IP in Nuvia-originated IP and should pay what Nuvia agreed and stop being cheap.
Qualcomm’s argument seems to be that this is a shakedown. And yet there seem to be deeper currents. Perhaps they see each as competitors in the longer term, and the battle is competitive jockeying.
Notably, Qualcomm was a major opponent to Nvidia’s proposed 2021 takeover of Arm, abandoned in the face of regulatory hurdles, and even suggested investing in the UK company. For its part, Arm upset Qualcomm by contacting dozens of its customers to inform them of the termination of the Nuvia license. Each round of conflict deepened the antipathy.
It’s the sort of dispute that happens all the time in the tech industry, a sector built on patents and cross-licensing of IP. But what was highly unusual about this dispute is that it wasn’t resolved without going to court, a hugely risky situation for both parties should they lose.
On the surface, it has never been a battle of equals: Qualcomm’s annual revenue is 10 to 15 times that of Arm’s. That said, since Arm listed on the New York Stock Exchange, its value has soared, bringing its market capitalization much closer to that of the US company.
Arm is important for its size and Qualcomm is large and ambitious. Each would like the other’s crown. Both are angry. What’s not yet clear is whether the verdict of a Delaware courthouse, including outright victory, will deliver what either company wants.
Automattic CEO Matt Mullenweg on Friday announced a shutdown of almost all services on WordPress.org, the open source project site that’s the home of the software, plugins, and the WordPress community, but was unclear on when the shutdown would end.
This move sharply increases the uncertainty surrounding WordPress, which is the software that runs roughly a third of the top 10,000 web sites by traffic, IDC said.
“My sense is that many enterprise WordPress administrators will think twice about continuing to use the software under these circumstances,” said IDC Research Manager Michele Rosen. “It’s such a shame to watch a leader in the open source community repeatedly sabotage his own project.”
“At this point, I have real concerns about the impact of Matt Mullenweg’s words and actions on the overall image of open source software,” she added. “Even if he feels that WP Engine’s actions are unethical and the court is wrong, his actions are clearly having an impact on the WordPress ecosystem, including his own business. It seems self-destructive.”
To put this move into context, the shutdown only directly impacts WordPress.org, whereas most enterprises using Automattic’s WordPress are leveraging WordPress.com, the commercial hosting site. But given the ripple effects across all of WordPress, it is likely that enterprise users would also be impacted.
“The WordPress CMS is licensed under the GPL, so it is permanently available for free. However, a lot of WP’s value comes from themes and plugins,” Rosen said. “My understanding is that in some cases, the wordpress.org URL is hardcoded into WordPress, which can make it difficult or impossible to update your themes and plugins if they haven’t been added to the directory. It really depends on the particular website’s configuration.”
Hopes to restart ‘sometime in the new year’
The Mullenweg statement started off innocuously enough, saying that the WordPress.org team will take some time off for the holidays at the end of the year. But it turned unsettling when it raised the possibility that they may not reopen at all in 2025.
“In order to give myself and the many tired volunteers around WordPress.org a break for the holidays, we’re going to be pausing a few of the free services currently offered. New account registrations on WordPress.org — clarifying so press doesn’t confuse this: people can still make their own WordPress installs and accounts,” the statement said, adding that service pauses will also include “new plugin directory submissions, new plugin reviews, new theme directory submissions and new photo directory submissions. We’re going to leave things like localization and the forums open because these don’t require much moderation.”
But after mentioning his ongoing legal struggles with WP Engine, Mullenweg said “I hope to find the time, energy, and money to reopen all of this sometime in the new year. Right now, much of the time I would spend making WordPress better is being taken up defending against WP Engine’s legal attacks.”
Shutdown may hurt WordPress
Peter Zeitsev, the founder of Percona, an open source database software vendor, said that if the shutdown continues through all of 2025, “this will stifle the development of WordPress — no new user accounts, no new plugins published, etc. This could also spark the creation of an alternative hub to wordpress.org, one that would be truly operated in the interest of the [open source] community.”
Zeitsev said that he fears that there will be meaningful enterprise impacts if the shutdown continues. “Many WordPress users do not really interact with WordPress.org at all, but some commercial enterprise users can also rely on WordPress.org functionality, and they can be impacted,” he said.
Asked how this move will help WordPress.org, Zeitsev thinks it likely won’t, and that it might end up hurting them.
“It might be that [Mullenweg] thinks there will be public/community pressure on WP Engine and the court to take his side, but I feel it will be seen as the opposite. Matt has been a wonderful steward of the WordPress community for so long, so governance and ownership of WordPress.org were not thought about,” Zeitsev said.
“Now things have changed, and commercial and community players in the WordPress space will be thinking about how much authority Matt personally has, and whether or not they can trust him to operate the ecosystem they invested so much in, in a way that reflects its interest.”
Arm is waiting to see if it has won a battle over licensing of its microprocessor designs to Qualcomm that has cast doubt over the immediate future of some of the chip maker’s products.
The jury in the US District Court for the District of Delaware spent the week listening to arguments in the protracted and increasingly rancorous licensing dispute between Arm and Qualcomm and all that’s left is to hear their verdict.
The verdict, expected on Friday, could be hugely significant, not only for the parties involved but for the maze of other companies that have built their product development around their technology.
It’s an extraordinary clash between companies that until as recently as 2021 seemed like firm allies.
The legal case started with Qualcomm’s 2021 acquisition of Nuvia, designer of the Phoenix datacenter chip, which used Arm’s v8.7-A instruction set. Under Qualcomm, the Phoenix was reinvented as the Oryon chip, the CPU core of a more general microprocessor used inside the company’s Snapdragon system-on-a-chip (SoC).
Importantly, the royalty that Qualcomm agreed to pay under its Architecture License Agreement (ALA) with Arm was lower than that of Nuvia. Qualcomm believed this more favorable deal should apply to Nuvia development going forward because most of its subsequent Snapdragon development was done after the acquisition.
Arm disagreed and argued that Qualcomm should pay the rate agreed with Nuvia. According to court testimony by Arm CEO Rene Haas this week, the lower royalty would cause a drop in revenue of $50 million. Failing to reach an agreement with Qualcomm, the company decided to sue, the first time it has taken such action against a customer since its founding in 1990.
This is where things became a bit muddy. Why did Arm decide to sue over a relatively small sum, and why did Qualcomm refuse to concede? This week in court a wide range of arguments and counter arguments were laid out, mostly that each company believed the other was trying to sabotage its business.
Make Qualcomm great again
As it attempts to diversify away from relying on mobile chips, Qualcomm’s Snapdragon SoC platform is seen as critical for its future. This, it hopes, will allow it to take on Intel and AMD in the general microprocessor market while integrating the new-fangled AI capabilities important to the PC sector.
In October, Arm cancelled Qualcomm’s license to the Nuvia ALA. It also demanded the destruction of Nuvia designs developed prior to the merger. Clearly, a verdict in favor of Arm would put Qualcomm in a tight corner, and also a who’s who of tech companies — Microsoft, Acer, Asus, Dell, HP, Lenovo, and Samsung — currently using Qualcomm’s Snapdragon designs.
This week, Qualcomm put forward an alternative view to explain Arm’s motivations. According to Qualcomm’s lawyers, Arm harbors ambitions to develop competing chips of its own, making it a direct competitor to Qualcomm. Evidence for this remains circumstantial, but to back this up Qualcomm claimed that Arm at one point misled it into disbanding its development team.
Stop being cheap
A difficulty for outsiders is untangling exactly what is really at issue and whether there’s more to this than meets the eye. According to Arm it’s about licensing agreements and the fees that arise from them. It believes Qualcomm used its IP in Nuvia-originated IP and should pay what Nuvia agreed and stop being cheap.
Qualcomm’s argument seems to be that this is a shakedown. And yet there seem to be deeper currents. Perhaps they see each as competitors in the longer term, and the battle is competitive jockeying.
Notably, Qualcomm was a major opponent to Nvidia’s proposed 2021 takeover of Arm, abandoned in the face of regulatory hurdles, and even suggested investing in the UK company. For its part, Arm upset Qualcomm by contacting dozens of its customers to inform them of the termination of the Nuvia license. Each round of conflict deepened the antipathy.
It’s the sort of dispute that happens all the time in the tech industry, a sector built on patents and cross-licensing of IP. But what was highly unusual about this dispute is that it wasn’t resolved without going to court, a hugely risky situation for both parties should they lose.
On the surface, it has never been a battle of equals: Qualcomm’s annual revenue is 10 to 15 times that of Arm’s. That said, since Arm listed on the New York Stock Exchange, its value has soared, bringing its market capitalization much closer to that of the US company.
Arm is important for its size and Qualcomm is large and ambitious. Each would like the other’s crown. Both are angry. What’s not yet clear is whether the verdict of a Delaware courthouse, including outright victory, will deliver what either company wants.
Apple has had a busy year in enterprise tech. Apple Intelligence, spatial computing, the war to protect the user experience against excessive regulation, security, privacy and continued improvements to Apple Silicon and valuable OS improvements for enterprise deployment have occupied much of its time. With this in mind, it’s a good time to speak with Apple device management and security leaders from Jamf, Kandji, Jumpcloud, and Fleet to find out what mattered most in 2024, and what they expect in 2025.
Fleet: Crowdstrike was important — to Apple
I spoke with Fleet CEO Mike McNeil. Fleet is an open-source MDM provider that now supports iPhones, iPads, Macs, Windows, and Linux devices.
In 2024, what were the three most important Apple-related moments for enterprise users?
“One of the most significant Apple-related events occurred despite not directly affecting Apple itself. This was the CrowdStrike out(r)age.”
“Apple’s ongoing innovation with VisionOS not only challenges businesses to think creatively and find innovative ways to work but also enhances accessibility in the workforce.
“Apple’s first release of AI capabilities, allowing users to access them without privacy violations or security issues, is a pretty significant milestone. It’s like the promise of Siri is finally coming true.”
Looking ahead to 2025, what do you expect will be the biggest concern(s)/challenge(s) for Apple in the enterprise? “As more organizations enroll more personal devices and BYOD programs, the attack surface for adversaries expands significantly — meaning, if you manage to pop one employee’s phone, you can now access whatever they could on their phone,” McNeil said. “Consequently, people who manage devices need to invest more in preventing both traditional malware-based attacks and sophisticated social engineering tactics.”
What do you think enterprise users most need from Apple that it does not yet provide? “A comprehensive and robust declarative management framework that enables devices to maintain a known good state irrespective of their network connectivity or environmental conditions.
“Apple would be very well served by investing more in getting people to adopt existing features rather than adding more product managers and names for slight variations of the same things.”
How do you see the future of Apple in business across the next 12 months? “Apple is such an amazing company. We are only going to see more and more Macs in the enterprise this year, as user choice programs and Bring Your Own Device (BYOD) programs evolve and become the standard practice rather than an exception. With Managed Apple IDs catching on, we’ll see more secondary computing devices like Apple Watch and Apple Vision Pro in enterprise environments.
In 2024, what were the three most important Apple-related moments for enterprise users?
“The introduction of Apple Intelligence — not so much in the sense that it will change the world, although it might, but more so in how it’s challenging Enterprise IT departments on how to respond to a new way of doing AI. With Apple’s use of on-device and Private Cloud Compute processing, a new dimension has been added to thinking about how to engage with AI with sensitive data.
“Changes to how Managed Apple Accounts, formerly known as Managed Apple IDs, are created and used. Beyond a name change, MAAs have become a lot more functional to the point where most enterprises should be able to start using them. With the introduction of OpenID Connect Federation (OIDC) and System for Cross-Domain Identity Management (SCIM) flows to Apple Business Manager — and giving organizations a lot more control over how MAAs are created in the first place — I expect adoption of Apple accounts to go up significantly. There’s still more work to be done, and organizations will still get annoyed by some of Apple’s insistence on being Apple, but most IT departments will be able to make good use of the changes today.
“While this one isn’t entirely of Apple’s making, they are certainly championing the use of passkeys across the board. The speed at which passkeys have taken over OTP and push as MFA or as full on authentication has been astonishing. If you’ve never used a passkey on your iPhone to sign in to a website on your PC, you should run, not walk, to experience that. It’s a simple thing, using a QR code with some Bluetooth help, but the security underlying all of this and the general ease of use of the process is astounding.”
Looking ahead to 2025, what do you expect will be the biggest concern(s)/challenge(s) for Apple in the enterprise? “While there are a number of global threats and other issues that impact Apple as much as other vendors, the biggest challenge for Apple in the enterprise is Apple itself. This is the same as it has been since Apple started making inroads into enterprise with the original iPhone. The aspects that make Apple great in the consumer space are many times inherently at odds with what enterprises are looking for, and in most cases Apple refuses to compromise on aspects like user privacy and experience.
“I don’t expect Apple to change much here. As it continues to expand its enterprise offering, customers will consistently ask for…even more controls and abilities to take away from the experience end users expect from Apple products.”
What do you think enterprise users most need from Apple that it does not yet provide? “Apple has made real strides with their Platform SSO functionality. However, it still doesn’t do the most basic function that enterprises are asking for, which is the automatic creation of the first new user on the system. Instead, customers still have to cobble together a combination of a number solutions to achieve this. It’s clear that Apple was intending PSSO for a different set of problems — the establishment of a SSO session from a user login — but customers still need this functionality.”
“[Users also need] a consistent method to enforce system updates. Apple keeps almost getting this right, but then missing something important. While Declarative Device Management can help, there’s still a lot of consistency in the process that’s lacking. This is a serious miss for Apple as they control the entire chain here.”
How do you see the future of Apple in business across the next 12 months? “Apple will do fine. With the recent refresh of almost their entire hardware lineup to the M4 and consistent improvements to the software, Apple will continue to grow incrementally in the enterprise space. Mobile will still be the biggest reason that enterprises need to ensure they understand what Apple is doing, but solving for mobile pretty much ensures a good experience for any Mac users.
“Apple devices will continue to be at the upper end of the hardware quality spectrum and the MacBook Air will become even more attractive with the M4 chip and the price points staying low. The Apple Vision Pro won’t break out into the mainstream in 2025, but Apple will continue to refine, and some developers will continue to work with it as they look for a compelling reason to make VR/AR more commonplace.”
Kandji: Device management, spatial computing, and AI
Weldon Dodd, senior vice president of global partnerships at Kandji made four substantial predictions for the coming year, supplementing his expectations around enterprise deployment of Apple-supporting AI from earlier in 2024.
Hybrid work will drive innovation in device management: “The hybrid work model will hit a tipping point, as employers push for more in-office presence while employees increasingly demand flexibility. This growing divide will catalyze innovation in device management. Many companies have already invested in streamlining onboarding and remote support, but now the challenge will be adapting those systems to also serve in-office environments. The key will be prioritizing automation and efficiency, which reduces the need for manual fixes and enhances the user experience across all work settings. As businesses navigate this tension, the future of device management will focus on creating seamless and flexible solutions that balance both employee autonomy and the need for in-person collaboration.”
Spatial computing becomes (more) mainstream: “Apple Vision Pro will continue to evolve in 2025, becoming the more accessible productivity-focused tool that Apple has always wanted. Apple is expected to make the device more affordable, widening its appeal to consumers, while also maintaining its strength in workspaces — especially with the recent software updates that allow for ultra-wide displays and seamless Mac integration.
“This shift could change how consumers interact with their devices, bringing spatial computing closer to the mainstream. In addition, rumors of a new Siri-powered ‘kitchen device’ suggest Apple aspires to make daily life even more convenient with smart, hands-free solutions that leverage the growing capabilities of Apple Intelligence. Together, these innovations will drive deeper integration of Apple’s ecosystem across both personal and professional spaces.”
Businesses will use proprietary LLMs and RAG to unlock their own data: “We are going to see a big shift as businesses start using Retrieval-Augmented Generation (RAG) and LLMs with their corporate data. Rather than relying solely on third-party models like OpenAI, companies will begin asking these models more specific questions about their business, such as, ‘Is there anomalous behavior happening on this device we manage,’ or ‘What does this data tell me about our device management security?’
“By connecting LLMs with internal data, businesses will be able to get answers that aren’t just based on general world knowledge, but are much more tailored to their needs. As companies make this move, they’ll also need to pay close attention to data governance and privacy, especially as regulations like GDPR implement stricter guidelines regarding the handling of customer data. If done right, this approach could unlock valuable insights, but businesses must balance the power of AI with well-established data practices to keep afloat.”
Apple’s M4 Chip will enable on-device AI: “Apple’s M4 chip will make on-device AI the new standard, enabling more AI processing to happen directly on devices rather than relying on the cloud. For consumers, this shift means faster, more personalized experiences with greater privacy. This is because less data will need to be shared or stored remotely. For businesses, the impact could be substantial, particularly related to Apple-managed accounts, making it easier to deliver tailored services.
“And for the business user that requires top level speed and performance — think video editing, software deployment or AI development using LLMs — the M4 is going to be untouchable by the competition.”
What Jamf sees coming…
A veteran of the Apple device management space, Jamf also focused on AI and the part it will play in the coming year. The company recently introduced a host of new tools for Apple device management and deployment.
“With generative AI quickly becoming a pervasive fixture in the technology landscape, businesses are reacting with catch-all policies to restrict usage and control how sensitive information and intellectual property flows outside the organization’s data protection boundary,” said Michael Covington, vice president of portfolio strategy. “For many, this means blanket policies forbidding the use of AI until reviewed by an oversight board.
“While oversight is good, it can significantly delay the adoption of useful tools if the process is not streamlined to allow for timely decision-making. The recent release of Apple Intelligence serves as a good case study on how ‘AI’ keywords can trigger restrictive business policies, despite an implementation that keeps private data on-device and includes controls to govern the use of third-party AI models.
“In order to enable business leaders to more effectively cope with the onslaught of ‘AI-enabled’ tools — and to minimize an oversight bottleneck — the industry will need to develop a set of foundational rubrics to guide in more timely assessments of AI technologies. As a result, I predict we will see a renewed focus on data classification labels, a better understanding of AI processing locations, and a demand for confidentiality assertions from vendors as private data traverses their infrastructure.
“As the industry transitions to an application-driven phase of AI, it is imperative that organizations be equipped to make thoughtful and timely decisions about how the technology can be used responsibly to drive business objectives.”
“As genAI becomes demystified, the true effectiveness and value of solutions for enterprises will become clearer,” said Jamf CIO Linh Lam. “(Many) companies quickly entered the genAI market over the past year or two. It’s a crowded space that can easily overwhelm even leaders of technology companies who are looking to select the right genAI solution for their businesses. In 2025, while the hype cycle will continue to evolve, we’ll see the more effective solutions surface and more customers focusing on solutions that bring the most real value to their businesses.
“As with any ‘hot new tech’ on the block, the buzz around this latest emerging technology will start to calm, and we’ll start to see genAI mature. We’ll start to see what value these tools can provide for businesses, and which perform better than the others. It’s going to be a year of cutting through the noise, and those who can break through that will be the companies that stick around for years to come.”
Behind the responses from genAI models are testers who evaluate those answers for accuracy, but a report released this week casts doubt on the process.
According to a story published on Wednesday, contractors working on Google Gemini are now being directed to evaluate AI prompts and responses in areas in which they have no background, rather than being allowed to skip them as before.
This flies in the face of the “Building responsibly” section of the Gemini 2.0 announcement, which said, “As we develop these new technologies, we recognize the responsibility it entails, and the many questions AI agents open up for safety and security. That is why we are taking an exploratory and gradual approach to development, conducting research on multiple prototypes, iteratively implementing safety training, working with trusted testers and external experts and performing extensive risk assessments and safety and assurance evaluations.”
Mismatch raises questions
According to TechCrunch, “a new internal guideline passed down from Google to contractors working on Gemini has led to concerns that Gemini could be more prone to spouting out inaccurate information on highly sensitive topics, like healthcare, to regular people.”
It said that the new guideline reads: “You should not skip prompts that require specialized domain knowledge.” Contractors are instead instructed to rate the parts they understand and add a note that they lack the necessary domain knowledge for the rest.
And a blog that appeared on Artificial Intelligence+ on Thursday noted that, while “contractors hired by Google to support Gemini are key players in the evaluation process … one of the challenges is that [they] are often required to evaluate responses that might lie outside their own areas of expertise. For instance, while some may come from technical backgrounds, the AI can produce outputs related to literature, finance, healthcare, or even scientific research.”
It said, “this mismatch raises questions about how effectively human oversight can serve in validating AI-generated content across diverse fields.”
However, Google pointed out in a later statement to TechCrunch that the “raters” don’t only review content, they “provide valuable feedback on style, format, and other factors.”
‘Hidden component’ of genAI
When organizations are looking to leverage an AI model, it is important to reflect on responsible AI principles, Thomas Randall, research lead at Info-Tech Research Group said Thursday.
He said that there is “a hidden component to the generative AI market landscape: companies that fall under the guise of ‘reinforcement learning from human feedback (RLHF)’. These companies, such as Appen, Scale AI, and Clickworker, rely on a gig economy of millions of crowd workers for data production and training the AI algorithms that we find with OpenAI, Anthropic, Google, and others. RLHF companies pose issues for fair labor practices, and are scored poorly by Fairwork.”
Last year, Fairwork, which defines itself as an “action-research project that aims to shed light on how technological changes affect working conditions around the world,” released a set of AI principles that, it said, “assess the working conditions behind the development and deployment of AI systems in the context of an employment relation.”
There is, it stated at the time, “nothing ‘artificial’ about the immense amount of human labor that builds, supports, and maintains AI products and services. Many workers interact with AI systems in the workplace, and many others perform the critical data work that underpins the development of AI systems.”
Questions to ask
The executive branch of an organization looking to leverage an AI model, said Randall, needs to ask itself an assortment of questions such as “does the AI model you’re using rely on or use an RLHF company? If so, was the crowd worker pool diverse enough and provided sufficient expertise? How opaque was the training process for the models you are using? Can you trace data production? If the AI vendor does not know the answers to these questions, the organization needs to be prepared to take on accountability for any outputs the AI models provide.”
Paul Smith-Goodson, VP and principal analyst at Moor Insights & Strategy, added that it is vitally important that Retrieval Augmented Generation (RAG) be implemented, “because AI models do hallucinate and it is one way to make sure that language models are putting out the right information.”
He echoed Rick Villars, IDC group vice president of worldwide research, who earlier this year said, “more and more the solutions around RAG — and enabling people to use that more effectively — are going to focus on tying into the right data that has business value, as opposed to just the raw productivity improvements.”
A ‘corrosive effect’ on workers
Ryan Clarkson, managing partner at the Clarkson Law Firm, based in Malibu, California, said that the rapid growth of generative AI as a business has had corrosive effects on tech workers around the world.
For example, last week, workers filed a class action lawsuit through his firm against AI data processing company Scale AI, whose services include providing the human labor to label the data used in training AI models and in shaping their responses to queries.
The Scale AI lawsuit alleges poor working conditions and exploitive behavior by Scale, also saying that workers responsible for generating much of its product were mischaracterized by the company as independent contractors instead of employees.
