How to Revoke Access from Untrusted Apps on iPhone

Installed an app you’re not sure about? Think a sideloaded app may have been given too many permissions? Noticed an app behaving strangely? This guide walks you through every method for revoking access from untrusted apps on your iPhone — from removing individual permissions to completely wiping an app’s presence and any certificates it used.

Level 1: Revoking App Permissions

The first and least disruptive step is revoking specific permissions from an app while keeping it installed. iOS lets you fine-tune exactly what each app can access.

Method A: Through the App’s Settings Page

1. Open Settings
2. Scroll down to find the app in question (apps are listed after the main system sections)
3. Tap the app name
4. You’ll see toggles for each permission the app has requested: Location, Contacts, Microphone, Camera, etc.
5. Toggle off any permissions you want to revoke

Method B: Through Privacy Settings (by Permission Category)

1. Settings → Privacy & Security
2. Tap the permission category (e.g., “Location Services,” “Microphone,” “Contacts”)
3. You’ll see a list of all apps that have requested that permission
4. Tap the app and change its access level to None or Never

This method is useful when you want to audit all apps that have a specific sensitive permission in one view.

Level 2: Deleting the App

If you want to remove the app entirely:

Standard App Deletion

1. Long-press the app icon on your Home Screen
2. Tap “Remove App”
3. Select “Delete App” to confirm

Or via Settings: Settings → General → iPhone Storage → find the app → Delete App.

When you delete an app, its permission settings are also removed. However, some apps leave behind data in iCloud or on Apple’s servers — see Level 4 for that.

Level 3: Revoking Certificate Trust

If the app was installed via an enterprise certificate, deleting the app doesn’t revoke the certificate. Other apps signed with the same certificate remain trusted on your device. If you’re concerned about the certificate itself, you need to explicitly revoke it.

How to Revoke Certificate Trust

1. Settings → General → VPN & Device Management
2. Under “Enterprise App,” you’ll see any enterprise certificates you’ve trusted
3. Tap the certificate you want to revoke
4. Tap “Delete App” or “Revoke Trust” (wording varies by iOS version)
5. Confirm — all apps signed with this certificate will immediately stop working

This is important to do if you suspect the entire signing entity is compromised, not just one specific app.

Level 4: Removing App Data from iCloud

Deleting an app from your device may leave data stored in iCloud. To remove it:

1. Settings → [Your Name] → iCloud → Manage Account Storage
2. Find the app in the list of apps using iCloud storage
3. Tap it and select “Delete Data from iCloud”

Note: Not all sideloaded apps can use iCloud — only apps signed with your personal Apple ID can access iCloud storage. Apps installed via enterprise certificates typically don’t have iCloud access.

Level 5: Checking for Configuration Profiles

Some malicious or questionable apps install configuration profiles that can have broad effects on your device — including traffic interception, certificate trust expansion, or device management capabilities.

How to Find and Remove Profiles

1. Settings → General → VPN & Device Management
2. Look under “Configuration Profile” — any installed profiles will be listed here
3. For each profile you don’t recognize or no longer want, tap it and select Remove Profile
4. If prompted, enter your passcode

If you find a configuration profile you don’t remember installing, this is a serious red flag. Profiles can modify DNS settings, install root certificates (allowing traffic interception), or restrict device functionality. Remove unknown profiles immediately.

Level 6: Checking Screen Time and Parental Controls

Some apps attempt to use Screen Time APIs for tracking or restrictions. Review Screen Time settings to ensure no unwanted restrictions have been enabled: Settings → Screen Time.

After Removing Suspicious Apps: Additional Steps

If you’ve removed an app because you genuinely suspect it was malicious, take these additional steps:

• Change passwords: For any accounts you accessed while the suspicious app was installed
• Enable two-factor authentication: On all important accounts if not already enabled
• Review recent account activity: Check your email, banking, and social media accounts for unauthorized access
• Review recently installed apps: If one suspicious app got in, others might have too

Factory Reset as a Last Resort

If you believe your device has been seriously compromised, a factory reset (Settings → General → Transfer or Reset iPhone → Erase All Content and Settings) will remove everything and restore iOS to a clean state. This is rarely necessary but is the nuclear option if other measures aren’t sufficient.

Before resetting, back up your important data to a trusted backup source. When restoring after a reset, restore only your data — not app backups from the suspected compromised period.

Prevention Going Forward

The best approach is preventing untrusted apps from getting installed in the first place. Using a curated sideloading tool significantly reduces your risk. See our guide on understanding app permissions and scanning IPA files before installation for proactive protection strategies.

Start safe, stay safe — Scarlet iOS is built with community trust and security as foundational values.