The deep link we chose over the feature iOS would never let us build

What we wanted to do (and couldn't)

The obvious feature, if iOS allowed it, would be a button inside Guard that silently revokes permissions for you. One tap. Done. No Settings app. No friction. The user taps 'remove location access from Maps' and it happens instantly, right there in our interface.

It sounds better. It feels better. It's the feature every privacy tool would want to offer.

But iOS doesn't work that way. Apple's sandbox is deliberate: third-party apps cannot programmatically alter another app's permissions. You cannot revoke on behalf of the user, even if the user explicitly asks you to. Even if the user has explicitly granted Guard permission to do so. The operating system simply will not allow it.

We spent an afternoon exploring workarounds. There are none. This isn't a bug or an oversight. It's architecture.

The conversation that mattered

After we accepted the constraint, I called a designer and our iOS lead to a quick huddle. One of them said something I've carried with me: 'If we can't do the action, we can make the destination frictionless.'

That sentence pivoted our design. Instead of pretending we could offer something iOS forbids, we'd build something honest. We'd show you exactly which permissions were risky, and when you decided to revoke them, we'd send you directly to Settings with a deep link that lands you on the exact permission screen you need to change. No hunting through menus. No 'go to Settings, then Privacy, then Location, then scroll down to find the app.' One link. One tap. You're there.

The difference sounds small until you experience it. Most privacy tools tell you to go fiddle with Settings yourself. They point you vaguely in the direction. Guard shows you the problem, then walks you to the door.

Why this matters more than it looks

Here's what we learned: the deep link is not a compromise. It's the smarter choice because it treats the user as the one in control, not the app.

When you tap that link and land in iOS Settings, Apple shows you exactly what that app can access. You see the real state of your phone. You make the decision yourself. Guard doesn't have special powers or hidden backdoor access. We're not claiming to audit what Facebook is 'really' doing behind the scenes. We show you what iOS permits, and you take it from there.

That honesty matters. Especially when we're talking about privacy.

In the first few weeks after launch, users kept saying the same thing in feedback: 'I didn't realise I could do that so quickly.' They expected friction. They expected Settings to be buried and confusing. Instead, they tapped a link and boom, they were revoking unnecessary permissions in seconds. One user, a parent, told us she went through her daughter's phone and fixed six apps in under two minutes using the deep links. She said it was the first time she'd ever actually managed permissions, because the friction had finally dropped away.

What the deep link tells us about design

Constraints are design opportunities if you stop seeing them as obstacles. iOS won't let us be the gatekeeper. Fine. We become the guide instead. You remain the gatekeeper. You make the call.

That shift in philosophy cascaded into every other choice we made. The Permission Dashboard shows 12 common apps by default because we're honest about our limits. We're not claiming to scan everything on your phone. We show you the apps most people have, the apps most likely to request permissions they don't need, and we explain what each permission means. Then we link you to fix it.

Personal Pro adds real-time alerts when an app requests or gains a new permission so you're never caught off guard. The clipboard safety check flags when an app reads from your clipboard. The data exposure profile shows you a breakdown of what you've let each app access. All of it leads back to the same principle: we inform and link, we don't intercept and override.

It's a gentler kind of powerful.

The question we still sit with

Sometimes I wonder if we got lucky. If iOS had allowed third-party apps to revoke permissions, Guard would probably be a different product. Likely worse, I think. We'd have buried the user's agency under a layer of 'let us fix it for you' and missed the real insight: most iPhone users know almost nothing about what they've granted, and once they see it clearly, they want to fix it themselves.

The constraint forced us to build a product that respects that agency instead of replacing it.