How to Allow Untrusted Shortcuts (and find trusted Shortcuts creators)

Siri Shortcuts (Image credit: Joseph Keller / iMore)

One of the first things you'll run into when looking up Siri Shortcuts online is that you're not "allowed" to download them right away — Apple puts up a confusing error dialog.

This article covers how to find the toggle to Allow Untrusted Shortcuts, how Apple is trying to protect your privacy with shortcuts, and what's important to know about Siri Shortcuts shared through iCloud.

Finding the toggle for Allow Untrusted Shortcuts

When you find an iCloud link for a shortcut—like one of the 25 example shortcuts I've shared in my Shortcuts Catalog on my website—you'll get the following message:

"You can't add this shortcut because your Shortcuts security settings prevent it. Go to Settings and allow it".

Cropped screenshot showing error message (full text in article). (Image credit: iMore)

Somewhat unhelpfully, there's no option to take you directly to the setting or further explanation of what that message means — it sounds like you accidentally changed something on your own, not that this a default setting.

Finding Shortcuts' settings

Instead, you'll have to find the Shortcuts security settings yourself — here's how:

Go into the Settings app
Navigate to the main group of Apple apps
Tap into the category for Shortcuts

Screenshot showing step 1 of finding the Allow Untrusted Shortcuts toggle: Opening the Settings app. (Image credit: iMore)

Screenshot showing step 2 of finding the Allow Untrusted Shortcuts toggle: navigating to the Shortcuts category. (Image credit: iMore)

Screenshot showing step 3 of finding the Allow Untrusted Shortcuts toggle: opening into the Shortcuts settings to see the toggle. (Image credit: iMore)

Source: iMore

From there, you'll find the security setting — but it's also disabled by default if you haven't run any shortcuts yet.

In order to enable it, you'll have to:

Create your own shortcut or find one from the Gallery.
Run the shortcut by pressing the Play icon in the bottom right.
Go back into Settings > Shortcuts again (see above if needed).

Screenshot of the Shortcuts gallery showing the rotating banners and Automation Suggestions at the top. (Image credit: iMore)

Screenshot showing example shortcut from Gallery with the Run button shown as a Play icon in the bottom right corner. (Image credit: iMore)

Screenshot showing Settings app and navigating to the Shortcuts category. — Screenshot showing step 2 of finding the Allow Untrusted Shortcuts toggle: navigating to the Shortcuts category. (Image credit: iMore)

Source: iMore

From there, to fully allow untrusted shortcuts, you can:

Flip the "Allow Untrusted Shortcuts" toggle on.
Confirm the dialog after reading Apple's message.
Enter your pin code to confirm the setting.

Screenshot showing the Shortcuts setting page with Allow Untrusted Shortcuts toggled on. (Image credit: iMore)

Screenshot showing warning message "Allow Untrusted Shortcuts? Apple does not review Shortcuts outside the Gallery. Running shortcuts from untrusted shortcuts sources can put your personal data at risk." with options for Don't Allow and Allow. — Screenshot showing warning message "Allow Untrusted Shortcuts? Apple does not review Shortcuts outside the Gallery. Running shortcuts from untrusted shortcuts sources can put your personal data at ris (Image credit: iMore)

Screenshot showing step after tapping "Allow" for the user to enter in their passcode. (Image credit: iMore)

Source: iMore

You also might want to check out the privacy policy to understand what this all truly means — but in short, Apple doesn't actually review every shared shortcut.

Screenshot showing Shortcuts settings with "About Shortcuts Sharing & Privacy" highlighted and expanding under a tap-and-hold gesture. (Image credit: iMore)

Screenshot showing the first half of the Shortcuts Sharing & Privacy Policy sub-page. (Image credit: iMore)

Screenshot showing the second half of the Shortcuts Sharing & Privacy Policy sub-page. (Image credit: iMore)

Source: iMore

Unlike the App Store, with its whole review process that guarantees that apps are trusted sources and won't do anything unexpected, the Shortcuts app allows anyone to build custom Siri Shortcuts and share them on the web using just a link.

And technically, Shortcuts does have actions like Find Contacts or Calendar Events, and actions like Get Contents of URL, which includes fancy ways to upload data to websites — in theory, a bad actor could try to get you to run a shortcut that uploads your personal information.

But that's why Apple is making this a very intentional process — they don't make it overly easy for someone to randomly find a shortcut link, jump into Settings, and run the shortcut without realizing what's going on.

Adding the shortcut

Once you have allowed untrusted shortcuts and open your shortcut link, you'll then be taken into the Gallery view to browse the shortcuts' contents.

From here, you should:

Change the name to the activation phrase you want to use with Siri.
Look at each action in the shortcut to see what's happening.
Find the "Add Untrusted Shortcuts" button.

Screenshot showing example shortcut with name erased and keyboard ready for user to type in their own. (Image credit: iMore)

Screenshot of example Calendar Assistant shortcut opened into the Gallery, showing the steps of the shortcut. (Image credit: iMore)

Screenshot showing the example shortcut scrolled all the way to the bottom with the red "Add Untrusted Shortcut" button visible. (Image credit: iMore)

Source: iMore

That large and red button reading "Add Untrusted Shortcut?" seems to be Apple yet again reinforcing their message: these are shared online by individuals and not vetted like apps in the App Store.

Assuming the shortcut looks all good and nothing appears out of line based on the intent described in the title, you can tap "Add Untrusted Shortcut," and the shortcut will be added to your collection.

Per-shortcut permissions

After you go through all that and add the shortcut to your library, Apple even goes one step further to protect user privacy and provide security — with per-shortcut permissions for actions that access sensitive data.

Screenshot showing example Calendar Assistant shortcut's options with "Calendar" access disabled. (Image credit: iMore)

Screenshot of example Calendar Assistant shortcut with a Calendar action that's now available, showing "This shortcut does not have access to your calendar events. You can change this in the shortcut's details." — Screenshot of example Calendar Assistant shortcut with a Calendar action that's now available, showing "This shortcut does not have access to your calendar events. You can change this in the shortcut' (Image credit: iMore)

Screenshot showing Calendar access enabled after reopening the example shortcut's options. (Image credit: iMore)

Source: iMore

Once you go back into My Shortcuts and look at the shortcut, you just added, each action that accesses personal data or device features—like accessing your location—will also have individual permission dialogs.

You can also tap on the Options icon inside a shortcut to see all the permissions that have been granted and toggle them off easily if necessary.

Overall, Every shortcut must get your permission before it does anything sensitive — Apple really hasn't been messing around since Shortcuts got installed by default back in iOS 13.

The last thing you need to know involves sharing shortcuts — you have to turn the Allow Untrusted Shortcuts toggle on to share your shortcut too.

Screenshot showing the Share sheet for the example shortcut, with Copy iCloud Link available the first option. (Image credit: iMore)

Screenshot of shortcut being shared with dialog for "Create iCloud Link: Anyone with access to this shared link will be able to view the contents of this shortcut." (Image credit: iMore)

Screenshot showing the shared shortcut with a grey confirmation box that says "Link Copied." (Image credit: iMore)

Source: iMore

You won't even see a Share icon in each individual shortcut until you've followed the instructions above to Allow Untrusted Shortcuts, so do this if you plan on sharing yours with anyone in the future as well.

Understand what your shortcuts are doing

Every person who finds a shortcut online and goes to add it should look through the actions included and try to understand what's happening before they add it to their collection – and certainly before they run it.

You should check for anything that looks out of the ordinary, and if you're not well-versed in building Shortcuts yet, it's also a good learning opportunity to see how this particular goal is accomplished.

So for each link, make sure that each function generally matches the description from wherever it was shared and find people who are known to share good shortcuts frequently.

Have fun along the way too

I hope you find some great shortcuts to use and test out over time — there's so much to learn with this app.

Look for Siri Shortcuts online in places like r/shortcuts, MacStories, or individual creators like David Sparks, Rosemary Orchard, and Chris Lawley – plus many more.

Then, add some shortcuts to the Home Screen, ask Siri to run them, or set it up with an Automation to make it easier to use more often — I bet you'll find something fun, useful, or just cool.

Finally, make sure to check out my own Shortcuts Catalog for more examples and my YouTube channel for more Siri Shortcuts videos too, or send me your shortcut creations on Twitter at @mattcassinelli.

Matthew Cassinelli is a writer, podcaster, video producer, and Shortcuts creator. After working on the Workflow app before it was acquired by Apple and turned into Shortcuts, Matthew now shares about how to use Shortcuts and how to get things done with Apple technology.

On his personal website MatthewCassinelli.com, Matthew has shared hundreds & hundreds of shortcuts that anyone can download, plus runs a membership program for more advanced Shortcuts users. He also publishes a weekly newsletter called “What’s New in Shortcuts.”