One of the first things you'll run into when looking up Siri Shortcuts online is that you're not "allowed" to download them right away — Apple puts up a confusing error dialog.
This article covers how to find the toggle to Allow Untrusted Shortcuts, how Apple is trying to protect your privacy with shortcuts, and what's important to know about Siri Shortcuts shared through iCloud.
Finding the toggle for Allow Untrusted Shortcuts
When you find an iCloud link for a shortcut—like one of the 25 example shortcuts I've shared in my Shortcuts Catalog on my website—you'll get the following message:
"You can't add this shortcut because your Shortcuts security settings prevent it. Go to Settings and allow it".
Somewhat unhelpfully, there's no option to take you directly to the setting or further explanation of what that message means — it sounds like you accidentally changed something on your own, not that this a default setting.
Finding Shortcuts' settings
Instead, you'll have to find the Shortcuts security settings yourself — here's how:
- Go into the Settings app
- Navigate to the main group of Apple apps
- Tap into the category for Shortcuts
From there, you'll find the security setting — but it's also disabled by default if you haven't run any shortcuts yet.
In order to enable it, you'll have to:
- Create your own shortcut or find one from the Gallery.
- Run the shortcut by pressing the Play icon in the bottom right.
- Go back into Settings > Shortcuts again (see above if needed).
From there, to fully allow untrusted shortcuts, you can:
- Flip the "Allow Untrusted Shortcuts" toggle on.
- Confirm the dialog after reading Apple's message.
- Enter your pin code to confirm the setting.
Unlike the App Store, with its whole review process that guarantees that apps are trusted sources and won't do anything unexpected, the Shortcuts app allows anyone to build custom Siri Shortcuts and share them on the web using just a link.
And technically, Shortcuts does have actions like Find Contacts or Calendar Events, and actions like Get Contents of URL, which includes fancy ways to upload data to websites — in theory, a bad actor could try to get you to run a shortcut that uploads your personal information.
But that's why Apple is making this a very intentional process — they don't make it overly easy for someone to randomly find a shortcut link, jump into Settings, and run the shortcut without realizing what's going on.
Adding the shortcut
Once you have allowed untrusted shortcuts and open your shortcut link, you'll then be taken into the Gallery view to browse the shortcuts' contents.
From here, you should:
- Change the name to the activation phrase you want to use with Siri.
- Look at each action in the shortcut to see what's happening.
- Find the "Add Untrusted Shortcuts" button.
That large and red button reading "Add Untrusted Shortcut?" seems to be Apple yet again reinforcing their message: these are shared online by individuals and not vetted like apps in the App Store.
Assuming the shortcut looks all good and nothing appears out of line based on the intent described in the title, you can tap "Add Untrusted Shortcut," and the shortcut will be added to your collection.
After you go through all that and add the shortcut to your library, Apple even goes one step further to protect user privacy and provide security — with per-shortcut permissions for actions that access sensitive data.
Once you go back into My Shortcuts and look at the shortcut, you just added, each action that accesses personal data or device features—like accessing your location—will also have individual permission dialogs.
You can also tap on the Options icon inside a shortcut to see all the permissions that have been granted and toggle them off easily if necessary.
Overall, Every shortcut must get your permission before it does anything sensitive — Apple really hasn't been messing around since Shortcuts got installed by default back in iOS 13.
The last thing you need to know involves sharing shortcuts — you have to turn the Allow Untrusted Shortcuts toggle on to share your shortcut too.
You won't even see a Share icon in each individual shortcut until you've followed the instructions above to Allow Untrusted Shortcuts, so do this if you plan on sharing yours with anyone in the future as well.
Understand what your shortcuts are doing
Every person who finds a shortcut online and goes to add it should look through the actions included and try to understand what's happening before they add it to their collection – and certainly before they run it.
You should check for anything that looks out of the ordinary, and if you're not well-versed in building Shortcuts yet, it's also a good learning opportunity to see how this particular goal is accomplished.
So for each link, make sure that each function generally matches the description from wherever it was shared and find people who are known to share good shortcuts frequently.
Have fun along the way too
I hope you find some great shortcuts to use and test out over time — there's so much to learn with this app.
Look for Siri Shortcuts online in places like r/shortcuts, MacStories, or individual creators like David Sparks, Rosemary Orchard, and Chris Lawley – plus many more.
Then, add some shortcuts to the Home Screen, ask Siri to run them, or set it up with an Automation to make it easier to use more often — I bet you'll find something fun, useful, or just cool.
Get the best of iMore in in your inbox, every day!
Matthew Cassinelli is a writer, podcaster, video producer, and Shortcuts creator. After working on the Workflow app before it was acquired by Apple and turned into Shortcuts, Matthew now shares about how to use Shortcuts and how to get things done with Apple technology.
On his personal website MatthewCassinelli.com, Matthew has shared hundreds & hundreds of shortcuts that anyone can download, plus runs a membership program for more advanced Shortcuts users. He also publishes a weekly newsletter called “What’s New in Shortcuts.”
Thank you for signing up to iMore. You will receive a verification email shortly.
There was a problem. Please refresh the page and try again.