Apple’s App Privacy Report, just added to the latest iOS 15 betas, is a new settings page that lists how often apps access sensitive data. It’s similar to the already-existing Safari Privacy Report, only it doesn’t apply just to the web. It applies to every app on your device—including Apple’s own apps. This welcome feature lets the user take back control of their private data, and it may even make unscrupulous developers think twice before sharing your data. “I think that iOS 15.2 will make developers decrease their access to data, because if they don’t do it, the secret will be out about just how much they are accessing,” tech writer Abhi Suthar told Lifewire via email.
App Privacy Report
The App Privacy Report has been in iOS 15 since the early betas, but only has operated behind the scenes. Now, though, you can enable the full readout, which provides a startling amount of information, neatly displayed per-app or data type. For instance, you can see all the internet domains that the app has contacted, sorted by date. This will tell you whether the app has contacted tracking services or other unexpected places on the internet. The Privacy Report also lists various data sources on your iPhone or iPad, so you can see which apps have used them over the past seven days. These sources include your email, the Find My service, and your photo library, plus any sensors or other hardware like cameras and microphones. App Privacy Report is a comprehensive collection of exactly what apps are getting up to behind the scenes. Some users won’t bother to enable it, but for those who do, Apple has provided a potent tool for protecting your privacy. “App Privacy Report exists to provide transparency on app behaviors,” said Apple privacy engineer Lauren Henske in a 2021 WWDC session on Apple’s privacy features.
Privacy Shaming
What difference will this make? The best outcome is that less-scrupulous app developers will be shamed into reducing the amount of data they exfiltrate from your devices. It’s easy to do this kind of thing in the dark, but with the light of the new Privacy Report shining on them, it’s harder to hide data trafficking. Apple’s privacy measures have had differing levels of success. iOS 14.5’s App Tracking Transparency (ATT) feature, for example, has cost Snapchat, Facebook, Twitter, and YouTube almost $10 billion, thanks to users opting out of tracking. But ATT doesn’t actually block anything. Perhaps the best precedent for the new App Privacy Report is iOS 14’s “clipboard-shaming” feature, which notifies the user every time an app accesses your clipboard. It revealed that many apps were grabbing clipboard data as often as every few seconds. Some of these were legit—a delivery-tracking app might monitor the clipboard for parcel-tracking numbers, for example. Others were shoddy coding, and some may have been malicious, But it’s not all bad news for developers. The good ones can prove their trustworthiness by simply not accessing your data. “Your app should access only data the user would expect and at the times they would expect,” Henske told developers. “This is another opportunity to really build trust with your users, as they can understand more of what your application does.”
What Can You Do With This Data?
If you discover an app has been making dodgy-looking connections, what can you do? You could publicize it. Or you could use this information to block those connections. There are several firewall apps for iOS that let you block specific URLs, making it so no apps can access them. The most effective course of action is to just delete any apps that are up to no good, and pick a more privacy-respecting alternative. Nuke them from orbit. It’s the only way to be sure.