How To

Understanding iOS and iPadOS App Privacy Report

Posted on December 14th, 2021 by

A new feature in iOS and iPadOS 15.2 is the App Privacy Report. Your iPhone or iPad can record and display activity carried out by apps, such as which apps access your location, contacts, or photos, which apps access a network, websites that contact trackers, and more. You can then view a detailed report of this activity over the past seven days.

In this article, I’ll explain how to enable the App Privacy Report, and how to understand the data it presents.

App privacy

Apple has introduced a number of features recently to enhance user privacy and provide clear information about what apps do with your data. The first of these was the App Privacy Information that Apple brought into its App Stores. Apple requires that all app updates made after the release of macOS 11.1 and iOS 14.3 display information, such as this:


These "nutrition labels" are designed to help users understand what types of data apps are collecting. Now, in iOS and iPadOS 15.2 or later, you can see how that data is used. To enable this feature, go to Settings > Privacy > Record App Activity, and toggle Record App Activity. Your device will tell you that it needs seven days to provide a report. If you’re running a version of iOS or iPadOS before 15.2, you won’t see a visual report, and will be able to save the data, but you probably don’t want to do this, because it’s just a long log which isn’t very helpful.

With iOS / iPadOS 15.2 or later, you’ll see Settings > Privacy > App Privacy Report. Toggle this on, then, in a few days, you’ll see something like this:

There are several sections in this report, and they all show data from the last seven days:

Data & Sensor Access: This shows you which apps accessed your location, photos, camera, microphone and contacts.

App Network Activity: This show which apps access a network (generally the internet); it’s normal that, here, Messages and Kindle have accessed the network, but in the screenshot above, a game called High Rise has made a lot of network access. Other apps listed here include the App Store, Safari, News, my Twitter client, Amazon’s Prime Video app, and other that are fetching data from the internet.

If I scroll down, I see two more sections:

Website Network Activity: This shows which websites contacted the most domains. Each website you visit loads data from a number of domains, and many of these domains serve ads or collect data for trackers. The numbers next to the websites correspond to the total number of times all domains have been contacted in the past seven days, so a high number doesn’t mean that the website is collecting more data, it could mean that you’ve visited it often. The top website in the screenshot above is The Guardian newspaper, followed by Amazon UK, the New York Times, and Google, all websites I visit regularly.

If I tap on The Guardian, it shows me more data:

I visited theguardion.com 51 times, and you see a list of domains that The Guardian contacted, and the apps I used to view the website. Twitterrific is listed, because I tapped links in that app to view articles on The Guardian, but for some reason The Guardian’s own app, which I use regularly, is not listed here, even though it shows up in the App Network Activity list.

If you tap one of the domains in this list, you can see which apps have contacted it. In most cases, you’ll see Safari, or whichever web browser you use, a Twitter client, if it displays web pages in the app, an RSS reader, or other apps that can display web pages.

But this gets more interesting when you start browsing certain domains that are owned by large companies. If I look at instagram.com, which I visited 14 times (I view Instagram in Safari), I see that it contacts a number of domains, including connect.facebook.net. If I tap that domain in the list, I see this:

connect.facebook.net is a system that allows users to sign into websites using their Facebook profile. This domain is contacted whenever a website offers that possibility. You can see above that I visited websites like this with Twitterrific and Safari, and you can see the websites that contacted the domain. (I don’t know what reductress.com is; I never visited the site, so somehow something from their site got loaded on a web page. I checked in Safari’s website data (Settings > Safari > Advanced > Website Data), and the site is not listed.)

Most Contacted Domains: This is the domains that your device contacts the most. It’s not surprising to see an iCloud domain, or inappcheck.itunes.apple.com, which seems to be a domain that third-party apps check to make sure you have the right to use each app you launch. You’ll find a number of domains in this section that apps ping to check your identity, subscription, and more.

But there’s more…

You may think that there are a lot of domains, and even trackers, contacted in the data above. But all this data was recorded when I was using a content blocker. (Read this article to learn more about content blockers.) I turned it off, then went to Google News in Safari, and tapped on a number of articles. The Website Network Activity section was very different:

You can see that, with just one or two page loads, sites like daily mail.co.uk, forbes.com, and other newspapers in the UK contacted more than 50 domains, and sometimes more than 100. One such example is pagead2.googlesyncidaciotn.com, and, as the explanation below the domain name says, this domain is likely combining data about me into a profile; it’s tracking me across multiple websites.

As you can see above, six different newspaper websites contacted this tracker, which is used by Google to serve ads.

How the App Privacy Report can help you

As you’ve seen, the App Privacy Report contains a lot of data, some of which can be confusing, but one thing is clear: with a content blocker, you will be tracked much less by companies monetizing your activity to sell ads. While Apple’s Intelligent Tracking Prevention feature blocks some trackers, it clearly isn’t enough.

Using the App Privacy Report can help you find which websites or apps are tracking you the most, and may lead you to change your behavior. Content and tracker blockers can help prevent companies from building profiles based on your activity, and enhance your privacy.

 

How can I learn more?

Each week on the Intego Mac Podcast, Intego’s Mac security experts discuss the latest Apple news, security and privacy stories, and offer practical advice on getting the most out of your Apple devices. Be sure to follow the podcast to make sure you don’t miss any episodes.

You can also subscribe to our e-mail newsletter and keep an eye here on The Mac Security Blog for the latest Apple security and privacy news. And don’t forget to follow Intego on your favorite social media channels: Follow Intego on Twitter Follow Intego on Facebook Follow Intego on YouTube Follow Intego on Pinterest Follow Intego on LinkedIn Follow Intego on Instagram Follow the Intego Mac Podcast on Apple Podcasts

About Kirk McElhearn

Kirk McElhearn writes about Apple products and more on his blog Kirkville. He is co-host of the Intego Mac Podcast, as well as several other podcasts, and is a regular contributor to The Mac Security Blog, TidBITS, and several other websites and publications. Kirk has written more than two dozen books, including Take Control books about Apple's media apps, Scrivener, and LaunchBar. Follow him on Twitter at @mcelhearn. View all posts by Kirk McElhearn →