Guide to iOS Privacy 2021
Apple has declared its commitment to user data privacy before, but spring 2021 marked a seemingly bold move from the tech giant: In the most recent iOS software update, 14.5, Apple launched its App Tracking Transparency requirements for all other companies' apps.
See below to learn about Apple’s latest iOS privacy policies and how they affect both mobile users and businesses trying to access their data:
iOS 14.5 introduced App Tracking Transparency, which requires each external app to request permission to track data. This tracked data falls under the Identifier For Advertisers (IDFA), which allows the app to collect data and sell it to advertisers. Users can easily deny requests.
iOS gives users notifications when an app is accessing another app, such as the camera or the microphone, and allows them to manage their app preferences, like restricting Instagram's access to only photos.
Apple may also request permission for its own apps to access information for non-essential tasks. It provides a Data and Privacy page for iOS devices, which users can access to learn more about their privacy preferences and make changes.
Apple users can disable location services, choose to give their exact location or give an approximate location instead. Users also must be notified when a background app is tracking their location, and they can disable that tracking.
Apple's privacy control page states that Apple does not sell users' personal information or track them with its advertising platform. Data from Health, HomeKit and Apple Pay are not used for advertising purposes, though searches in the App Store and Apple News may be used to serve more accurate ads. Users can also disable personalized advertising, and children under 13 don't receive ads at all if associated with their Apple ID.
Users can opt in or out of analytics, which collects data from iOS devices as well as paired Apple Watches that can be used to improve technical performance and decrease app crashing. Apple uses a technique called differential privacy to protect any personal data collected.
Apple now requires each external app developer to provide a label for the app's page in the App Store. The label states exactly what the company will do with the data of any user who downloads that app. This can include stating whether the data will be sold to third parties.
While Apple requires privacy labels for all external apps on the App Store, it does the same for its apps and displays all its own labels in a storehouse on its website. Visitors can select an app to learn what data it collects and what Apple does with that data.
The label below shows how Apple's Health app collects data. It may gather sensitive information, identifiers, search history and location, for example. It will not be linked directly to an identifiable person.
Safari has default intelligent tracking prevention, which Apple says separates third-party tracking from their own. It's intended to keep user browsing information from advertisers. Safari does this by blocking widgets on websites that are used to track user browsing behavior.
Apple states that facial recognition data remains on a device rather than being sent to the cloud. Users can also choose to give applications certain photo data, such as location. For example, a user can opt to withhold location information using the Share Sheet in Photos, removing that metadata.
Apple encrypts app and web purchases and says it does not track customer purchase history. Credit and debit card numbers aren't stored on devices or servers. They're given a unique device account number, which is encrypted and stored in a chip called the Secure Element that is used for all Apple Pay payments.
Siri searches are not connected to a user's Apple ID but instead assigned to a random ID, according to Apple.
Apple cannot read Health app data if a user's phone is locked or their Apple Watch uses two-factor authentication: It's automatically encrypted. Apple also says that users can control other applications' access to their data from the Health app.
Apple Home data is encrypted both in storage and in transit. HomeKit, the platform for Apple home behavior, can be accessed by third-party applications, which are limited in the data they can use, such as when lights turn on in a home.
CarPlay, Apple's system for displaying information and media in vehicles, is powered by users' iPhones. The vehicle itself receives only limited metadata from the CarPlay app, and third-party apps that work with CarPlay must abide by the same data privacy restrictions — asking permission to track — as any other app, since they also run on the iPhone.
Apple released the report “A Day in the Life of Your Data” as part of their Data Privacy Day. The report describes how enterprises and applications gather and monetize information from people they don't know at all.
Using an example of a man who researches the weather to plan a park trip with his 7-year-old, Apple explains that, given enough data, third parties could develop a "comprehensive profile about him that includes his precise day-to-day movements."
For instance, one application may only track location data, but if trackers send that information to a third party that already has more data from other sources, the father may be tracked thoroughly enough to allow a third-party company to predict his behavior and daily movements.
The report goes on to explain the web of data, particularly location- and ad-related information, that applications can collect from users in one day and how Apple's controls can lessen the amount and types of data collected.
At the beginning of May, Apple users were already having issues with App Tracking Transparency: Applications weren't asking them for permission to track, despite Apple's rollout and promises, according to an article by Kate O'Flaherty, a Forbes contributor. O’Flaherty gives one potential explanation — users might have already forbidden apps to track before the update.
She also explains that not all developers may be prepared to implement the alerts in their apps and that while Apple only requires apps to ask permission to track through the IDFA, third-party apps do other forms of tracking. In other words, Apple's current stipulation for apps downloaded to iOS devices doesn't stop all third-party tracking, just what happens through the IDFA.
Apple has a partnership with Google from which it benefits financially. Some reports have pointed out that this partnership makes it difficult for Apple to fully prioritize privacy when Google pays it to be the default search engine on Safari.
"All those searches help funnel out enormous volumes of data on Apple’s users, from which Google extracts huge profits," Bogost says.
"Apple might not be directly responsible for the questionable use of that data by Google, but it facilitates the activity by making Google its default search engine, enriching itself substantially in the process."
There's no indication that Apple has halted its dealings with Google: It's still the default search engine on Safari. Apple has, however, ramped up its data privacy policies in 2021, and its "Day in the Life of Your Data" report gives users more visibility to understand how their data is collected and used.
Apple received initial backlash from Facebook for its increasingly strict approach to data privacy. Facebook argued that small businesses need targeted advertising to know and build their audience, and the new regulations, where people can opt out of tracking, will endanger those small businesses' ability to sell to users based on their data.
Two hypotheses arose from this challenge: First, Facebook thrives off data collection, so, of course, it will fight back, because it benefits from ads. Second, Apple will benefit from its own regulations, because it's creating a non-competitive environment.
To learn about Google's privacy controls for Android users, read Guide to Android Privacy 2021.