iOS 15.2 brings the App Privacy Report, an interactive list of every internet connection made by every app on your device. And there’s more. It also tells you which apps have accessed your private data—photos, contacts, and even the microphone and camera. It’s browsable, easy to understand, and utterly terrifying for less scrupulous developers. “Developers will likely hope that iPhone users will forget to turn on the App Privacy Report in Settings. Otherwise, they will have to justify the access permissions they ask for. Get ready to explain why you need access to my iPhone’s GPS radio to play a game, devs!” Chris Hauk, consumer privacy champion at Pixel Privacy, told Lifewire via email. 

App Privacy Report

To begin, you have to enable the App Privacy Report in the iPhone or iPad’s settings, after which it will detect every connection made by every app on your device—including the stock Apple apps.  Check back in after a few hours, and you might be surprised by what you see. You can slice and dice the info into several useful forms; you can browse by app. You can even see a list of the most commonly accessed domains, which will reveal popular tracking services. Some of these are meant to collect app metrics for developers to spot anonymous usage patterns and improve the apps, but many are there just to strip-mine your data, collate it, and sell it. “The purpose of invading users’ privacy is usually to sell that data for advertising revenue. Making apps more private can cut into app developers’ bottom line if they can’t monetize users’ personal data,” Paul Bischoff, privacy advocate with Comparitech, told Lifewire via email. Calling out apps could help shame them into cleaning up their acts, but on the other hand, do you really want to keep using software from a developer that was happy to invade your privacy? When Apple introduced a notification that told you every time an app accessed your clipboard, it was on by default, and suddenly hundreds of millions of iPhone users discovered how many apps sneak a peek at their copied data. This led to a swift cleanup from bad actors and developers who had just designed their apps poorly.  App Privacy Report isn’t on by default, nor will you see its data unless you look for it, but that doesn’t make it useless. 

How Can You Use This Information?

The most obvious way to deal with a bad app is to delete it, then perhaps leave an expository review on the App Store or Twitter. If you want to go even further, you could report the perpetrators to the relevant authority. “In general, users should look to delete any apps that access their camera, microphone, geolocation, and photos without their consent,” security consultant Vikram Venkatasubramanian told Lifewire via email. “If the apps are from US-based companies,” Venkatasubramanian continued, “then they could make a request to the specific companies to delete their information. For users in California and Vermont, given the protections of CCPA, they may be able to lodge a complaint with their state AG’s office.” That might be beyond the threshold of effort for many of us, but there’s one other great side-effect of this new feature: it gives you a list of commonly used tracking domains. If you run any firewall app on your iOS device, like Lockdown Privacy, then you can take these domains and plug them into the app, forever blocking them in the future.  Apple keeps piling the pressure onto bad actors, giving us the tools to protect ourselves. Sometimes, it’s up to us to make an effort to use them, but for the privacy-minded among us, this is a big win.  “Privacy, security, and trust are paramount these days. Consumers win when companies protect their data [and] choose not to collect it,” Dr. Chris Pierson, a former CISO and CEO of Blackcloak cybersecurity service, told Lifewire via email.