- Apple made a big step towards data privacy, introducing several features, as part of iOS, in recent years.
- Third-party applications can invade your privacy in many ways.
- Even if you “Ask App Not To Track”, you still must trust the company to respect your data.
- It’s hard for users to recognise when apps invade their privacy, even with the App Privacy Report.
- Do you know those Privacy Nutrition Labels on the app store? They can sometimes be misleading!
- App tracking remains an issue.
- Apple’s lockdown feature disables certain device functionality to protect you against digital threats;
however, Apple does not provide you with any solution to check if your device is exploited
- The privacy tools in iOS are awesome, but there’s still more to be done.
Your smartphone contains a wealth of personal data.
People probably need to learn the kinds of information their smartphones contain and are therefore unaware of the privacy risks they face by storing sensitive personal data and installing third-party applications.
Your smartphone contains a wealth of personal data, including the
following:
- Your name, address, phone number, and social security number (if you use it in an app)
- Passwords for all apps and sites
- Messages and phone calls
- Location information for your phone, including current location and recent locations.
- Contact information for any contacts you’ve added to the device.
- Recent and deleted files (can be recovered until physical storage space is overwritten)
- Network Activity (Frequently visited sites and recently visited sites)
- Medical data (Health applications, wearable devices)
But did you know that this data is also collected by advertising companies and hackers? If they get their hands on it, they can use it to track you down in real life or hack into your online accounts. You might not think of yourself as worthy enough to become a target — but the truth is that all personal details about us are valuable to several companies, even if we don’t think of them.
Identify Threats
Third-party applications can invade your privacy in many ways, for example by:
- accessing your personal data in unexpected ways (e.g. microphone, camera or location)
- collecting data about your usage patterns (a domain may be following across multiple apps and websites to combine your activity into a profile for advertising purposes)
- sharing your data with other companies without your knowledge
Once you recognise that specific apps invade your privacy, it might be time to take action! You should consider managing the app’s permissions settings or uninstalling the app.
iOS Features That Keep Your iPhone Data More Private
App Tracking Transparency
App Transparency Tracking, introduced by Apple in iOS/iPadOS 14.5, makes it possible for you to decide whether an app can track your activity across other companies’ apps and websites for advertising or sharing with data brokers. If you select “Ask App Not to Track”, the app developer will not be able to see the system advertising identifier (IDFA), which is commonly used for tracking. It is also prohibited for the app to track your activity using other data that identifies you or your device, such as your email address.
Privacy Nutrition Labels
Privacy Nutrition labels, introduced by Apple in iOS/iPadOS 14.5, are just like the little stickers on products and food packaging: they tell you what’s in the product and how it affects you. The App Store does this by telling you what kind of data an app collects and how it uses that data.
App Store labels can help you make more informed decisions about which apps to download. You’ll be able to tell if an app uses location data or accesses your contacts so that you can decide if those things are okay with you.
Safari & Privacy Report
Safari offers protection against cross-site tracking and prevents websites from viewing your IP address. This is done through the iCloud Private Relay, which employs Intelligent Tracking Prevention to identify and block trackers. iCloud Private Relay, Intelligent Tracking Prevention, and Blocking Cross-Site Trackers works great, but they may only protect you when Safari is used!
The Privacy Report in Safari can help you find out if websites are collecting your data as you browse on Safari. It allows you to see how many trackers are blocked on a page. Privacy Report in Safari can help you decide if you want to continue using a site or not.
App Privacy Report
App Privacy Report is a useful tool that provides users with information about the behaviour of the apps on their devices, introduced by Apple in iOS/iPadOS 15.2. The App Privacy Report gives users a way to learn more about how their device’s apps behave by providing a detailed look at the activity of the apps they’ve downloaded, including details on where they access and share data, whether they treat your data correctly, and what permissions they require. App Privacy Report can help you make more informed decisions about which apps to keep using.
Privacy Indicators
The privacy indicators feature is meant to help users understand which apps are accessing their cameras, microphones, and other sensors. When an app accesses your camera or mic, you’ll see one of two coloured dots appear near the top-right corner of your screen. The green or orange dots will show up whenever an app is using the camera or microphone, respectively. Dot indicators can help you identify applications that access your sensor without concern. Privacy indicators can help you realise if any app is invading your privacy by accessing your sensors in unexpected ways.
Hide My Email
Hide My Email is a service that lets users hide their personal email whenever they have to provide it on a website. The service creates a temporary, anonymous email address for you to use when signing up for accounts or newsletters. You can also use this address to send emails to anyone in the world without them knowing what your real email address is.
Safety Check
In iOS 16, Apple introduced Safety Check, a feature that allows you to manage who and which apps can access your information. Safety Check allows you to sign out of iCloud on all your devices, revoke the access you have given to others, limit messaging to just one device, and stop sharing location data. You can also review and reset the iPhone location and privacy access you’ve granted to other people and apps. You can also help you take action if you feel threatened by a partner or other family member who has become abusive or violent.
Lockdown Mode
Lockdown Mode is an optional, extreme form of security for people who might be personally targeted by some of the most sophisticated digital dangers, such as spyware. Lockdown can activate with just one tap in the Privacy & Security settings. The device won’t operate normally when Lockdown Mode is activated. Specific programs, websites, and features are carefully limited for security reasons, and other experiences might not be available at all in order to reduce the attack surface that might be exploited by highly targeted mercenary spyware.
Is Apple’s privacy features enough? No.
Although the recognised effort of Apple to keep your data safe and secure, you still have to do your part and take responsibility for protecting yourself. The solutions that Apple provides for protecting your privacy are pretty time-consuming and require users to have knowledge about what they’re doing. You can’t rely on Apple’s security tools alone — there are just too many ways they could access your data and invade your privacy. The privacy features in iOS are a big step forward for privacy, but there’s still more to be done.
Let’s take a deeper look at these features’ limitations and privacy concerns.
Even if you “Ask App Not To Track”, you still must trust the company to respect your data.
App Transparency Tracking cannot block or prevent an app from collecting information about you; it only disables Apple’s ad-tracking system (not sharing the device’s IDFA) and asks the developer to respect your choice and disable any other tracking. Any company that has been quietly tracking you in the past is likely to do so again if it can.
In a recent paper where they examine the impact of this feature, they come to this conclusion:
Many apps still collect device information that can be used to track users at a group level (cohort tracking) or identify individuals probabilistically (fingerprinting). We find real-world evidence of apps computing and agreeing on a fingerprinting-derived identifier through the use of server-side code, thereby violating Apple’s policies.
Large companies, like Google/Alphabet and Facebook/Meta, are still able to track users between apps in spite of the new regulations since they have access to very large volumes of first-party user data. If you use Instagram, meta can relate to your Facebook data.
Do you know those Privacy Nutrition Labels on the app store? They can sometimes be misleading!
The idea behind the Privacy Nutrition Label was to give users verified information, not a false sense of security. Apple states, “This information has not been verified by Apple,” in tiny font on the detail page of each app’s label. Privacy Nutrition Labels are sometimes inaccurate and misleading. For example, some apps claim they don’t collect any data at all, but we found out that they do!
In a recent paper where they examine the impact of this feature, they come to this conclusion:
We also find that the new Privacy Nutrition Labels are sometimes inaccurate and misleading, especially in less popular apps.
It’s almost impossible for users to recognise when apps invade their privacy, even with App Privacy Report
The App Privacy report offers you a way to check if your apps are accessing your personal data in unexpected ways.
However, there are some limitations to this feature:
- The report only shows how many apps have accessed your personal data in the last seven days.
- App Privacy Report is only informative, which means it cannot block or prevent an app from collecting information about you.
- Recognising unexpected app network activity requires a user can recognise suspicious domains and possible signs of data leaks.
- It is up to you to recognise if an app is accessing your personal data and sensors in unexpected ways. This means that, if you are reading this report, you must remember when you used a specific app and what you did do with this app.
Apple does not provide you with any solution to check if your device is exploited
Apple has done a great job with the lockdown feature, which provides protection against digital threads. Unfortunately, there is no solution to check if you are infected by spyware on your phone. This is why it’s important to use third-party solutions that check for malware and spyware on your iPhone/iPad.
Malloc’s got your back.
Apple’s App Transparency Tracking feature is a good step, but it can’t stop app developers from collecting information about you. App Privacy Report requires effort, knowledge, and time to identify threads. Privacy Nutrition Labels should not be trusted. Spyware infection is crucial for your privacy, and there has yet to be a solution from apple.
The best way to protect yourself is to use a security and privacy app to anonymise your internet traffic, block connections and protect you from potential threads.
Malloc, an AI startup providing privacy and data security solutions, is dedicated to protecting your online privacy and securing your devices without collecting personal data.
Malloc has recently launched its privacy-oriented application, the Malloc VPN: Privacy & Security, which offers complete online and on-device privacy and security!
What does Malloc VPN: Privacy and Security have to offer?
- Block Malicious Connections: Your privacy is endangered the time your data leaves your device; protect yours by blocking communication with spyware, ad, crypto mining, and adult content websites.
- No-Log Policy: Malloc doesn’t log your traffic or the content of any communications. Your connection reports are only saved on your device.
- Detect Spyware: Real-time detection of spyware based on indicators and online activity analysis.
- Detect Jailbreak: Detect if software restrictions are removed and your device is vulnerable to spyware, malware, and data breaches.
- Present Connection Reports: Monitor contacted and blocked domains. Connection Reports are only available on your device.
- Fast & Secure VPN Protocol: Surf with high-speed performance, state-of-the-art encryption, and low attach to surface.
- VPN Kill Switch: Automatically disconnect your device from the internet if your VPN connection is lost
Relevant tags:
Published on Medium
