Apple has now launched a beta version of its “App Privacy Report,” a new feature that aims to provide iOS users with details about how often their everyday apps are requesting access to sensitive information, and where that information is being shared. The feature was first introduced at Apple’s Worldwide Developer Conference in June, amid other privacy-focused improvements, including tools to block tracking pixels in emails, a private VPN and more. Apple explained at the time the new report would include details about an app’s access to user data and sensors, including the user’s location, photos, contacts and more, as well as a list of domains that the app contacts.
Though announced as a part of the iOS 15 update, the App Privacy Report was not available when the new version of iOS rolled out earlier this fall. It’s still not accessible to the general public but has entered into a wider beta test with the release of the iOS 15.2 and iPadOS 15.2 betas.
The new report goes beyond the potentially fallible App Privacy labels, which detail what sort of sensitive data an app collects and how it’s used. Developers may not always fill out their labels accurately — either by mistake or with a desire to mislead end users — and Apple’s App Review team may not always catch those omissions.
Instead, the new App Privacy Report works to collect information about how apps are behaving more directly.
When enabled by users in their device’s Privacy Settings, the App Privacy Report will create a list of their apps’ activity over the past seven days. You can then tap on any app to see further details about when the app last accessed sensitive data or one of the device’s sensors — like the microphone or location, for example. This information is available in a list where each access is logged with a timestamp.
In another section, “App Network Activity,” users will be able to see a list of domains with which apps have communicated over the past seven days. This list could include domains used by the app itself to provide its functionality, but will also reveal those from third-party trackers and analytics providers the app works with for analytics and advertising purposes, for example.
The “Website Network Activity” offers a similar list, but focuses on websites that contacted domains, some of which may have been provided by an app. You can also view the most contacted domains and drill down into individual domains to see which trackers and analytics they may be using as well as which apps have been contacting them, and when.
Ahead of the beta launch, Apple made a feature called “Record App Activity” available, which allowed developers to preview what users would see when the App Privacy Report became available. This option produced a JSON file where they could confirm their app was behaving as expected. Already, this feature produced some interesting findings. For instance, Chinese super app WeChat was found to be scanning users’ phones for new photos every few hours.
While the App Privacy Report will put into users’ hands a treasure trove of data, it could present complications for developers who may have to now explain to users that some of these data requests are not truly privacy violations — they’re about providing the promised app functionality. A weather app, for example, may need to pull a users’ location on a regular basis if the user has requested push notifications about changing weather patterns, like storm updates, to help them prepare for travel.
When presenting the app to developers, Apple said the report would give them an opportunity to “build trust” with users by providing transparency about what their app is doing. The company also suggested it could give the developers themselves better insight into the SDKs they’ve chosen to install, to ensure their behavior aligns with what the developer wants and expects.
Apple has not said when the new feature may exit beta, but it’s possible it will ship when iOS 15.2 becomes publicly available.