A new feature in iOS and iPadOS 15.2 is the App Privacy Report. Your iPhone or iPad can record and display activity carried out by apps, such as which apps access your location, contacts, or photos, which apps access a network, websites that contact trackers, and more. You can then view a detailed report of this activity over the past seven days.
In this article, I’ll explain how to enable the App Privacy Report, and how to understand the data it presents.
Apple has introduced a number of features recently to enhance user privacy and provide clear information about what apps do with your data. The first of these was the App Privacy Information that Apple brought into its App Stores. Apple requires that all app updates made after the release of macOS 11.1 and iOS 14.3 display information, such as this:
These "nutrition labels" are designed to help users understand what types of data apps are collecting. Now, in iOS and iPadOS 15.2 or later, you can see how that data is used. To enable this feature, go to Settings > Privacy > Record App Activity, and toggle Record App Activity. Your device will tell you that it needs seven days to provide a report. If you’re running a version of iOS or iPadOS before 15.2, you won’t see a visual report, and will be able to save the data, but you probably don’t want to do this, because it’s just a long log which isn’t very helpful.
With iOS / iPadOS 15.2 or later, you’ll see Settings > Privacy > App Privacy Report. Toggle this on, then, in a few days, you’ll see something like this:
There are several sections in this report, and they all show data from the last seven days:
Data & Sensor Access: This shows you which apps accessed your location, photos, camera, microphone and contacts.
App Network Activity: This show which apps access a network (generally the internet); it’s normal that, here, Messages and Kindle have accessed the network, but in the screenshot above, a game called High Rise has made a lot of network access. Other apps listed here include the App Store, Safari, News, my Twitter client, Amazon’s Prime Video app, and other that are fetching data from the internet.
If I scroll down, I see two more sections:
Website Network Activity: This shows which websites contacted the most domains. Each website you visit loads data from a number of domains, and many of these domains serve ads or collect data for trackers. The numbers next to the websites correspond to the total number of times all domains have been contacted in the past seven days, so a high number doesn’t mean that the website is collecting more data, it could mean that you’ve visited it often. The top website in the screenshot above is The Guardian newspaper, followed by Amazon UK, the New York Times, and Google, all websites I visit regularly.
If I tap on The Guardian, it shows me more data:
I visited theguardion.com 51 times, and you see a list of domains that The Guardian contacted, and the apps I used to view the website. Twitterrific is listed, because I tapped links in that app to view articles on The Guardian, but for some reason The Guardian’s own app, which I use regularly, is not listed here, even though it shows up in the App Network Activity list.
If you tap one of the domains in this list, you can see which apps have contacted it. In most cases, you’ll see Safari, or whichever web browser you use, a Twitter client, if it displays web pages in the app, an RSS reader, or other apps that can display web pages.
But this gets more interesting when you start browsing certain domains that are owned by large companies. If I look at instagram.com, which I visited 14 times (I view Instagram in Safari), I see that it contacts a number of domains, including connect.facebook.net. If I tap that domain in the list, I see this:
Most Contacted Domains: This is the domains that your device contacts the most. It’s not surprising to see an iCloud domain, or inappcheck.itunes.apple.com, which seems to be a domain that third-party apps check to make sure you have the right to use each app you launch. You’ll find a number of domains in this section that apps ping to check your identity, subscription, and more.
You may think that there are a lot of domains, and even trackers, contacted in the data above. But all this data was recorded when I was using a content blocker. (Read this article to learn more about content blockers.) I turned it off, then went to Google News in Safari, and tapped on a number of articles. The Website Network Activity section was very different:
You can see that, with just one or two page loads, sites like daily mail.co.uk, forbes.com, and other newspapers in the UK contacted more than 50 domains, and sometimes more than 100. One such example is pagead2.googlesyncidaciotn.com, and, as the explanation below the domain name says, this domain is likely combining data about me into a profile; it’s tracking me across multiple websites.
As you can see above, six different newspaper websites contacted this tracker, which is used by Google to serve ads.
As you’ve seen, the App Privacy Report contains a lot of data, some of which can be confusing, but one thing is clear: with a content blocker, you will be tracked much less by companies monetizing your activity to sell ads. While Apple’s Intelligent Tracking Prevention feature blocks some trackers, it clearly isn’t enough.
Using the App Privacy Report can help you find which websites or apps are tracking you the most, and may lead you to change your behavior. Content and tracker blockers can help prevent companies from building profiles based on your activity, and enhance your privacy.
You can also subscribe to our e-mail newsletter and keep an eye here on The Mac Security Blog for the latest Apple security and privacy news. And don’t forget to follow Intego on your favorite social media channels: 
