“This year we wanted to help you with tracking in apps,” said Katie Skinner, a user privacy software manager at Apple during the keynote. “We believe tracking should always be transparent and under your control. So moving forward, App Store policy will require apps to ask before tracking you across apps and websites owned by other companies.”
In iOS 14, you’ll see a prompt when an app is trying to track you across other services. You’ll have the option to “Allow Tracking” or “Ask App Not to Track.” It’s notable that “asking” seems different from “blocking,” but Apple says in its notes to developers that they will need this permission from users to conduct external tracking. An Apple spokesperson specifically told WIRED that if a user doesn’t consent to tracking, the app won’t be able to access a type of identifier often used in targeted advertising and other tracking called the IDFA identifier. This would likely be similar to invoking the existing iOS feature “Limit Ad Tracking,” which zeros out a user’s IDFA number, but doesn’t preclude tracking with other identifiers.
Apple lists two exceptions through which an app can track a user without permission: when an app is sharing data locally on a user’s device with another app but never leaves the device in an identifying way, and when the data will be used for fraud detection and prevention or other security protections.
While any step toward reducing inter-app tracking is significant, the new framework likely won’t resolve the problem of online tracking overnight.
“It’s an improvement, but I’m unsure how well it will actually work,” says Will Strafach, an iOS security researcher and creator of the Guardian Firewall app for iOS. “I can tell you now, bad actors will run wild with the ‘not sent off the device in a way that can identify the user or device’ caveat. Tracking companies have hidden behind that excuse for years. Unless Apple suddenly gets a whole lot more aggressive about how they screen apps, this will only be helpful when developers are willing to be honest.”
A similar issue comes up with another new privacy feature. In an attempt to make it more clear what data an app will collect, Apple will add a tailored breakdown on App Store product pages that lists different privacy considerations. Developers will need to detail which types of data the app collects and whether it will be connected to a user’s identity for tracking. Developers will also have to spell out the third-party software development kits and other modules incorporated into their apps, what those components do, what data they collect, and how it will be used. On Monday, Apple compared these charts to nutrition labels, an approach to sharing transparent security and privacy information that some researchers have found effective. But developers will self-report what data they’re collecting and whether there is any tracking going on in their apps, a major limitation of the labels if developers aren’t fully candid.
Other changes are more concrete, though. Beginning with iOS 14, you’ll see an indicator in the status bar when an app is using your device’s microphone or camera, much like the green light that goes on when a MacBook’s built-in webcam is in use. And you’ll be able to share an approximate location with apps, within about 10 miles, rather than giving away more precise data. This way apps can pinpoint you down to the city you’re in rather than the block.
You can already cobble together some of the privacy protections Apple announced on Monday through other operating systems and browsers. But it’s still a challenge to get everything together in one place. With these and other cumulative improvements, Apple seems determined to make a bid for the most privacy-friendly offerings out there.
More Great WIRED Stories