How to review App Privacy data on your iPhone, iPad, or Mac
In organizations, Apple’s App Privacy data can start a conversation about privacy-respecting apps as well as help IT leaders stop the use of apps that collect more data than necessary.
In late 2020, Apple began requiring every developer to disclose data gathered by an app. Apple includes this developer-reported information in the App Store. The most privacy respecting apps report “Data Not Collected,” since “the developer does not collect any data from this app.” For apps that do gather some sort of data, Apple’s App Privacy policy groups the data into three categories: Data Used To Track You, Data Linked To You, and Data Not Linked To You. Apps not yet updated will simply indicate “No Details Provided” until the developer issues an update to the app. For more details, see: How Apple’s new App Store privacy requirements may affect users and app developers.
Apple’s easy-to-review privacy policies give IT administrators an excellent opportunity both to talk about privacy and to take steps to protect data. The following steps guide you through how to review currently installed apps, deliberate concerns and ultimately decide what action to take (if any) for each app.
SEE: Microservices: The foundation of tomorrow’s enterprise applications (free PDF) (TechRepublic)
1. Review privacy policies for all apps installed from the App Store
For every app on your iPad, iPhone, or macOS device, search for the app in the App Store, scroll down to the App Privacy section, then enter the key categories of data collected into a row in your spreadsheet (Figure A). In the App Store, you may tap See Details in the App Privacy section of an app to access all reported data that an app collects.
Figure A
If you want to track this information for all of your apps, you might create a spreadsheet with four columns: One for the app name, one for the most concerning app privacy category displayed, one for the data collected within the most concerning app privacy category, and another column for your initial identified action to take (e.g., keep, delete, replace, or investigate) (Figure B).
Figure B
In my case, I reviewed the App Privacy information for 225 apps I had installed and identified the following number of apps in each category:
- 28 apps – Data Not Collected (12%)
- 35 apps – Data Not Linked to You (16%)
- 24 apps – Data Linked to You (11%)
- 33 apps – Data Used to Track You (15%)
- 105 apps – No details provided (47%)
Of these, the first two categories are of little concern, since those either don’t collect data at all or don’t link that data to me. However, all apps in the latter three categories merit more detailed review to learn exactly what data each app collects.
2. Delete privacy-invading apps you don’t need or use
Often, you’ll identify apps you no longer need, use, or want. Some deserve deletion. In my case, I deleted 22 apps immediately after my app privacy review. These included a few travel-related apps, as well as some parking apps I haven’t used in months. I also deleted a few games that collected more data than I felt was merited.
3. Seek privacy-respecting alternatives
Another set of apps may collect more data than you like, but may also be important to you–for work, for information, or for specific features or functions. When I learned that a multi-page scanning app and an image resizing app each were actively collecting data, I easily identified alternatives. In other cases, such as eBay, Yelp, and Zillow, I decided to remove the app and access services in the browser.
However, you’ll likely end up with at least a few apps that aren’t easy to replace immediately. I have a list of six apps that I would prefer to replace with more privacy-respecting alternatives. I now have a “search for alternative apps” project on my task list. If you’re an IT leader, this search-for-alternatives task may be a service you and/or your team might provide to people in your organization.
4. As each app updates, review App Privacy information
When I completed my initial review, just under half of my apps (47%) lacked App Privacy data. I’ve added a weekly task to my to-do list to examine recently updated apps for App Privacy information. As this data is added, I’ll repeat the “keep, delete, or seek alternative” review process above.
5. Where merited, minimize or ban privacy-invading apps
My review identified three categories of apps that were quite likely to collect and/or track data: News apps, video streaming apps, and, (not surprisingly) social media apps. Organizations concerned about data privacy should take steps to prohibit, limit, or reduce the use of apps in these categories. For example, if your company owns devices, you might prohibit the installation of streaming video apps, limit the use of news sites to websites (instead of installed apps), or restrict social media app use to specific company-approved services. Facebook/Instagram, LinkedIn, Snapchat, and TikTok, and Twitter all link lots of data to you. In my case, I’ve decided that the features and utility of the official Twitter app outweighs my concern about the data the company collects, so the Twitter app remains installed.
What has your App Privacy review indicated?
If you use Apple devices, have you gone through a thorough review of the App Privacy data for your installed apps? What did you discover? How many apps did you delete, switch, or decide to tolerate based on the data they collect? In the comments or on Twitter (@awolber), let me know what you learned from your App Privacy review.