Next Apple iOS update will tell you which apps want to share your data - how it works

Thursday, 28th January 2021, 12:44 pm
Updated Thursday, 28th January 2021, 9:59 pm
App developers will need to ask for permission to share user’s data to third parties (Photo: Shutterstock)

Apple has announced further details about its hotly-anticipated privacy changes in its next iOS update.

The changes will mean app developers will need to ask for permission to share user’s data to third parties, allowing people to better control their privacy.

Privacy changes

In June last year, the company announced that app developers would have to ask users for permission to track and share their Identifier for Advertisers (IDFA) for cross-property ad targeting purposes.

Despite the launch of iOS 14 in autumn, Apple delayed the tracking restrictions until 2021 to allow developers more time to make the necessary changes.

The plan is to launch these changes in early spring, with a version of the feature coming in the next iOS 14 beta release.

Apple said: “Under Settings, users will be able to see which apps have requested permission to track, and make changes as they see fit.

“This requirement will roll out broadly in early spring with an upcoming release of iOS 14, iPadOS 14, and tvOS1 14, and has already garnered support from privacy advocates around the world.”

How does the feature work?

The App Tracking Transparency feature moves from the old method which meant users had to opt-out of sharing your IDFA to an opt-in model.

This means that every app will have to ask you up front whether it is okay to share your IDFA with third parties including networks or data brokers.

User’s can also toggle IDFA sharing on a by-app basis at any time, where previously it was a single toggle. Turning off the ‘allow apps to request to track’ setting completely will mean no apps will be able to ask you to use tracking.

This feature will be enforced for all third-party data sources, including data sharing agreements, but platforms can still use first party data for advertising as per their terms of service.

Apple expects developers to understand whether Application Programming Interface’s (APIs) or software development kits that they use in their apps are serving user data up to brokers or other networks, and to enable the notification if so.

Apple will abide by the rules for its own apps as well and will present the dialog and follow the ‘allow apps to request’ toggle if its apps use tracking.

The Personalised Ads toggs is a separate setting which allows or does not allow Apple to use its own first party data to serve you ads, so this is an additional layer you can opt-out of that only affects Apple data.

The company is urging users to update their devices with the latest iOS 14.4 to fix the vulnerabilities which ‘may have been actively exploited’ by hackers.

Update to fix security flaws

As well as the update on privacy, Apple is urging users to update their devices with the latest iOS 14.4 to fix three security flaws that ‘may have been actively exploited’ by hackers.

Apple released a statement on its support page that shows two security bugs were identified in Webkit, the browser engine that powers Safari, along with one in the core operating system, Kernel.

The Kernel vulnerability could allow malicious applications to elevate privileges, but Apple said the new update fixes this issue with ‘improved locking’.

Vulnerabilities in WebKit have been rectified with improved restrictions, but without the update hackers could remotely access devices ‘to cause arbitrary code execution,’ Apple said.

Apply rarely announces issues with its systems, but it is open to receiving reports from others who identify a security issue or privacy vulnerability. The security bugs were identified by an ‘anonymous researcher’.

The company typically remains silent about bugs and their fixes until the issue has been resolved, in an effort to protect the security of its users.

In a statement on its security page, it said: “For our customer’s protection, Apply doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available.”