Skip to main content

iOS 15: New Privacy Features Industry Should Note

By and October 7, 2021October 8th, 2021Insights

Apple recently released the latest version of its iPhone operating system, iOS 15. While iOS 15 currently has only a 15% adoption rate, the new operating system brings a slew of new features that are privacy-specific and can impact businesses.

Privacy Reports

The new App Privacy Report allows users to download a JSON file to see how apps are using previously granted permissions from the previous week. For example, a user can see how many times an app has accessed contacts, photos, cameras, location, and microphone; and which apps had “data and sensor access” in the last seven days, app network activity, domains contacted directly by the app, and websites visited in the app.

At this time, it appears the JSON file cannot be viewed without a JSON reader app on either an iPhone or computer. The JSON files can also be difficult to parse.

How it can impact businesses:

In light of Apple’s nutrition label requirements and laws like the CCPA/CPRA, the Virginia Consumer Data Protection Act (VACDPA), and the Colorado Privacy Act (CPA), businesses need to be aware of what data their apps are sharing and collecting beyond just permissions-based data.

In fact, based on what we routinely observe using NT Analyzer, there is a lot more data collection and sharing by most apps than companies realize, including hashed data and data beyond just permissions-based. Click here to learn why.

Mail Privacy Protection

In the new Mail app, Mail Privacy Protection is an optional feature that prevents email pixels from collecting user information. The feature will prompt users to make a choice between “Protect Mail Activity” and “Don’t Protect Mail Activity.” Neither choice is pre-selected. If the “Don’t Protect Mail Activity” is selected, the mail app will function as previously.

If the user selects “Protect Mail Activity,” for all pieces of email, Apple will first have the content loaded in a separate server that is assigned a general, regional IP address, masking the user’s actual IP address and preventing location determination. Since the server loads the emails, any pixels will fire before the email is delivered to the user’s inbox.

How it can impact businesses:

Mail Privacy Protection will skew metrics for impressions and open rate, as all emails opened through the Apple mail app will appear to have been opened, even if they were not. Businesses will not know which impressions were truly performed by the user or by Apple.

Premium iCloud+ Subscribers: (1) Private Relay and (2) Hide My Email

iCloud+ is a new paid subscription version of iCloud. Users who upgrade to an iCloud+ account will have access to iCloud Private Relay and Hide My Email.

When Apple users are on Apple’s Safari browser, Private Relay, among other things, sends the information through two Internet relays, removing the user’s IP address and assigning another IP address. The information is then delivered to the intended target. This feature is currently only for the web and a small percentage of unencrypted data transmission from apps. Private Relay will not be available in some countries, including China, because of local regulations.

Private Relay is the latest move by Apple to try and prevent fingerprinting, which is when a person’s identity is surmised by combining independent pieces of data together. Apple, along with Google, has banned fingerprinting.

Hide My Email works by creating unique “burner” emails that forward to a user’s true email. This allows users to create one-time-use disposable email accounts.

How Private Relay and Hide My Email can impact business:

The new features offered in iCloud+ will mean that business may have part of their user base obscured. Private Relay will prohibit businesses from figuring out certain information associated with iCloud+ account holders. Additionally, businesses may not have a complete email mailing list if an iCloud+ user enables Hide My Email.

How We Can Help

NT Analyzer’s downloadable report and designated module for iOS give organizations the information they need, at both a technical and legal level, to understand and meet their iOS privacy requirements. Contact us today for a demo or to learn more.

Steven Roosa

Author Steven Roosa

Steven B. Roosa advises companies on a wide spectrum of technology and legal issues pertaining to privacy and data security. Steve serves as partner in Norton Rose Fulbright's New York office and oversees the firm's privacy compliance tool suite, NT Analyzer.

More posts by Steven Roosa
Steven Roosa

Author Daniel Rosenzweig

Daniel B. Rosenzweig is a lawyer in Norton Rose Fulbright's Data Protection, Privacy and Cybersecurity practice group in the New York office. Daniel is part of the core team that oversees NT Analyzer to help clients navigate the complex data protection and privacy landscape.

More posts by Daniel Rosenzweig