How to Read Your iOS 15 App Privacy Report

The second section shows network activity, meaning which web domains your apps have reached out to in the past seven days. The report makes a distinction between domains the app contacted “directly” and those “contacted by other content.” The former means domains an app contacts to function, like your weather app pulling down the latest temperature data. The latter, though, is what happens when you click on a news article through a social network, say, or when an ad module auto-plays a video. 

The idea is to give you extra insight into when and why your apps are interacting with these domains. The problem, though, is that even with that distinction, most people wouldn’t recognize whether the domains and IP addresses that show up on this list are trustworthy in the first place. When the Facebook app contacts “web.facebook.com,” you know you’re probably okay, but you might not recognize “bidder.criteo.com” or “video.primis.tech” on the same list.

“The data I’m seeing so far is all just what website domains apps are communicating with, which is of somewhat limited value for the average consumer who wouldn’t know what domains to be concerned about,” says Thomas Reed, director of Mac and mobile platforms at the security firm Malwarebytes. “I personally will be interested to see if any of my apps are communicating with sketchy domains.” 

The content delivery and digital advertising ecosystems are a dense maze of platforms that silently facilitate a lot of app services behind the scenes. That anonymity to the end user is part of the point; you probably don’t know which vendors and service providers your favorite restaurant uses either. But this means that it could be challenging to vet every domain you see listed in the App Privacy Report. You can use your instincts, though, like if you see an app you thought was made in the US connecting to lots of foreign domains.

The next section lists “Website Network Activity,” which does the same thing but for sites loaded through in-app browsers, or mobile browsers like Safari and Chrome. For example, if you visit “wired.com” the report will show you which domains it contacted, like “fastly.net” and “googlesyndication.com.” You also get a breakdown of which apps loaded these sites. You might expect to see “wired.com” in your Safari browsing history, for example, but probably not in your period tracker, unless you remember opening an article link through your cycle tracker’s in-app browser.

The last section tracks the most contacted domains across all your apps and the websites they loaded.

“Guess what connects to lots of domains? Social, shopping, search—pretty predictable,” says Maximilian Zinkus, a cryptographer at Johns Hopkins University. “But I guess if you see anything aside from those types of domains, it’s potentially interesting. Similarly, the most contacted domains for me, and probably many, is a list containing content delivery networks and Google fonts and analytics. Again pretty predictable, so if you see a weird domain on that list, it could be a signal of a spyware app or rogue browser extension.”