Apple’s iOS14 privacy labels are rolling out today — and other notable iOS14 privacy features

By Emily Ashley & lourdes.turrecha

In Part 1, we analyzed Apple’s privacy position and provided takeaways for startups.

In this Part 2 of our two-part Apple privacy series, we share a breakdown of iOS14’s privacy features.

iOS14 addresses various privacy pain points, including but not limited to notice, consent, and data minimization. We’ve summarized some of them below for startups to take inspiration from in designing their own apps and other products.

Transparency: notice & consent

• Today, Apple releases one of its more controversial iOS14 features: privacy labels. These App Store labels function as a privacy “nutrition label” for transparency about how the app collects and processes data. They are a nod to privacy thinkers who proposed for years the adoption of simple symbols to summarize lengthy privacy notices that are often written in legalese and, as a result, users end up not reading. Because app developers are required to self-report the information required for the nutrition labels, they are compelled to take a closer look at what they do with consumer data.

Credit: 9to5Mac

• iOS14 also released recording indicators, which can be seen in the form of a green or orange dot at the top of the screen when an app is recording audio or video. A green-colored dot indicates a live camera, while an orange-colored dot reflects a live microphone. The iPhone’s Control Center will show the name of the app using the camera feed or microphone audio, including the most recent apps that accessed the camera or microphone. This is important because users have largely been unaware when apps are accessing their device’s camera or microphone.

Audio

Video

• In addition, iOS14 includes more just-in-time pop-up notifications that let users know if an app is about to start collecting different types of data and give them the option to allow or disallow such tracking. We specifically observed additional pop-up notifications requesting consent for tracking other devices on the user’s local network.

Credit: NYT Wirecutter

• iOS14 also now requires apps to obtain explicit consent to track users across apps and websites. Users will receive a just-in-time notification that provides them with the option to allow or restrict any app from tracking them. These permissions can be managed by heading over to Settings > Privacy > Tracking.

• Finally, iOS 14 has one more controversial privacy feature on the way: identifiers for advertisers. This feature will make it so that users have to opt-in to app tracking, which will impact data collected and used for advertising.

Data minimization

iOS14 includes several features limiting data collection by third-party apps.

• iOS14 limits location collection, allowing users to limit apps to collecting only their approximate location instead of the precise details of their location. Many apps don’t need precise location to work properly. For example, while maps apps need precise location, weather or dating apps do not. Collecting precise location data could pose safety concerns for users, so this feature helps to minimize that type of risk. Users can enable or disable precision location for apps by going to Settings > Privacy > Location Services.

• iOS14 also limits photo access, allowing users to limit an app’s access to their photo library to select photos or albums vs. the user’s entire photo library. App photo library permissions can be configured at Settings > Privacy > Photos.

Security

iOS14 also includes notable additional security features to protect user information.

• For example, iOS14 will now check a user’s passwords and login credentials saved in Apple’s password manager, for breaches and duplicates. If any of the saved passwords or credentials were involved in a known data breach, the Security Recommendations screen under Settings > Passwords will alert a user to the fact so that the user can take adequate action. The same goes for duplicate or commonly used passwords. Users can also upgrade login credentials to Sign in with Apple.
• Next, iOS 14 rolled out the Use Private Address setting to make it harder for network providers to track user devices. This is enabled by default under Settings > Wi-Fi > the user’s specific connection. It throws out randomly generated Mac addresses and serves as an anti-tracking measure whenever a user connects to different Wi-Fi networks.
• Another iOS 14 security feature is encrypted DNS involving the DoH (DNS-over-HTTPS) and DoT (DNS-over-TLS) protocols. DoH is not without controversy, but these features allow apps to perform and receive DNS queries and responses in an encrypted format, helping prevent bad actors and malicious code from interfering with and hijacking network traffic.