Hidden Trackers? Why Apple’s Privacy Tool May Not Be Enough

Apple's App Privacy Report privacy tool under the microscope

Apple touts the Apple App Privacy Report, one of the iOS privacy features introduced with iOS 15 and fully released in iOS 15.2, as a way for iPhone owners to “see how often your location, photos, camera, microphone, and contacts have been accessed … [and] which domains apps have contacted,” promising a “more complete picture” of data use. Yet a new peer-reviewed paper presented at the 2025 Network and Distributed System Security Symposium (NDSS) questions whether the dashboard actually empowers people to protect their online privacy.

How the researchers probed real-world understanding

In this privacy dashboard study, five Carnegie Mellon University researchers recruited 20 iPhone users via the Prolific platform. They walked each participant through their own App Privacy Report in semi-structured interviews. The study asked three core questions: Do users understand what they see? How does the information make them feel? And does it spur any privacy-protective action?

Although the sample is qualitative and small, the method mirrors usability testing used to surface pain points in early-stage products. The NDSS paper therefore offers a rigorous first look at how average consumers experience Apple’s most granular privacy dashboard to date.

Apple's App Privacy Report doesn't quite work as intended.

What works: clear insight into sensor permissions

Participants had little trouble reading the timeline that shows when apps tapped sensitive sensors such as the camera, microphone, or location. Most could correctly match an unexpected data collection access to a specific app. They knew exactly where in the iPhone privacy settings to revoke that permission. Several said they wanted to act immediately. According to participants, they planned to delete an offending iPhone app or toggle off location sharing once the interview ended.

That success aligns with Apple’s positioning of the feature as a straightforward window onto on-device sensors. But the good news stops there.

What doesn’t: a maze of mysterious network domains

Clarity evaporated when users scrolled to the “Network Activity” section, which lists every web domain an app contacts. All 20 interviewees noticed domains shared across multiple apps, which are strong signals of third-party tracking on iOS. However, almost none understood why so many domains appeared or what personal data might be flowing there. Several mistakenly assumed a domain on the list meant their personal information was definitely being sold. Others wanted a way to block a domain but found no control in iOS.

In short, the dashboard surfaced potential risks without explaining them or offering an immediate remedy. As the authors note, the sheer volume of technical detail tips from transparency into information overload.

Design lessons the paper does offer

To bridge that gap, the authors recommend layering interpretation on top of raw telemetry. Suggestions include:

  • Group domains by corporate owner so users recognize familiar companies.
  • Label the likely purpose of each connection (advertising, analytics, cloud storage).
  • Provide summary statistics that highlight possible trackers instead of pages of URLs.

The paper stops short of proposing new “block” buttons, arguing that deeper operating-system changes would be needed to make such controls meaningful. Still, without contextual clues, even privacy-conscious users are left guessing.

Why the findings matter beyond tech circles

Apple devices' broader app tracking transparency framework already reshaped mobile advertising. Regulators scrutinize them, advertisers adjust business models, and rival platforms race to match or outdo them. In March 2025, France’s antitrust watchdog fined Apple €150 million for what it called a “disproportionate” implementation of App Tracking Transparency, underscoring how design decisions in privacy dashboards can carry legal and financial weight.

If App Privacy Report is to become more than a feel-good marketing screen, the study concludes, it must translate complex network behavior into plain language and give people guidance they can act on. Until then, users may understand who’s tapping their camera, but they’ll still be in the dark about who’s tapping their user data pipelines.

For more new findings on phones & your security, check out these articles on whether or not your old phone number could hack you and a new AI technology that can assess the security of your texts.

Author

Written and Edited by Lizzy Schinkel & WhatIsMyIP.com® Editorial Contributors

Lizzy is a tech writer for WhatIsMyIP.com®, where she simplifies complex tech topics for readers of all levels. A Grove City College graduate with a bachelor’s degree in English, she’s been crafting clear and engaging content since 2020. When she’s not writing about IP addresses and online privacy, you’ll likely find her with a good book or exploring the latest tech trends.