Privacy Policies — see what your phone is sharing about you 

This quick essay explains the disparity between how much of your personal data apps want versus what they get, and how you can see for yourself on your own device. As privacy is a deep rabbit hole, I’m going to focus on how to quickly glimpse the big picture, at least enough to quell a little bit of fear.

Last week I read an article about the new social media app Threads, titled How Threads’ privacy policy compares to Twitter’s (and its rivals’), and was increasingly alarmed as I scrolled through the long list of personal information sought by the app. “Wait, I thought Apple’s recent privacy updates were protecting me from this kind of privacy intrusion!?”  

Yikes!

…was my immediate thought.

The author is reporting data provided in the “Data Linked to You” section of the Threads app store pages. It’s a long list, and things like “Purchase History,” “Other Financial Info,” “Physical Address,” “Contacts,” and “Search History” stand out as why do they need to know that? bits of my personal life. 

Understanding how to check for yourself is important, but if you’re using an iPhone or iPad with the current operating system, Apple has blocked most data collection, so much of what Threads, Facebook, Twitter, etc. want is not available to them unless we explicitly grant them permission. 

That said, when we install apps we often reflexively click through a stream of “Accept” screens without fully paying attention. For example, I installed Threads a few days ago but don’t recall the specifics of what it asked me to agree to.

How to quickly see what your iPhone is sharing

The first thing I did was to go into my iPhone’s Settings, gently pull down with my thumb to reveal the Search bar, and type “Privacy”. 

All of the privacy options are interesting to scroll through, but for now tap Privacy & Security. 

• “Tracking” lets you toggle whether apps can ask if they can track you across the web. (Mine is set to Off)
• Next, I scrolled down the page (past all the apps listed — see below for what that tells you) and tapped Safety Check and then Manage Sharing & Access to get a quick snapshot of what’s happening across all the apps. Read the screens and tap through the steps to get a full picture of what’s being shared to your friends, family, and various apps. In my “Review People” section, I discovered that I was still sharing my location with a teammate from a relay race we ran together in 2017. (I turned that off). The “Review Apps” section will show which apps have asked for access, and tapping the ℹ️ (info) icon next to each expands to show specifics on what we’re giving them. For me, the first app is Square, which I use to take payments for my business. Square asks for location, access to Bluetooth (for the card reader I use now), Microphone (for the card reader I used to use), and Local Network (to run the transaction). Quickly scroll through your list of apps and tap into any you might wonder about, but don’t forget that the main reason apps ask for data is to do their jobs. Example: my favorite weather app wants my current location so it can instantly give me conditions, but I’m not sure why it wants access to my camera, so I turned that off. 

In my case, tapping through the Safety Check reassured me that my privacy settings are pretty solid — Instagram’s settings (upon which Threads are set) are to share Microphone, Camera, and Photos, which is about right for an app whose purpose is to share images and video. 

• Side note: below “Tracking” is a list of apps  whose data has been requested by other apps. On my phone, the first item is Contacts. Tapping that reveals the apps that have requested access to my contacts and whether access has been given.
  – Instagram wants to know my contacts, but I didn’t allow that. The stated reason for that access is to help Instagram suggest who I might want to follow. That seems valid on one hand, but on the other hand it tips my mind into “too creepy” territory. 
  – Numbers wants access to my contacts because it has a “Collaborate with Colleagues” feature I actually use. Access granted.
  – OnPoint, PayPal, and Venmo use contacts for electronic payments.
  – Signal is a secure messaging app, so giving it access to Contacts makes sense to me.

Whew.

In this instance, my Privacy settings remain as I set them (meaning I’ve plugged to my satisfaction the potential data leaks I know about), but managing our personal information from social media (and other) apps requires a proactive approach and ongoing vigilance. Information security awareness has been part of my work for several years, and still this Wired article caused me to wonder if something had changed such that “how-it-used-to-work” is no longer “how-it-actually-works”. I’m relieved to have found that I don’t have to dive down that privacy protection rabbit hole again. For now, anyway.

Note: this article was written July 17, 2023 — if you’re reading it from 2024, it’s likely out of date.