With each version of iOS, we’ve seen developers try to protect user data better. However, the core principle remains unchanged: You, the user, gets to decide what information to share with which apps. With that in mind, we’ve put together an in-depth review of app permissions in iOS 15 to help you decide which requests to allow and which to deny.
Where to find iOS 15 app permission settings
iOS 15 offers several ways to manage permissions. We’ll talk about each of the three methods separately.
Managing permissions when you first launch an app
Every app requests permission to access certain information the first time you launch it, and that’s the easiest time to choose what data to share with the app. But even if you accidentally press “Yes” instead of “No,” you can still change it later.
Setting up all permissions for a specific app
To see and set all permissions for a particular app at once, open the system settings and scroll down to see a list of installed applications. Select an app to see what permissions it has and revoke them if you need to.
Setting specific permissions for different applications
Go to Settings → Privacy. In this section, you will find a long list of basic iOS 15 permissions. Click on each permission to see which applications requested it. You can deny access to any of them at any time.
Not all permissions are in the Privacy menu; you’ll need to go to other settings sections to configure some of them. For example, you can disable mobile data transfer for apps in the Mobile section, and permission to use the Internet in the background is configured in the Background App Refresh section.
Now you know where to look for what. Next, we’ll go into more detail about all of iOS’s permissions.
- Location Services
- Local Network
- Nearby Interaction
- Speech Recognition
- Research Sensor & Usage Data
- Media & Apple Music
- Files and Folders
- Motion & Fitness
- Analytics & Improvements
- Apple Advertising
- Record App Activity
- Mobile Data
- Background App Refresh
What it is: Permission to access your location. This permission isn’t just about GPS; apps can also navigate using mobile network base stations, Bluetooth, and the coordinates of Wi-Fi hotspots you are connected to. Access to location services is used, for example, by maps to plot routes and show you nearby businesses.
What the risks are: Having location access enables apps to map your movements accurately. App developers can use that data for marketing purposes, and cybercriminals can use it to spy on you.
You may not want to give this permission to an app if you don’t fully trust it or don’t think it needs that level of information. For example, social networks can do without location access if you don’t add geotags to your posts or if you prefer to do so manually.
In case you need an app that needs location access to work properly, here are two ways to protect yourself from being tracked:
- Allow access to location only while using the app to give the app access to your coordinates only when you are actually using it. If the app wants to receive location information in the background, you will be notified and may opt out.
- Turn off Precise Location to restrict the app’s knowledge of your location. In this case, the margin of error will be about 25 square kilometers (or 10 square miles) — that’s comparable to the area of a small city.
What’s more, iOS has long had an indicator that lets you know that an app is requesting access to your location. With iOS 15, that indicator has become much more prominent, appearing as a bright blue icon with a white arrow at the top of the screen.
Where to configure it: Settings → Privacy → Location Services
What it is: Permission to access a unique device identifier — the Identifier for Advertisers, or IDFA. Of course, each individual application can track a user’s actions in its own “territory.” But access to IDFA allows data matching across apps to form a much more detailed “digital portrait” of the user.
So, for example, if you allow tracking in all applications, then a social network can not only see all of your records and profile information in it, but also find out what games you play, what music you listen to, the weather in cities you are interested in, what movies you watch, and much more.
What the risks are: Tracking activity in apps enables the compilation of a much more extensive dossier on the phone’s owner, which increases advertising efficacy. In other words, it can encourage you to spend more money.
Starting in iOS 14.5, users gained the ability to disable tracking requests in apps.
Where to configure it: Settings → Privacy → Tracking
What it is: Permission to access your address book — to read and change existing contacts and to add new contacts. Data an app can get with this permission includes not only names, phone numbers, and e-mail addresses, but also other information from your list of contacts, including notes about specific contacts (although apps need separate approval from Apple to access the notes).
What the risks are: Databases of contacts — with numbers, addresses, and other information — can, for example, be used to attack an organization, send spam, or conduct phone scams.
Where to configure it: Settings → Privacy → Contacts
What it is: Permission to view, change, and add calendar events.
What the risks are: The app will receive all of your personal calendar information, including past and scheduled events. That may include doctor’s appointments, meeting topics, and other information you don’t want to share with outsiders.
Where to configure it: Settings → Privacy → Calendars
What it is: Permission to read and change existing reminders and add new ones.
What the risks are: If you have something personal recorded in your Reminders app, such as health data or information about family members, you may not want to share it with any app developers.
Where to configure it: Settings → Privacy → Reminders
What it is: This permission allows the app to view, add, and delete photos and videos in your phone’s gallery. The app also can read photo metadata, such as information about where and when a photo was taken. Apps that need access to Photos include image editors and social networks.
What the risks are: A personal photo gallery can say a lot about a person, from who their friends are and what they’re interested in to where they go, and when. In general, even if you don’t have nude photos, pictures of both sides of your credit card or screenshots with passwords in the gallery, you should be cautious about giving apps access to yours.
Starting with iOS 14, Apple developers added the ability to give an app access to individual files without giving them the entire gallery. For example, if you want to post something on Instagram, you can choose precisely which images to upload and keep your other photos invisible to the social network. In our opinion, that’s the best option for providing access to your images.
Where to configure it: Settings → Privacy → Photos
What it is: Permission to connect to other devices on your local network, for example, to play music with AirPlay, or to control your router or other gadgets.
What the risks are: With this type of access, applications can collect information about all of the devices on your local network. Data about your equipment can help an attacker find vulnerabilities, hack your router, and more.
Where to configure it: Settings → Privacy → Local Network
What it is: Permission to use Ultra Wideband (UWB), which the iPhone 11 and later support. Using UWB lets you measure the exact distance between your iPhone and other devices that support the technology. In particular, it’s used in Apple AirTag to find things you’ve tagged.
What the risks are: A malicious app with UWB access can determine your location extremely accurately, to an exact room in a house or even more precisely.
Where to configure it: Settings → Privacy → Nearby Interaction
What it is: Permission to access your microphone.
What the risks are: With this permission, the app can record all conversations near the iPhone, such as in business meetings or at a medical appointment.
An orange dot in the upper right corner of the screen indicates when an app is using a microphone (the dot becomes red when you turn on the Increase Contrast accessibility feature).
Where to configure it: Settings → Privacy → Microphone
What it is: Permission to send voice-command recordings to Apple’s servers for recognition. An app needs this permission only if it uses Apple’s speech recognition service. If the app uses a third-party library for the same purpose, it will need another permission (Microphone) instead.
What the risks are: By and large, asking for this permission is indicative of an app developer’s honest intentions — by using Apple’s proprietary speech recognition service, they are following the company’s rules and recommendations. A malicious app is much more likely to ask for direct access to the microphone. Nevertheless, use caution granting permission for speech recognition.
Where to configure it: Settings → Privacy → Speech Recognition
What it is: Permission to take photos and videos, and to obtain metadata such as location and time.
What the risks are: An application can connect to the phone’s cameras at any time, even without your knowledge, and obtain access to photos’ metadata (the time and location where they were taken). Attackers can use this permission to spy on you.
If an application is currently accessing the camera, a green dot lights up in the upper right corner of the screen.
Where to configure it: Settings → Privacy → Camera
What it is: Permission to access data you keep in the Health app, such as height, weight, age, and disease symptoms.
What the risks are: App developers may sell your health information to advertisers or insurance companies, which can tailor ads based on that data or use it to calculate health insurance rates.
Where to configure it: Settings → Privacy → Health
Research Sensor & Usage Data
What it is: Access to data from the phone’s built-in sensors, such as the light sensor, accelerometer, and gyroscope. Judging by indirect references in this document, that could also include data from the microphone and facial recognition sensor, as well as from iWatch sensors. The permission can also provide access to data about keyboard usage, the number of messages sent, incoming and outgoing calls, categories of apps used, websites visited, and more.
As you can see, this permission can provide a range of sensitive data about the device’s owner. Therefore, only apps designed for health and lifestyle research should request it.
What the risks are: The permission can allow outsiders to obtain information about you that is not available to ordinary apps. In particular, this data allows examination of your walking pattern, the position of your head while you’re looking at the screen, and collecting a lot of information about how you use your device.
Of course, you shouldn’t provide that much data about yourself to just anyone. Before agreeing to participate in a study and providing permission to the app in question, take a good look at what data the scientists are interested in, and how they plan to use it.
Where to configure it: Settings → Privacy → Research Sensor & Usage Data
What it is: The ability to control smart home devices.
What the risks are: With this level of access, an app can control smart home devices on your local network. For example, it can open smart door locks and blinds, turn music on and off, and control lights and security cameras. A random photo-filter app (for example) should not need this permission.
Where to configure it: Settings → Privacy → HomeKit
Media & Apple Music
What it is: Permission to access your media library in Apple Music and iCloud. Apps will receive information about your playlists and personal recommendations, and they will be able to play, add, and delete tracks from your music library.
What the risks are: If you don’t mind sharing your music preferences with the app, you probably have nothing to worry about, but be aware that this data may also be used for advertising purposes.
Where to configure it: Settings → Privacy → Media & Apple Music
Files and Folders
What it is: Permission to access documents stored in the Files app.
What the risks are: Apps can change, delete, even steal important documents stored in the Files app. If you’re using Files to store important data, keep access limited to the apps you truly trust.
Where to configure it: Settings → Privacy → Files and Folders
Motion & Fitness
What it is: Permission to access data about your workouts and daily physical activity, such as number of steps taken, calories burned, and so on.
What the risks are: Just like medical data from the Health app, activity data may be used by marketers to display targeted ads and by insurance companies to calculate health insurance costs.
Where to configure it: Settings → Privacy → Motion & Fitness
What it is: This permission allows apps to see if notifications on your smartphone are currently muted or enabled.
What the risks are: None.
Where to configure it: Settings → Privacy → Focus
Analytics & Improvements
What it is: Permission to collect and send data to Apple about how you use your device. It includes, for example, information about the country you live in and the apps you run. Apple uses the information to improve the operating system.
What the risks are: Your smartphone may use mobile data to send Apple data, potentially draining both the battery and your data plan a bit faster.
Where to configure it: Settings → Privacy → Analytics & Improvements
What it is: Permission to collect personal information such as your name, address, age, gender, and more, and use it to show targeted ads from Apple’s ad service — but not to share it with other companies. Disabling this permission will not eliminate ads, but without data collection they will be generic, not targeted.
What the risks are: As with any targeted ads, more effective advertising may lead to extra spending.
Where to configure it: Settings → Privacy → Apple Advertising
Record App Activity<
What it is: Permission to keep track of what data (location, microphone, camera, etc.) any given application accessed. At the time of this writing (using iOS 15.1), users may download the collected data as a file, albeit not a very informative one. Future versions of iOS (starting with 15.2, expected at the end of 2021) will use this data for the App Privacy Report, which is a bit like Screen Time, but for app tracking.
What’s useful: If you want to use the App Privacy Report as soon as iOS 15.2 becomes available, you may want to enable app activity logging in advance.
Where to configure it: Settings → Privacy → Record App Activity
What it is: Permission to use mobile Internet. Applications need access to the Web to send messages, load photos and news feeds, and complete technical tasks such as sending bug reports.
What the risks are: Apps working in the background can quickly deplete data allowances. Users may prefer to deny mobile Internet access to apps that send a lot of data over the Web, instead limiting them to Wi-Fi use, especially when roaming. We strongly recommend users go through their app lists and disable unnecessary mobile data permissions before trips abroad.
Where to configure it: Settings → Mobile
Background App Refresh
What it is: Permission to refresh content when you are not using an app, that is, when it’s running in the background.
What the risks are: Updating content consumes data and battery power, but all modern smartphones are designed to run apps in the background. Take action only if you notice that a certain program is sending a lot of data over the Web and significantly reducing your smartphone’s runtime. You can check apps’ mobile data and power consumption in the system settings, under Mobile Data and Battery.
Where to configure it: Settings → General → Background App Refresh
Better safe than sorry
Protecting yourself from apps that are too greedy in collecting your personal information takes very little time. We strongly recommend taking that time, though, carefully considering all requests and being judicious about what you share and with whom. Remember that you are responsible for your privacy, so you can rest easy after denying any requests that seem suspicious or unreasonable, knowing your photos, videos, documents, and other data are safe.