Many of us choose to use an iPhone — as well as other devices in the Apple ecosystem — because of the company's dedication to user privacy and security. If you need more proof of that commitment, look no further than iOS 14.5, released April 26, which adds new tools to protect our data while browsing the web and more control over the data installed apps collect on us.
Apple's latest update protects your privacy and security against apps, websites, services, advertisers, and more, but there's more to iOS 14.5 than just that. In total, it adds over to 60 new features and changes, including over 200 new emoji, updates to Apple Maps, Apple Music, and Reminders, and Siri improvements. If you don't want to miss out on all of those, check out our full iOS 14.5 features roundup.
If you dove through your Settings app in previous versions of iOS, you might have seen a feature called "Allow Apps to Request to Track." This option controls whether apps can ask permission to track your iOS activity across other apps and sites. It wasn't particularly effective, however, because Apple didn't require apps to ask yet. With iOS 14.5, that changes.
This feature is one of the standouts in iOS 14.5; you might have even seen a headline or two about it. The update acts as a deadline for developers to add the request to their apps, so get ready to see many, many of these pop-ups after updating your iPhone. If you want to avoid those pop-ups, and subsequently block many of these apps from tracking you in the first place, there's a simple switch you can flip.
With iOS 14.5, Apple has implemented a new web privacy feature for Safari called "Private Click Measurement," which makes it possible for websites and advertisers to measure ad clicks both across websites and from iOS apps to websites.
Traditionally, ad tracking isn't a privacy-friendly business. Online advertisers know when you tapped an ad in an iPhone app or website to view the ad's webpage in Safari. Advertisers don't need to know your true identity to benefit from ad click data, which is why Apple has the "Prevent Cross-Site Tracking" option built into Safari that wipes this data.
That's the beauty of PCM — it anonymizes the times you select an ad so that advertisers only see that someone checked out the ad, not specifically you. Advertisers get their ad data; you keep your privacy.
Apple says PCM sends "attribution reports to advertisers with limited data in a dedicated Private Browsing mode without any cookies, delaying reports randomly between 24 and 48 hours to disassociate events in time, and handling data on-device ... PCM app-to-web does not require the app to be granted permission to track according to AppTrackingTransparency."
You can delete stored clicks whenever you clear website data (Settings –> Safari –> Advanced –> Website Data); no data is recorded in Private Browsing Mode; WebViews within apps can use PCM (although apps that use SFSafariViewController might in the future); and you can opt-out if you want. To do so, head to Settings –> Safari and toggle off "Privacy Preserving Ad Measurement." With it disabled, "no click metadata will be stored, and no attribution reports will be sent out."
Ironically, one of the features Safari uses to protect your privacy also sacrifices it in the process. Its "Fraudulent Website Warning" shows you an alert if you visit a website that appears to be stealing your personal data or phishing for sensitive credentials.
To know which websites are thought to be phishing in the first place, Apple uses Google's "Safe Browsing" database, which features all of the websites Google suspects to be fraudulent or malicious. Google shares a list of hashed prefixes for URLs to Safari from this database. If the website you're attempting to view matches any of the hashes, Safari requests the full URL from Google, preventing Google from ever knowing the URL you're trying to access.
While that might sound secure enough, Google might actually receive your IP address during this exchange, which is quite the privacy vulnerability. Apple changed this in iOS 14.5, pulling Google's Safe Browsing data through its own servers instead of Google's. That way, Google never sees your URL, nor your IP information.
Just updated your iPhone? See everything that's new with Apple's latest iOS update: