Apple Releases iOS 15.2 With App Privacy Report, Legacy Contacts, Hide My Email Improvements and More

[iLoveDeveloping]

Anyone else having issues with the digital legacy thing? Can’t add it to my wife’s phone. She just got a text but can’t click anything?? She is on ios15.1 - so I know it says it won’t automatically go into her settings app, but she should be able to at least open it and save it no? I sent the text message to her and it’s just a contact card saying “you have been added as a legacy contact” but can’t open it!

 

[svenning]

Does anyone else have this issue (iPhone 13 mini). Been experiencing since I got it. Control center is pushed too far down and you can scroll up behind the time/Wi-Fi/battery bar ?!

 

[Artemis70]

I'm most interested in the App Privacy Report.

I upgraded my iPhone exactly for this reason. I must say that I am shocked at the domains being used across many apps. There is a warning when multiple apps or websites contact the same domain, they could be building a profile of you. Well, graph.facebook.com and app-measurement.com can certainly build a profile of me. Further down on the list are some Google domains that can build a profile of me.

Next step: how do I stop these apps from accessing these domains?

 

[B4U]

I don’t think so. Under the messages, you can see it being introduced.

View attachment 1927769

Sigh, instead of unsolicited nudes, can they work on combating unsolicited spam texts?
I can report spam on my unlocked android phone that was not bought from a carrier with a single button. Yet I cannot do anything on the iPhone other than forwarding to 7726. ?

 

[sparkinstx]

Is the "iPhone almost out of storage" when not low on storage bug fixed?

 

[Der Keyser]

I upgraded my iPhone exactly for this reason. I must say that I am shocked at the domains being used across many apps. There is a warning when multiple apps or websites contact the same domain, they could be building a profile of you. Well, graph.facebook.com and app-measurement.com can certainly build a profile of me. Further down on the list are some Google domains that can build a profile of me.

Next step: how do I stop these apps from accessing these domains?

It’s rather hard to do universally on an iPhone since you cannot jailbreak/root it. But you can do it easily on your home wired/wifi network (hence also iphone when on home WiFi) by introducing a Pi-Hole or pfSense with pfBlockerNG installed. Those are both DNS servers that filters requests based on what you allow/deny. But Apple like many other apps vendors have started to notice this and is starting to let their browser skip the OS DNS service, and instead use their own DNS server (if available) over the internet via DNS over HTTPS. That way they can track/profile you even more detailed and directly - whereever you are. It‘s just like all the free VPNs to secure you…. Secure my ass, you are just offering the VPN vendor 100% details of everything you do (instead of your ISP). It’s becoming more or less impossible to remain Untracked/profiled in todays economy (anything is for sale!)
But if you are setting up a Pi-Hole or pfBlockerNG, you also need to block all known DNS over HTTPS servers to prevent apps/vendors from skipping your own filtered DNS server and profile ALL your traffic by hijacking all your DNS requests.

 

[Shirasaki]

So the free feature to use Siri to play music is now a paid premium feature? Can someone clarify?

Siri is still “free” to use. Apple just lend you their music library at a cheaper price. That’s it.

Still waiting until Apple agrees to completely abandon the CSAM overreach before I upgrade to iOS 15.

We will never know if CSAM is implemented or not and apple can just disguise it in an iOS 15 upgrade. do you really think apple after so much backlash would continue to let public know what’s going on?

 

[Der Keyser]

Just for example: We are a household of four people and use the internet very frequetly on various devices. My pfBlockerNG filters about well above 45K requests to facebook/google tracking services every week (not their webservices - those are allowed). That is a LOT of profiling data from 4 people?
I really wish the politicians were normal people that was not in the corporate pockets. They should simply ban tracking all together unless you very very explicitly opt in. No questions offf cookies and can I track… everything off by default unless I as a user find a setting menu and specifically enable tracking for app/site.
Easy to do - and remeber to set a 1 dollar fine for every datapoint tracked outside of the original website/app service visited and/or outside directly related to the specific web/app service being used.
Such a fine would backrupt Facebook within a week with the amount of tracking they are doing - even on non facebook service users.

 

[Shirasaki]

It’s rather hard to do universally on an iPhone since you cannot jailbreak/root it. But you can do it easily on your home wired/wifi network (hence also iphone when on home WiFi) by introducing a Pi-Hole or pfSense with pfBlockerNG installed. Those are both DNS servers that filters requests based on what you allow/deny. But Apple like many other apps vendors have started to notice this and is starting to let their browser skip the OS DNS service, and instead use their own DNS server (if available) over the internet via DNS over HTTPS. That way they can track/profile you even more detailed and directly - whereever you are. It‘s just like all the free VPNs to secure you…. Secure my ass, you are just offering the VPN vendor 100% details of everything you do (instead of your ISP). It’s becoming more or less impossible to remain Untracked/profiled in todays economy (anything is for sale!)
But if you are setting up a Pi-Hole or pfBlockerNG, you also need to block all known DNS over HTTPS servers to prevent apps/vendors from skipping your own filtered DNS server and profile ALL your traffic by hijacking all your DNS requests.

Is it even remotely practical to remain anonymous online nowadays? PiHole is all good and dandy but can’t be carried out easily (I mean keep it on), and the effort going into blocking all the sources seems massive. Heck, carrying a smartphone pretty much breaks all anonymity I’d argue.

 

[Der Keyser]

Is it even remotely practical to remain anonymous online nowadays? PiHole is all good and dandy but can’t be carried out easily (I mean keep it on), and the effort going into blocking all the sources seems massive. Heck, carrying a smartphone pretty much breaks all anonymity I’d argue.

With a smartphone it's "impossible" - at least with iOS and Android and especially if you install any apps remotely releated to Facebook/Google/Amazon.
So generally no, but I will say that at home - on your home wired/wireless network - you can get a good part of the way with a pfSense Firewall with pfBlockerNG installed. The beauty is not only does i it do full DNS filtering, but it can also block all know DNS over HTTPS servers automatically. And if you are a little crafty you will create a destination NAT rule that captures any DNS request from internal clients that is bound for the Internet and redirect it to your local pfSense DNS (filtered by pfBlockerNG).It's a pretty formidable add/tracking blocker for all devices on the home network.

Yes I know, they still get quite a lot of data, and you are not anonymous - but they are blocked from 85%+ of the tracking and behaviour details they would normally see.

You could then install wireguard or IPsec VPN on your phone and ALWAYS have it access the internet through your home connection where ever you are in the world (4G/other WiFi), but it does make it slower, and does still not block builtin Apps/OS/GPS tracking of the device.

 

[MacBH928]

So CSAM will be everywhere on iphone or only imessage or ony iCloud?

You clearly don’t know what CSAM is.

Is this what this thread is going to turn into? Safety warnings for kids receiving unsolicited nudes is not CSAM.

Can you explain to me how does Apple know if the picture is or is not nudity if they are not scanning each and every photo and looking at them?

 

[MacBH928]

Is it even remotely practical to remain anonymous online nowadays? PiHole is all good and dandy but can’t be carried out easily (I mean keep it on), and the effort going into blocking all the sources seems massive. Heck, carrying a smartphone pretty much breaks all anonymity I’d argue.

you can't be anonymous online just like you can't be anonymous in real life. The idea is to limit the exposure. If you leave your house I know its you and I see your car, but I don't know what you did last week, how much you have in the bank, who your x is, nor your medical history.

Privacy invasive software and corporates will gather, store, and share every single data about you to make them richer: - How Target Knew a High School Girl Was Pregnant Before Her Parents Did

 

[MuppetGate]

So CSAM will be everywhere on iphone or only imessage or ony iCloud?



Can you explain to me how does Apple know if the picture is or is not nudity if they are not scanning each and every photo and looking at them?

Scanning photos on your phone is not the same as CSAM. CSAM is the process of matching photos on your phone against a database of known abuse images.

Apple already scans images on your phone when it categorises images for the Photo app.

Secondly, the problem is not CSAM itself, which Apple is already doing server side, along with Facebook, Microsoft and Google; the problem is Apple’s implementation of CSAM which runs the check on your device. Running it on device essentially opens up a nice backdoor on your device which governments will be looking to exploit.

Scan encrypted messages for CSAM, says British government - 9to5Mac

The British government says that it wants the ability to scan encrypted messages for CSAM, even where end-to-end encryption is used ...

9to5mac.com

When Priti Patel backs you, then you know you’re doing something hideously wrong.

And given what we now know about the shady money swaps going on between Apple and China, then I’m pretty sure Apple will extend their on-device scanning to match whatever database the Party tells them to match against.

On a personal note, I had decided not to upgrade any of my devices, as I think Apple will switch this on as soon as they think the noise has died down. But now, I‘m also not upgrading my devices because the latest round of OS upgrades look like utter sh*t.
Ironically, CSAM provided a lucky escape: normally, I upgrade a day after the release. ??‍♂️

P.S.

I don’t believe Apple intentionally set out to build a back door into every device. I think they were so blinded by their desire to save money by shifting the cost of CSAM scanning to their customers, they lost sight of their much-vaunted stance on privacy.

 

[Artemis70]

It’s rather hard to do universally on an iPhone since you cannot jailbreak/root it. But you can do it easily on your home wired/wifi network (hence also iphone when on home WiFi) by introducing a Pi-Hole or pfSense with pfBlockerNG installed. Those are both DNS servers that filters requests based on what you allow/deny. But Apple like many other apps vendors have started to notice this and is starting to let their browser skip the OS DNS service, and instead use their own DNS server (if available) over the internet via DNS over HTTPS. That way they can track/profile you even more detailed and directly - whereever you are. It‘s just like all the free VPNs to secure you…. Secure my ass, you are just offering the VPN vendor 100% details of everything you do (instead of your ISP). It’s becoming more or less impossible to remain Untracked/profiled in todays economy (anything is for sale!)
But if you are setting up a Pi-Hole or pfBlockerNG, you also need to block all known DNS over HTTPS servers to prevent apps/vendors from skipping your own filtered DNS server and profile ALL your traffic by hijacking all your DNS requests.

I know it is currently impossible. Apple is currently allowing us to name and shame the apps that are giving our information away. I'm waiting for the next step, which will have to be some form of blocking on the phone itself. Blocking on my home wifi is all very nice (done that), but a significant percentage of my phone usage happens while not on my home wifi.

 

[JonaM]

I upgraded my iPhone exactly for this reason. I must say that I am shocked at the domains being used across many apps. There is a warning when multiple apps or websites contact the same domain, they could be building a profile of you. Well, graph.facebook.com and app-measurement.com can certainly build a profile of me. Further down on the list are some Google domains that can build a profile of me.

Next step: how do I stop these apps from accessing these domains?

I'd try Lockdown if you haven't got it - it's free, does all the filtering on your phone/ipad and I haven't noticed any problems and have been using it for a year or so. The number of connections to trackers it blocks is truly horrifying

 

[vcboard]

I upgraded my iPhone exactly for this reason. I must say that I am shocked at the domains being used across many apps. There is a warning when multiple apps or websites contact the same domain, they could be building a profile of you. Well, graph.facebook.com and app-measurement.com can certainly build a profile of me. Further down on the list are some Google domains that can build a profile of me.

Next step: how do I stop these apps from accessing these domains?

I use Lockdown app on the phone and pi-hole on the router

 

[winxmac]

Is the in-app purchase only for VPN feature of Lockdown? Is it okay to use Lockdown with a different VPN provider like Surfshark?

 

[wanha]

Really looking forward to seeing the App Privacy Reports.

Will be fascinating to learn which apps are tapping into what information frequently.

 

[JonaM]

Is the in-app purchase only for VPN feature of Lockdown? Is it okay to use Lockdown with a different VPN provider like Surfshark?

Yes - the VPN is the only paid feature in Lockdown and you can use another VPN provider as your actual VPN connection as a Personal VPN

 

[TinyMito]

Still waiting until Apple agrees to completely abandon the CSAM overreach before I upgrade to iOS 15.

Don't use iCloud Photo and Storage?

Pretty sure they don't want those **** on their cloud servers like I don't want drug abuser in my home. What's the different?

 

[Just sayin...]

Since updating to 15.2, iCloud Private Relay prevents my iPad and iPhone from accessing the internet. My home WiFi shows full strength according to its’ icon, but the only way to connect to the internet is to go into Settings -> WiFi -> (select my home network) -> and turn off ”Limit IP Address Tracking”. This is repeatable, persists through reboots, and effects both my iPhone (iOS 15.2) and my iPad (iPadOS 15.2). Anybody else seeing this? I’ve found a couple references to this behavior in various searches, but have found no resolution. Ideas?

Edit: Discovered that iCloud Private Relay is incompatible with the PiHole server I have running on my network. Here’s a thread discussing this: https://apple.stackexchange.com/que...ings-prevent-content-from-loading-privately-i along with a resolution. Long story short, PiHole is blocking telemetry that iCloud needs for Private Relay functionality. However, you lose some app telemetry blocking functionality that I consider important, so I’m now skipping the iCloud Private Relay.

 

[Lounge vibes 05]

Siri is still “free” to use. Apple just lend you their music library at a cheaper price. That’s it.

We will never know if CSAM is implemented or not and apple can just disguise it in an iOS 15 upgrade. do you really think apple after so much backlash would continue to let public know what’s going on?

Clearly you don’t know how security researchers work.
Every time a new beta or release is made available, people dig through the code to find anything, pictures of unreleased products, hints of new features.
If Apple even attempted to slip the CSAM scanning and detection software into a future build of iOS without announcing it to the public first, researchers would find it, my guess is within 12 hours, and it would be a PR nightmare.
Sometimes I think people forget that Apple isn’t stupid, and their software isn’t uncrackable like people would like to think it is.
It’s possible to view every component of iOS if you know what you’re doing

 

[Artemis70]

I use Lockdown app on the phone and pi-hole on the router

Thank you vcboard. I am giving Lockdown a try.

 

[Doctor Q]

When you use the Legacy Contact feature, the messages say that your legacy contact will have access to your data for 3 years, after which your account will be deleted, and that they won't have access to your "licensed media." Does this media refer to music and TV shows, or other types of content too? Will your iTunes music be inaccessible and eventually deleted even if you paid for it? Perhaps that's the case, but it would be nice to have a clear explanation of what your Legacy Contact person can save permanently.

Apple's Account recovery contact page doesn't give these types of details.

 

[_Spinn_]

I upgraded my iPhone exactly for this reason. I must say that I am shocked at the domains being used across many apps. There is a warning when multiple apps or websites contact the same domain, they could be building a profile of you. Well, graph.facebook.com and app-measurement.com can certainly build a profile of me. Further down on the list are some Google domains that can build a profile of me.

Next step: how do I stop these apps from accessing these domains?

I have Pi-hole running on a raspberry pi so I can block those domains network wide.