If you haven’t already, you’ll see a surprising message pop up on your iPhone from Facebook in the next few weeks: Do you give it permission to track you?
To prevent this same pop-up from appearing for lots of different apps — and to limit some of the other digital tracking in your life — you also should change two settings right now. I have instructions below.
What’s going on? With a software update that arrived this week called iOS 14.5 and iPadOS 14.5, Apple is finally forcing apps to come clean about a kind of surveillance they’ve been conducting on us for the past decade. Behind the scenes, apps can probe your phone for personal information that helps them target you with ads or even sell data about you to others. Now marketers and data brokers can’t access a valuable way to identify your phone unless you explicitly say it’s okay.
Some apps, such as The Sims, Venmo and Shake Shack have been seeking permission to track for a few weeks now. Facebook and its sister app Instagram began asking permission on Monday and the company says it will roll out the pop up — and a screen arguing why you should allow it to track — over the next few weeks.
Facebook and other apps that make money by collecting our data and showing us hyper-targeted ads aren’t happy about having to ask permission. Mark Zuckerberg and friends have deluded themselves into thinking people enjoy feeling as though Facebook is eavesdropping on their conversations. (It doesn’t really need to because it’s already spying on our apps and websites.)
I think Apple should have gone even further, making “Don’t track me” the default for everyone. But even if the new pop-ups are more work and more confusing than they ought to be, this is still a win for our privacy.
What tracking really means
Apps gobble up all sorts of information about you, all the time — as I’ve written, even while you sleep. Now the software that runs your iPhone and iPad is putting up some roadblocks to collecting one particularly valuable piece of data: a way to identify your device.
Picture it: You’re walking down the street, and at every business you enter you leave a little sticky note saying you’ve been there. Someone who spotted enough sticky notes could connect the dots about who you are. Flower shop, jewelry store and tux rental? Someone is about to get married.
The app equivalent of that sticky note is a code hidden in your iPhone called the Identifier for Advertisers, or IDFA. Although this ID doesn’t contain your name, it does look the same to every app. Many apps report your ID back to companies including Facebook and Google, allowing the advertising firms to connect the dots about what you do on your phone.
With iOS 14.5, an app simply can’t access your phone’s IDFA unless you tell the operating system it’s okay. And if you ask not to be tracked, apps also aren’t supposed to pass other kinds of personal information to marketing companies and data brokers. That includes your email address, location and other sneaky ways to identify your phone. Apple says it’s going to police that policy through its App Store review process. We’ll have to see how well Apple does this. The company has begun requiring app makers to fill out what essentially are privacy nutrition labels to explain how they gather your data — but in my tests these aren’t necessarily always useful or even accurate.
Facebook says by tapping “Ask App not to Track,” you are hurting small businesses and free apps that depend on its targeted advertising. In addition to targeting your interests, tracking also helps advertisers learn whether their ads work.
I’ve listened to Facebook’s argument, and I’m not buying it. Nobody but you should know what you do on your phone. Aside from being invasive, this data can be used to manipulate us as consumers, citizens and voters.
Small businesses managed to thrive and reach customers before this kind of invasive tracking. Facebook already has more than enough information about us to show us relevant ads based on what we intentionally post, where we check in, and who our friends are. It should never have had the right to spy on what we do outside of Facebook, too.
The Washington Post is updating its apps for iOS 14.5 so that it no longer collects or uses the IDFA, says company spokeswoman Shani George.
Facebook is right about one point: The decision to fight app tracking now is pretty self-serving on the part of Apple. The iPhone maker has a financial interest to push apps to make money from subscriptions rather than advertising, because it gets to take a percentage cut of any in-app purchases. But at least Apple is finally responding to a privacy problem its own design of the iPhone helped create.
How to stop tracking
You’ll have to take action to be protected. When an app prompts you, tap the button labeled “Ask App not to Track.”
Unfortunately, the muscle memory in our fingers has been trained to tap “Allow” on app prompts. When app data company AppsFlyer recently studied how people responded to the privacy pop-up on 300 kinds of apps that launched it early, 41 percent of the time people tapped “allow” to permit the tracking.
If you messed up and accidentally gave an app permission to track, you can make a new choice one app at a time under Settings, then Privacy, then Tracking.
If you have more than one Apple device, such as an iPad, you’ll have to say no on each device.
If an app isn’t asking you for permission to track, that means either the app has gotten out of the tracking business, or the app’s maker hasn’t posted an update yet. Until the app updates and asks for permission, iOS 14.5 won’t allow it to access your phone’s ad-tracking identifier, the IDFA.
Also do this
Here’s an even better idea: You can adjust one setting that tells all apps not to track you, so you won’t keep being prompted by different apps. Go to Settings, then Privacy, then Tracking, then make sure “Allow Apps to Request to Track” is switched to off.
The virtual button should be on the left, and you shouldn’t see any green. Yes, this is extra confusing.
Now, a warning: Just because you say an apps can’t track you for marketing purposes, you could still be exposing sensitive information to them. So think extra hard when an app asks for your location, contacts or camera.
Facebook members should change this setting, too
While we’re adjusting settings, there’s one more I highly recommend for Facebook members. Tell the social network to stop using your “off-Facebook activity.”
Here’s why: Even after you tell the Facebook app not to track your iPhone, the social network still will try to collect lots of information about what you do elsewhere — such as on your laptop or when you make a purchase at a store. Although Facebook has done this for years, in 2020 it gave members the ability at least to ask it to stop using this information.
Of course Facebook really buried this setting, too. It’s easiest to access on the Web, by clicking this link. In the Facebook app, tap on the three lines in the right bottom corner, then scroll down and tap on “Settings & Privacy,” then tap on “Privacy Shortcuts.” Then scroll down to and tap on “View” or clear your off-Facebook activity.
You’ll see a creepy page that shows you all the apps, websites and other businesses where Facebook has been tracking you. You can tap “Clear History” once (like clearing your history in a Web browser). Or even better, tap “More Options,” and then “Manage Future Activity,” and then toggle “Future Off-Facebook Activity” to off.
Want to do even more to protect your privacy? Check out my handy guide to the worst default settings for the technology we use most often.
The secret life of your data: What you need to know
For all the good we get from technology, it can also take a lot from us. The Post’s tech columnist Geoffrey A. Fowler examines the personal information streaming out of devices and services we take for granted.
Amazon Sidewalk: Amazon Sidewalk shares your Internet with smart homes — and surveillance devices. Here’s how to turn it off.
Alexa: By default, Amazon keeps a copy of everything Echo smart speakers record.
Browser extensions: Add-ons and plug-ins can see and share everything you do on the Web.
Cars: Automakers use hundreds of sensors and an always-on Internet connection to record where you go and how you drive.
Credit cards: A half-dozen kinds of companies can grab data about purchases, from your bank to the store where you’re shopping.
Don’t sell my data: The California Consumer Privacy Act (CCPA) can help even residents of other states see and delete their data — and tell companies to stop selling it.
iPhones and Android phones: Hidden trackers in apps share personal information — even while you and your phone are asleep.
TVs: Once every few minutes, smart TVs beam out a snapshot of what’s on your screen.
Web browsers: Google’s Chrome loaded more than 11,000 tracker cookies into our browser — in a single week.