Apple Privacy Evolution: Photo Library Access, App Tracking Transparency, SKAdNetwork, and Security Features

Steve Jobs once said, “We’re trying to do two diametrically opposed things at once: provide an advanced and open platform to developers while at the same time protect iPhone users from viruses, malware, privacy attacks, etc.” This quote frames Apple’s ongoing tension between openness and security.

Since the 2018 Facebook privacy scandal, Apple has dramatically tightened user‑privacy controls. Starting with WWDC20, Apple introduced Limited Photo Library Access , allowing users to grant an app access to either all photos or only selected ones. The new PHPickerController (iOS 14+) replaces the deprecated UIImagePickerController , supports unlimited selections, filters by media type, and runs in a separate system process, eliminating the need for explicit photo‑library permission.

In the advertising domain, Apple moved from the device identifier IDFA to the App Tracking Transparency (ATT) framework (WWDC20). Users now decide whether an app can access the IDFA, and Apple encourages the use of the privacy‑preserving SKAdNetwork for attribution. SKAdNetwork aggregates conversion data without exposing user‑level identifiers.

SKAdNetwork 2.0 payload example:

{
  "version" : "2.0",
  "ad-network-id" : "com.example",
  "campaign-id" : 42,
  "transaction-id" : "6aafb7a5-0170-41b5-bbe4-fe71dedf1e28",
  "app-id" : 525463029,
  "attribution-signature" : "MDYCGQCsQ4y8d4BlYU9b8Qb9BPWPi+ixk\/OiRysCGQDZZ8fpJnuqs9my8iSQVbJO\/oU1AXUROYU=",
  "redownload" : true,
  "source-app-id" : 1234567891,
  "conversion-value" : 20
}

SKAdNetwork 3.0 adds fields such as fidelity-type and did-win :

{
  "version" : "3.0",
  "ad-network-id" : "example123.skadnetwork",
  "campaign-id" : 42,
  "transaction-id" : "6aafb7a5-0170-41b5-bbe4-fe71dedf1e28",
  "app-id" : 525463029,
  "attribution-signature" : "MEYCIQD5eq3AUlamORiGovqFiHWI4RZT/PrM3VEiXUrsC+M51wIhAPMANZA9c07raZJ64gVaXhB9+9yZj/X6DcNxONdccQij",
  "redownload" : true,
  "source-app-id" : 1234567891,
  "fidelity-type" : 1,
  "conversion-value" : 20,
  "did-win" : true
}

Field explanations include version, ad‑network‑id, transaction‑id, campaign‑id, app‑id, attribution‑signature, redownload flag, source‑app‑id, conversion‑value, fidelity‑type (0 = display ad, 1 = StoreKit rendered ad), and did‑win (whether the network won the attribution).

SKAdNetwork delivers up to three conversion callbacks (0‑2 days, 3‑7 days, 8‑35 days), helping advertisers understand post‑install engagement while preserving privacy.

On the web side, Apple’s Private Click Measurement (PCM) provides privacy‑preserving ad‑click attribution for Safari and supports a “Web‑based SKAdNetwork” that attributes clicks leading to App Store product pages.

App Store analytics now include benchmarks, conversion rates, retention (1/7/28 days), crash rates, and average revenue, all protected by differential privacy techniques.

Apple also introduced privacy labels and an App Privacy Report, giving users visibility into how apps access location, photos, camera, microphone, contacts, and other data.

Developer Mode (iOS 16, watchOS 9) adds a safeguard against accidental installation of harmful software, while macOS Ventura tightens app‑permission granularity (e.g., Gatekeeper, NSUpdateSecurityPolicy). Sample code for NSUpdateSecurityPolicy:

{
  "NSUpdateSecurityPolicy" => {
    "AllowProcesses" => {
      "123ABC" => [0 => "com.example.pal.about"]
    }
  }
}

Apple’s Lockdown Mode (iOS 16, iPadOS 16, macOS Ventura) offers extreme protection for high‑risk users by disabling many features (e.g., JIT JavaScript, certain attachments, FaceTime invites, USB connections) and preventing configuration‑profile installation.

Finally, Apple promotes password‑less authentication with Passkeys and Private Access Tokens (PAT), leveraging iCloud and Apple ID for secure, user‑controlled credentials.

Overall, Apple’s privacy roadmap balances openness for developers with strong user‑centric security measures across iOS, iPadOS, macOS, and watchOS.