“This is the fifth day of my participation in the Gwen Challenge in November. Check out the details: The Last Gwen Challenge in 2021.”
Hi 👋
- Wechat: RyukieW
- Wechat official account: LabLawliet
- 📦 Archive of technical articles
- 🐙 making
| My personal project | Minesweeper Elic Endless Ladder | Dream of books | Privacy Access Record |
|---|---|---|---|
| type | The game | financial | tool |
| AppStore | Elic | Umemi | Privacy Access Record |
More columns:
The independent development of Lawliet
Lawliet’s iOS garden party
Lawliet’s underlying iOS lab
Lawliet’s iOS Reverse lab
Lawliet’s brush book
preface
IOS15’s ability to record App activity and privacy insights has also caught fire since its release. Of course, I also hold the attitude of learning SwiftUI and use SwiftUI to develop an analysis tool: private access record
Here, I need to import log files with ActionExtension. I also have some problems. I will output an article to share with you later.
An overview of the
In iOS 15.2, iPadOS 15.2, and watchOS 8.3 or later, users can view an app’s privacy access report:
- Accessing certain types of user data, such as
photoandThe contact. - Access sensitive device resources, such as
cameraandThe microphone. - Contact network domain, including web sites accessed by the user from the application (only
iOS和iPadOS).
Review the data provided by the application for this summary to see what the report shows the user and to ensure that the application is performing as expected.
Start recording application activity
Users can enable App activity logging on their device by choosing Privacy > Record App Activity and then clicking “Open Record App Activity” from Settings App.
The last 7 days of application activity are logged — only on the user’s device. After you turn this feature on on your own device, thoroughly test your data, resources, and network access with the application. Be sure to use the application long enough to allow any delayed access. How long depends on the behavior of the application.
Get application activity data
After running your app for a while, you can get a report of your app’s activity by clicking the Share button on the App Privacy Report screen:
Save the report to a location where you can review it. For example, you can use AirDrop to send it to a nearby Mac.
The report uses the newline-delimited JSON format (NDJSON), which can be opened using any text editor, and contains a collection of JSON dictionaries delimited by newlines. Dictionaries with type keys set to access provide information about resource access, while dictionaries with type keys set to networkActivity provide information about networkActivity:
{... ."type":"access". } {... ."type":"access". }... {... ."type":"networkActivity". } {... ."type":"networkActivity". }...Copy the codeCheck resource access data
Each access dictionary in the file represents the beginning or end of access for a particular application.
An example of this dictionary, with Spaces, newlines, and comments added to improve readability, is shown below:
{
"accessor" : {
"identifier" : "com.example.calendar".// The app accessing the resource.
"identifierType" : "bundleID"
},
"broadcaster": { // Only present for screen recording.
"identifier" : "com.apple.springboard".// The app broadcasting the screen.
"identifierType" : "bundleID"
},
"category" : "screenRecording".// The accessed resource.
"identifier" : "8A4054BB-1810-4F8B-8163-483409E2D35C".// A unique identifier.
"kind" : "intervalBegin".// Whether this the beginning or end of an interval.
"timeStamp" : "The T15:2021-08-06 and 532-07:00." ".// The time of the access.
"type" : "access" // This is resource access data.
}
Copy the codeTo find access made by an application, find all access dictionaries with accessor keys whose dictionary values contain the application’s package identifier. Use the category field to determine which resources are accessed by the application, and use a timeStamp field to associate the access with the activity that generated the access. You may encounter any of the following category values:
| Category | Resource |
|---|---|
| camera | The device’s camera |
| contacts | The user ‘s contacts |
| location | Location data |
| mediaLibrary | The user ‘s media library |
| microphone | The device ‘s microphone |
| photos | The user ‘s photo library |
| screenRecording | Screen sharing |
Each resource access occurs at an interval, and a pair of access dictionaries are generated to indicate:
- The beginning of the interval,
kindField set tointervalBeginAs shown in the above example. - The interval ends,
kindField set tointervalEnd.
The two dictionaries that bind the access interval have the same identifier key value.
For the screenRecording category, the dictionary also contains a broadcast key whose value instructs the application to broadcast the screen to an accessor, usually a Springboard.
Checking Network Activity
The files exported from iOS or iPadOS contain another set of dictionaries whose type keys and values are set to networkActivity to report network visits. Each dictionary describes the connections made by a given application to a particular domain. Here is an example of this dictionary, with Spaces and newlines added again for clarity:
{
"domain" : "api.example.com"."firstTimeStamp" : "2021-06-06T16:15:48Z"."context" : ""."timeStamp" : "2021-06-06T16:15:59Z"."domainType" : 2."initiatedType" : "AppInitiated"."hits" : 10."type" : "networkActivity"."domainOwner" : ""."bundleID" : "com.example.App1"
}
Copy the codeThe dictionary includes the following keywords that describe network activity:
- domain
- The domain name
- firstTimeStamp
- Time of first visit
- context
- Create a link to the site (if applicable).
- timeStamp
- Time of last visit
- domainType
- When the value is 1, the domain has been identified as potentially gathering information across applications and sites, and potentially profiling users.
- A value of 2 indicates that the domain is not recognized.
- initiatedType
- Whether application (AppInitiated) or user (NonAppInitiated) initiated the connection.
- hits
- Indicates the number of times the application contacted domains in the past seven days.
- type
- The associated value of networkActivity indicates that the dictionary describes networkActivity data.
- domainOwner
- The owner of the domain, if applicable.
- bundleID
- bundleID
When deciding how to set the value of the initial type key, the system attributes connections from the Web browser in the application (for example, when instantiating SFSafariViewController) to the user. Otherwise, any connection between the application and low-level interfaces such as the URL loading system or the network framework will be considered as application startup. This includes user data that is loaded from the server in direct response to user actions.
You can change the associated value of this key when making a general network request by setting a property. For example, when you create a URLRequest, set the Attribution attribute; When you use the NWConnection instance, call the nw_parameters_set_Attribution (::) function. However, attribution is only changed for connections that the user has direct and complete control over, such as when the user enters a URL or clicks or clicks a URL that they can read. For more information about network attribution, see Specifying the source of Network activity.
Consider whether the application needs to change
If an application establishes an unrecognized network connection or accesses resources that should not be accessed, check the application. Carefully check any third-party frameworks or modules that are integrated, as they may generate unexpected connections.