HACKER Q&A
📣 davidbarker

Why has iOS never had a control for restricting an app's network access?


iPhoneOS/iOS/iPadOS has typically been good at providing privacy controls to the user, allowing them to choose whether to give an app access to their contacts, media, location, etc. They've also iterated on this over the years — moving from allowing you to only share all of your media or none of your media to allowing you to select which media can be accessed by an app. Similarly for location, instead of either sharing your precise location or not, you can now choose whether to give an app precise location, or a more general location.

However — I've thought on and off for years — I feel like an omission is a toggle to restrict an app's network access. I would be much more willing to give an app other permissions if I knew my data couldn't be uploaded somewhere. But in its current state, I almost never give an app permission to access (for example) my contacts because I assume that data will be uploaded and stored.

---

If I remember correctly, custom keyboard extensions don't have access to the network by default, unless you explicitly give them that permission. Why hasn't this been extended to all apps?

---

This also brings up another question — why has iOS never had fine-grained control over which contacts you share with an app? (Similar to how they updated the photos/media permissions in the last few years.)

  👤 jiripospisil Accepted Answer ✓
> Why has iOS never had a control for restricting an app's network access?

The funny thing is iOS (and I assume all of the other forks) does have this implemented but it's just not widely available. If you buy an iPhone in China, you can restrict individual apps from using both cellular & Wi-Fi. In other countries (I assume), you only have the option to disable cellular (Settings -> Mobile Data).

https://old.reddit.com/r/ios/comments/aib10i/in_china_ios_al...

https://apple.stackexchange.com/questions/278051/ios-wi-fi-i...

👤 xg15
It'd like to broaden this question: Why is there almost nowhere a straight-forward option to limit network access?

Even backend app containers like Docker, which are all about restricting permissions and maintaining a sandbox, allow arbitrary outgoing connections by default.

👤 tinus_hn
Because then ad supported apps wouldn’t work. And it doesn’t work for privacy of course because an app can just launch the browser with a URL that encodes that private information.
👤 _aavaa_
If I were to guess: advertising.

It would essentially kill the business model of any offline app with relies on advertising to function as soon as regular people learn that turning off network access means they keep their app and also don't get advertising.

👤 webmobdev
Two reasons:

1. An application firewall would prevent Apple from collecting data from its customers. (An obvious exception for Apple's app would result in negative publicity for it).

2. Apple also has an online advertising network, and in the early days Apple's plan was to entice developers to use their ad platform on various apps. This would mean Apple could make money from "free" apps too (developers who charged for their apps were already paying the "Apple Tax"). An application firewall preventing network access would make such an ad service useless on their platform.

👤 1over137
On macOS, there is Little Snitch. Would be great to have it on iOS.
👤 u2077
I’ve been using https://lockdownprivacy.com/ along with Apple’s app privacy report to block domains. Works great.