The AppChk Crowd-Sourcing Platform: Which third parties are iOS apps talking to?

In this paper we present a platform which is usable by novice users without domain knowledge of experts. The platform consisting of an iOS app to monitor network traffic and a website to evaluate the results. Monitoring takes place on-device; no external server is required. Users can record and share network activity, compare evaluation results, and create rankings on apps and app-groups. The results are used to detect new trackers, point out misconduct in privacy practices, or automate comparisons on app-attributes like price, region, and category. To demonstrate potential use cases, we compare 75 apps before and after the iOS 14 release and show that we can detect trends in app-specific behavior change over time, for example, by privacy changes in the OS. Our results indicate a slight decrease in tracking but also an increase in contacted domains. We identify seven new trackers which are not present in current tracking lists such as EasyList. The games category is particularly prone to tracking (53% of the traffic) and contacts on average 36.2 domains with 59.3 requests per minute.