Background refresh is what lets your iPhone and iPad download your email while your iPhone is sleeping, to update your weather app while you are sleeping, and to grab all kinds of data so that it’s ready before you need it — news feeds, notes-app syncing, and pretty much anything else.
However, as revealed this week by the Washington Post, plenty of bad apps are abusing the background refresh mechanism. They are using it to send your private data — you location, your email address, your phone number, and much much more.
It’s likely that this is happening to you, because background refresh is enabled by default for newly-installed apps. Fortunately, it’s an easy problem to fix. Today we’ll see how.
Daily data breaches
Before we go any further, take a look at the extent of the problem. This is Geoffrey A. Fowler, writing for the Washington Post:
At 11:43 p.m., a company called Amplitude learned my phone number, email and exact location. At 3:58 a.m., another called Appboy got a digital fingerprint of my phone. At 6:25 a.m., a tracker called Demdex received a way to identify my phone and sent back a list of other trackers to pair up with.
And all night long, there was some startling behavior by a household name: Yelp. It was receiving a message that included my IP address -— once every five minutes.
The root of this evil is background refresh, a tool that can be used for good and bad. You could just switch it off, but then you’d lose out on an awful lot of convenient features. No more unread messages waiting for you as soon as you open the mail app. No pre-loaded news stories in your RSS app. And so on.
How to take control of background refresh
Instead of switching off background refresh altogether, you can just decide which apps get to access it. Head to Settings > General > Background refresh on your iPhone or iPad to get started. You’ll see a long list of all the apps that are updating themselves when the app itself isn’t running. Switching them off is easy. Just toggle the switch.
Less obvious is strategy. How do you choose which apps to allow?
Start by running down the list and switching off background refresh for any apps that obviously don’t need it. A photo filter app obviously doesn’t need to update itself when it’s not running. In fact, if you find something like a photo filter using background refresh, you might ask yourself why the hell it’s doing that. Perhaps you might consider asking the developer to explain it.
Next up are apps from companies you don’t trust. Anything by Facebook, for example, and perhaps Google too. If you’re using a third-party client for something like Twitter, then you have to trust that company instead of Twitter. In the case of Twitter, that’s probably a good thing.
Then there are apps like email clients. Clearly having your email checked in the background, and able to present you with fresh messages instantly upon launch, is fantastic. But now may be the time to audit that email client. You’ve given it access to perhaps your most valuable data source, just by entering your password. Do you trust that company?
Plan a monthly audit
Once you’ve trimmed the number of apps you allow to access background refresh, you should set a reminder to do it again in a month or so. Unlike camera access, microphone access, and so on, an app doesn’t have to request permission to use background refresh. That means you have to keep on top of it yourself. A monthly reminder is a good way to do that.
And switching off all those background updates has one great side-effect: better battery life.