Safari shares browsing history with Google even without user permission

Safari shares browsing history with Google even without user permission
Image by Florian Pircher from Pixabay

When we use Safari as a browser on iOS we are using ( as Apple has expressed many times ) a secure and private browser. This is true to some extent, as there are many nuances when it comes to saying that navigation is safe and private. For example, most search engines we use in Safari collect search data, which is what Google does for example. But even without using Google as a search engine Apple shares the data with them.

There is a small detail in Safari that usually goes unnoticed, although from Crytpgraphy Engineering they have brought to light again. This is the warning that Safari offers when a website is fraudulent. To prevent the user from falling into a trap, most browsers warn of suspicious or confirmed web pages that deceive the user. But how does Safari know that? Google tells him.

The URLs that the user visits and also his IP

Basically what Safari does is share the URLs that the user visits with a Google database to see if it matches any website in the list of fraudulent websites. This is done before visiting each URL and as indicated by Apple in the privacy terms of Safari, the information can be sent to Google’s servers to verify the information. They add that in addition to the URLs, the IP addresses of the devices from which the web is accessed are also registered. The latter is key, the IP registration makes the data no longer as anonymous as they could be if only URLs are shared.

This is not really a novelty, for some years Safari has shared this data with Google Safe Browsing (name that receives the Google service that detects fraudulent websites). However, there are more, since iOS 13 the privacy terms have changed to also include Tencent and its Tencent Safe Browsing service. Similar to Google, this service of the Chinese company also collects URLs and IP addresses to verify that fraudulent websites are not accessed.

Given that Google is not available in China, it would be logical to think that the data is sent to Tencent if the user is in China or has a Chinese Apple ID (as is the case with iCloud servers in China). There is no further clarification by Apple to confirm the data of which users are sent to Google and which to Tencent. Both companies appear in the privacy terms of all iOS users globally.

As expected, the information that comes out of the iPhone or iPad tries to always be as anonymous as possible. However, it is still curious how, although the user tries to avoid it at all costs, the data can be shared with third parties such as Google or Tencent. And without the user even knowing.

Via | Crytpgraphy Engineering

LEAVE A REPLY