Over the past weekend, Apple came under scrutiny for allegedly sharing data with Google and Tencent without properly informing users of the same. It turns out that the company shares data with these companies about websites users are visiting on its Safari browser as part of its feature to block fraudulent websites.
For the record, Apple does warn users of the same in the About section for the browser.
“Before visiting a website, Safari may send information calculated from the website address to Google Safe Browsing and Tencent Safe Browsing to check if the website is fraudulent. These safe browsing providers may also log your IP address," the company states.
The Internet quickly went abuzz over the find, with users accusing Apple of sharing data with third parties behind their back. “Users should learn about these changes before Apple pushes the feature into production, and thus asks millions of their customers to trust them," cryptographer Mathew Green, who is also a professor at the John Hopkins University, wrote in a blog post.
However, Apple has since responded to these allegations explaining its actions. It turns out that the fraudulent website warning feature on Safari uses Safe Browsing services that both Google and Tencent provide.
According to Google, “Safe Browsing service examines billions of URLs and software and content on those pages in its search for unsafe websites. Safe Browsing then warns users when they navigate to websites that could steal their personal information or install software designed to take over their computers." Tencent’s version presumably works the same way, but only inside China.
In its statement, Apple claims that no information is sent to Google or Tencent. The company says that the checks for safe browsing are performed on the user’s device against a list of bad websites that it receives from Google and Tencent.
Apple did say though, that if a website is found to be fraudulent then the IP (Internet Protocol) address of a user’s device is shared with the Safe Browsing providers.
While Apple’s explanation does sound satisfactory, questions are still being raised. Green, for instance, pointed out that Google’s current version of Safe Browsing uses a hashed (anonymised) version of website addresses. He asked on Twitter whether Apple uses a similar method with Tencent as well and exactly how much data the Chinese giant can get about the user.
“Whenever Apple announces some minor new privacy feature, they do it onstage with a hundred reporters clapping. But when they want to send all your browsing data to a server in China? You only find out by reading the fine print," he added.