Apple’s Keeping Google’s Prying Eyes Out Of iOS 14
If you regularly use Apple’s Safari browser, you’re probably familiar with its “Fraudulent Website Warning,” which gives you a heads up if the site you’re about to visit might be, say, an elaborate phishing scam. What you probably didn’t know is that until now, this safety feature relied on an obscure Google database to operate. Now, as part of the privacy features soon rolling out in iOS 14, it looks like Apple’s severing those ties entirely.
MacRumors was the first to notice some screenshots of the iOS 14.5 beta being swapped over Reddit that clearly show Apple using its own servers as a middleman between your phone and Google’s databases. As the original poster laid out, it seems that any web traffic on Safari makes a pit stop to a new URL— “proxy.safebrowsing.apple”—before hitting Google’s own service.
In a nutshell, the “Google Safe Browsing” database is essentially a list of sites that are known to be scammy or unsafe in some way that Google constantly updates by crawling the web. Non-Google apps—like, say, Safari—can hook themselves up to Google’s servers and receive either a hashed or non-hashed list of prefixes from these scammy sites. Upon doing so, any clicks instinctively ping Google’s servers to see if the web address being visited match with any of the names on this list. If they do, a warning flag goes up.
The issue here is that Google is, well, Google, and Apple has been making a solid effort to put privacy and data protections at the core of the iOS 14 updates. Pinging Google’s servers in this way–especially if those addresses are hashed—might not expose too much information besides your IP address or other bits of so-called “unidentifiable data,” but at the end of the day, data is still data, and that data is still going to Google.
Earlier this week, the Apple’s engineering head for WebKit confirmed that Apple’s attempt to intercept this traffic is a way to “limit the risk of information leak.” In other words, it’s a way to keep Google’s grubby hands off of any user data, no matter how innocuous the reason may seem.
G/O Media may get a commission