Apple clarifies Safari Safe Browsing feature following Tencent data reports [u]

Posted:
in General Discussion edited February 11
Following a report alleging that Safari was sending URLs to China, Apple has clarified that this is not the case and has detailed how the Safe Browsing feature works.

Apple uses Safe Browsing systems from Google to protect against phishing
Apple uses Safe Browsing systems from Google to protect against phishing


Reports on Monday claimed Apple has been sending browsing data to Chinese technology firm Tencent as part of its anti-phishing systems, and may be expanding how much it uses the firm. From iOS 11 in 2017, Apple has stated on devices bought in China that it uses Tencent, but at some point that same privacy notice has appeared on US iPhones and iPads too.

The information is contained with a privacy notice that is reached via Settings, Safari, About Safari Search & Privacy. It's not clear when this detail was added, but users on Twitter claim to have seen it from iOS 12.2. It is now on all iOS 13 devices.

Apple uses the service as part of its anti-phishing features, and specifically the iOS Fraudulent Website Warning. This is the service that detects when a site may be masquerading as another one, or may contain malware.

Apple has now responded to the claims with a statement to AppleInsider and other venues.
Apple protects user privacy and safeguards your data with Safari Fraudulent Website Warning, a security feature that flags websites known to be malicious in nature.When the feature is enabled, Safari checks the website URL against lists of known websites and displays a warning if the URL the user is visiting is suspected of fraudulent conduct like phishing.

To accomplish this task, Safari receives a list of websites known to be malicious from Google, and for devices with their region code set to mainland China, it receives a list from Tencent. The actual URL of a website you visit is never shared with a safe browsing provider and the feature can be turned off.
The Safari privacy notice that now includes mention of Tencent
The Safari privacy notice that now includes mention of Tencent


Apple's privacy notice does describe the overall process for both firms.

"Before visiting a website, Safari may send information calculated from the website address to Google Safe Browsing and Tencent Safe Browsing to check if the website is fraudulent," it says.

Significantly, it also cautions that the website address may not be the only data that these companies receive.

"These safe browsing providers may also log your IP address," it adds.

The presence of Tencent in the privacy information does not mean that data is being sent to the firm, only that Apple may use it for this feature when needed. The possible logging of IP addresses by either Google or Tencent may be necessary for their phishing prevention systems.

However, Apple did not announce the use of this second company in what is a significant area of its privacy work. And the Fraudulent Website Warning feature is turned on by default.

To turn it off, go to Settings, Safari and toggle Fraudulent Website Warning. Note, however, that you will then lose the protection against malicious sites.

Updated: 12:40 ET: Updated with response from Apple.
«13

Comments

  • Reply 1 of 51
    gatorguygatorguy Posts: 23,175member
    Yeah, I was waiting on this story to hit AI. What started out a a drip of China/Apple issues is turning into a faucet. 

    Curiously while other parts of Apple's Chinese ToS appears only on Chinese handsets (ie iCloud), this disclosure of Tencent receiving browsing data also appears on US handsets. 

    Before the expected sideshow of "Can't be worse than Google" begins Google uses a number of methods to ensure they can't know the exact webpage you are attempting to visit in any particular instance, maintaining user privacy in Fraudulent Website checks.  There is no such assurance from Tencent and it's automatically allowed unless you disable it. But that also requires Fraud warnings from Google be turned off as well which makes it not such a good idea to disable for many. The two services should have separate toggles., not an all or nothing.
    edited October 2019 bonobobivanhleftoverbaconsvanstromolsjony0
  • Reply 2 of 51
    Et tu AI? You were the guys who fought against the apple-bashing on engadget and the verge and lately you've been jumping on the bandwagon. I expect this kind of click-bait crap from macrumors now, but not you. If you think Apple is flagrantly opening their user's privacy to nefarious Chinese officials just because then I don't know what to say. 
    redgeminipalkruppSpamSandwichbshankAppleExposedolsnetmage
  • Reply 3 of 51
    Google or Tencent? Which is the less nasty? Difficult to say really.
    I really don't want my data even if it is for site validation going anywhere near Google. As I'm highly unlikely to ever go to China then Tencent is not that a problem to me.
    Google gets everywhere and into everything. Everything we do it feeding its inasiable appetite for spying on each and everyone of us.
    dysamoriaredgeminipaAppleExposedcat52entropysols
  • Reply 4 of 51
    gatorguy said:
    Yeah, I was waiting on this story to hit AI. What started out a a drip is turning into a faucet. 
    This is really a yawn though.  Tencent already gets copious amounts of data from Apple users.  They get copious amounts of data from users of every platform... especially if those users are gamers.  It seems every site is copying and pasting the same info without actually paying attention to who the company is they're referencing here.  Tencent is beast.  They have been receiving more relevant customer data from all platforms for years.  Comparatively speaking this situation is nothing, but viewed through the lens of the last week of Apple's Chinese acquiescence, I can see why people are a bit up in arms. 

    I've seen people on other sites yammering about how to turn off Safe Browsing.  As if that would stop the flow of info going to Tencent.  Ha! Complete waste of time.
    edited October 2019 muthuk_vanalingam
  • Reply 5 of 51
    gatorguygatorguy Posts: 23,175member
    gatorguy said:
    Yeah, I was waiting on this story to hit AI. What started out a a drip is turning into a faucet. 
    This is really a yawn though.  Tencent already gets copious amounts of data from Apple users.  They get copious amounts of data from users of every platform... especially if those users are gamers.  It seems every site is copying and pasting the same info without actually paying attention to who the company is they're referencing here.  Tencent is beast.  They have been receiving more relevant customer data from all platforms for years.  Comparatively speaking this situation is nothing, but viewed through the lens of the last week of Apple's Chinese acquiescence, I can see why people are a bit up in arms. 

    I've seen people on other sites yammering about how to turn off Safe Browsing.  As if that would stop the flow of info going to Tencent.  Ha! 
    Agreed. Fraudulent Websites checks in a relative molehill in the larger data stockpiling picture. 
  • Reply 6 of 51
    lkrupplkrupp Posts: 9,472member

    To turn it off, go to Settings, Safari and toggle Fraudulent Website Warning. Note, however, that you will then lose the protection against malicious sites.
    Hilarious. This reminds me of those scare-the-public pieces by the national news media about drugs. They spend ten minutes listing all the nasty side effects of the drug and how it could kill you and your family and the entire world. They interview grieved relatives of someone who took the drug and went sideways. Then they cover their asses at the end with “Don't stop taking this drug without talking to your doctor first. Suddenly stopping it will kill you."
    thtberndognetmage
  • Reply 7 of 51
    This is UNACCEPTABLE! I have disabled the feature immediately, my browsing is FAR safer than the possible risk of Chinese abuse of our Internet usage data! Apple is really selling us out to China, including the ass-kissing Hong Kong pro-democracy apps removal just to appease their Chinese gov't cash cow.
    spice-boylkruppmonstrositymejsriccat52
  • Reply 8 of 51
    lkrupplkrupp Posts: 9,472member
    gatorguy said:
    Yeah, I was waiting on this story to hit AI. What started out a a drip of China/Apple issues is turning into a faucet. 

    Curiously while other parts of Apple's Chinese ToS appears only on Chinese handsets (ie iCloud), this disclosure of Tencent receiving browsing data also appears on US handsets. 

    Before the expected sideshow of "Can't be worse than Google" begins Google uses a number of methods to ensure they can't know the exact webpage you are attempting to visit in any particular instance, maintaining user privacy in Fraudulent Website checks.  There is no such assurance from Tencent and it's automatically allowed unless you disable it. But that also requires Fraud warnings from Google be turned off as well which makes it not such a good idea to disable for many. The two services should have separate toggles. 
    Yes, thanks to you, we are aware that Google is God’s second son, the tech Messiah sent to save us all. You remind us of that on a daily basis. Woe to we apostates who have chosen to follow the gospel of Apple.
    leavingthebiggmonstrosityStrangeDaysdysamoriaredgeminipaDan_DilgerAppleExposedcat52entropys
  • Reply 9 of 51
    Attention everyone! China is on the internet too! Stop using the internet! Follow these instructions to disable your internet connections on all devices! Never turn them on again! /s
    rogifan_newlkruppkurairedgeminipamacplusplusberndog
  • Reply 10 of 51
    There’s plenty to criticize American companies for over China. And privacy is important. But sometimes I swear people are wearing tinfoil hats. Honestly if you’re that worried you’re being tracked then all you can do is get off the internet.
    doctwelvelkruppredgeminipahmurchisonbigtds
  • Reply 11 of 51
    There’s plenty to criticize American companies for over China. And privacy is important. But sometimes I swear people are wearing tinfoil hats. Honestly if you’re that worried you’re being tracked then all you can do is get off the internet.
    These 'tin foil hat' 'conspiracies' have a nasty tendency to become reality, and at an increasingly alarming rate. Social Credit Score is happening, be afraid. 
    cat52entropys
  • Reply 12 of 51
    hmurchisonhmurchison Posts: 12,341member
    Sensationalism 

    If you're connected to the Internet and running apps your data is going EVERYWHERE. 
    lkrupp
  • Reply 13 of 51
    One word. VPN
    AppleExposed
  • Reply 14 of 51
    StrangeDaysStrangeDays Posts: 11,584member
    There’s plenty to criticize American companies for over China. And privacy is important. But sometimes I swear people are wearing tinfoil hats. Honestly if you’re that worried you’re being tracked then all you can do is get off the internet.
    These 'tin foil hat' 'conspiracies' have a nasty tendency to become reality, and at an increasingly alarming rate. Social Credit Score is happening, be afraid. 
    What do you mean? What conspiracies are becoming reality at an increasing and alarming rate?
    dysamoria
  • Reply 15 of 51
    dysamoriadysamoria Posts: 3,430member
    doctwelve said:
    Et tu AI? You were the guys who fought against the apple-bashing on engadget and the verge and lately you've been jumping on the bandwagon. I expect this kind of click-bait crap from macrumors now, but not you. If you think Apple is flagrantly opening their user's privacy to nefarious Chinese officials just because then I don't know what to say. 
    This poorly formed article isn’t clickbait and it’s also not “Apple Bashing”. If you cannot handle the reporting of questionable activity by your favorite company, then hide your eyes. No company (and no country) should be protected from legitimate criticism.
    svanstromcat52christophb
  • Reply 16 of 51
    dysamoriadysamoria Posts: 3,430member

    There’s plenty to criticize American companies for over China. And privacy is important. But sometimes I swear people are wearing tinfoil hats. Honestly if you’re that worried you’re being tracked then all you can do is get off the internet.
    By you, the only solution is to give in, roll over, and just let corporatocracy and authoritarians do everything and anything they want, without protest...?
    cat52
  • Reply 17 of 51
    dysamoria said:
    doctwelve said:
    Et tu AI? You were the guys who fought against the apple-bashing on engadget and the verge and lately you've been jumping on the bandwagon. I expect this kind of click-bait crap from macrumors now, but not you. If you think Apple is flagrantly opening their user's privacy to nefarious Chinese officials just because then I don't know what to say. 
    This poorly formed article isn’t clickbait and it’s also not “Apple Bashing”. If you cannot handle the reporting of questionable activity by your favorite company, then hide your eyes. No company (and no country) should be protected from legitimate criticism.
    Well, since we haven't peep from Apple about how the information is being used (journalism, that extinct breed of truth telling that didn't print shit until truth was unfolded) I'd call it clickbait. But go ahead, Rambo, save us from all the evil corporations and governments around the world. 
    netmage
  • Reply 18 of 51
    PHBLUEPHBLUE Posts: 2unconfirmed, member
  • Reply 19 of 51
    gatorguygatorguy Posts: 23,175member
    doctwelve said:
    dysamoria said:
    doctwelve said:
    Et tu AI? You were the guys who fought against the apple-bashing on engadget and the verge and lately you've been jumping on the bandwagon. I expect this kind of click-bait crap from macrumors now, but not you. If you think Apple is flagrantly opening their user's privacy to nefarious Chinese officials just because then I don't know what to say. 
    This poorly formed article isn’t clickbait and it’s also not “Apple Bashing”. If you cannot handle the reporting of questionable activity by your favorite company, then hide your eyes. No company (and no country) should be protected from legitimate criticism.
    Well, since we haven't peep from Apple about how the information is being used 
    We have:
    Apple: "The actual URL of a website you visit is never shared with a safe browsing provider and the feature can be turned off.” https://t.co/vgUYkinwhP
    edited October 2019 doctwelveberndognetmage
  • Reply 20 of 51
    adamcadamc Posts: 582member
    Apple's protection against malicious websites has long sent data to Google Safe Browsing, but now it appears some can also be sent to Chinese firm Tencent.

    Apple uses Safe Browsing systems from Google and now also Chinas Tencent firm to protect against phishing
    Apple uses Safe Browsing systems from Google and now also China's Tencent firm to protect against phishing


    Applehas been sending browsing data to Chinese technology firm Tencent as part of its anti-phishing systems, and now may be expanding how much it uses the firm. From iOS 11 in 2017, Apple has stated on devices bought in China that it uses Tencent, but at some point that same privacy notice has appeared on US iPhones and iPads too.

    The information is contained with a privacy notice that is reached via Settings, Safari, About Safari Search & Privacy. It's not clear when this detail was added, but users on Twitter claim to have seen it from iOS 12.2. It is now on all iOS 13 devices.

    Apple uses the service as part of its anti-phishing features, and specifically the iOS Fraudulent Website Warning. This is the service that detects when a site may be masquerading as another one, or may contain malware.

    Previously, Apple was solely sending this data to Google to leverage that firm's Safe Browsing facility. Now it's also using Tencent's similar system.

    It's not known what data is sent to Tencent, nor under what conditions a user's data will be sent to that firm instead or, or in addition to, Google. It's still most likely that it is Safari on China-bought iOS devices whose data is sent to Tencent.

    The Safari privacy notice that now includes mention of Tencent
    The Safari privacy notice that now includes mention of Tencent


    Apple's privacy notice does describe the overall process for both firms.

    "Before visiting a website, Safari may send information calculated from the website address to Google Safe Browsing and Tencent Safe Browsing to check if the website is fraudulent," it says.

    Significantly, it also cautions that the website address may not be the only data that these companies receive.

    "These safe browsing providers may also log your IP address," it adds.

    The presence of Tencent in the privacy information does not mean that data is being sent to the firm, only that Apple may use it for this feature when needed. The possible logging of IP addresses by either Google or Tencent may be necessary for their phishing prevention systems.

    However, Apple did not announce the use of this second company in what is a significant area of its privacy work. And the Fraudulent Website Warning feature is turned on by default.

    To turn it off, go to Settings, Safari and toggle Fraudulent Website Warning. Note, however, that you will then lose the protection against malicious sites.
    https://apple.slashdot.org/story/19/10/14/1621219/apple-responds-to-reports-that-it-is-sharing-data-with-tencent
Sign In or Register to comment.