Apple iOS 14.5 will hide Safari users’ IP addresses from Google’s Safe Browsing • The Register


Apple’s forthcoming iOS 14.5 release, currently in beta, will conceal the IP address of Safari web surfers from Google’s Safe Browsing service, integrated into Safari to spot fraudulent websites.

On Wednesday, Maciej Stachowiak, head of WebKit engineering at Apple, confirmed the change via Twitter, stating that “in the new iOS beta, Safari does indeed proxy the service via Apple servers to limit the risk of information leak.”

That means when Safari users visit a website with Safe Browsing active, their IP addresses will be associated with an Apple domain rather than their internet service provider or corporate network. Google would normally have access to this information from those using Safe Browsing-enabled applications, depending on the specific API used, but now won’t for mobile Safari users.

That’s something of a privacy improvement – another notch in the privacy belt for iOS 14, alongside previously disclosed App Tracking Transparency and app privacy labels.

But don’t get too excited. Google still has access to plenty of online data via ads, web tracking widgets, scripts, authentication tokens, searches, applications, and the like. It’s not as if Apple made Bing the default search engine for all its software and hardware.

This is not the same sort of privacy broadside against the digital ad industry that App Tracking Transparency has been. The Register understands Google and Apple coordinated this change and it isn’t expected to alter the effectiveness of the service.

Nor is it obvious whether IP privacy is enough to justify activating Safe Browsing, which mobile Safari users can do via the Fraudulent Website Warning button in the browser’s Settings menu.

Safe for most things

Google’s Safe Browsing service provides a way for applications to check whether websites in Google’s Search Index have been previously identified as malicious. In its early form, it was “kind of a privacy nightmare,” as Matthew Green, associate professor of computer science at Johns Hopkins University, described it in a 2019 blog post. The service initially transmitted browser users’ IP addresses, the full URL visited, and set a tracking cookie.

The Safe Browsing API has improved since then in that there’s now an alternative to the URL-exposing Lookup API: The Update API allows client software (like Safari) to download an encrypted Safe Browsing list of 32-bit prefixes of SHA256 hashes (256-bits) derived from bad URLs to match against a 32-bit hash prefix of the URL the user aims to visit.

Photo of the Google page

We’ve got some really bad news about Apple’s privacy measures, Google tells iOS app devs: It’ll hurt your Google ad revenue


Then, if there’s a match – which may correspond with multiple full hashes – the browser transmits the matched prefix to Google’s servers, which return a list of SHA256 hashes that contain the matched prefix to test against a full hash of the requested URL.

“The problem is that Safe Browsing ‘Update API’ has never been exactly ‘safe,'” said Green in his blog post. “Its purpose was never to provide total privacy to users, but rather to degrade the quality of browsing data that providers collect.”

Other security researchers have expressed similar reservations, noting that the API’s approach – a technique called k-anonymity – can be defeated.

Green said the privacy community had reconciled itself to the tradeoffs, allowing that Google might glean more information from those implementing and using Safe Browsing in exchange for reducing potential exposure to fraudulent or malicious websites.

But he was less sanguine about Apple’s disclosure in 2019 that the company was sending the same information to Tencent in China, where privacy risks are magnified due to limits on political speech.

As Apple explains in its macOS Safari help documentation, “Before you visit a website, Safari may send information calculated from the website address to Google Safe Browsing to check if the website is fraudulent. If you have China mainland set as your region in the Language & Region pane of System Preferences, Safari may also use Tencent Safe Browsing to do this check.”

In an email to The Register, Green expressed cautious optimism about the iOS 14.5 change, even if it doesn’t address his past criticism of Apple’s mercurial disclosure and communication habits.

“Proxying is definitely an improvement because it hides IP addresses from the services in China that resolve these queries,” Green said.

“I’m not sure it entirely solves the problem, and I’d need to think about it. But it’s a good start. Also, it shows that Apple sees this information as valuable, which is an important takeaway given that they’ve been revealing it for over a year now.” ®

You May Also Like…