Apple’s protection against malicious websites has long sent data to Google Safe Browsing, but now it appears some can also be sent to Chinese firm Tencent.
Apple uses Safe Browsing systems from Google and now also China’s Tencent firm to protect against phishing
Apple has been sending browsing data to Chinese technology firm Tencent as part of its anti-phishing systems, and now may be expanding how much it uses the firm. From iOS 11 in 2017, Apple has stated on devices bought in China that it uses Tencent, but at some point that same privacy notice has appeared on US iPhones and iPads too.
The information is contained with a privacy notice that is reached via Settings, Safari, About Safari Search & Privacy. It’s not clear when this detail was added, but users on Twitter claim to have seen it from iOS 12.2. It is now on all iOS 13 devices.
Apple uses the service as part of its anti-phishing features, and specifically the iOS Fraudulent Website Warning. This is the service that detects when a site may be masquerading as another one, or may contain malware.
Previously, Apple was solely sending this data to Google to leverage that firm’s Safe Browsing facility. Now it’s also using Tencent’s similar system.
It’s not known what data is sent to Tencent, nor under what conditions a user’s data will be sent to that firm instead or, or in addition to, Google. It’s still most likely that it is Safari on China-bought iOS devices whose data is sent to Tencent.
- TikTok removed nearly 90 million videos globally in the second half of 2020
- Mastercard, MTN partner To enable payments on global platforms with Mobile Money
- Using lessons learnt in 2020 to combat the security threats in 2021
- Cybercrime and the pandemic – Read Now!
- Here is why enterprise security isn’t just an IT problem
The Safari privacy notice that now includes mention of Tencent
Apple’s privacy notice does describe the overall process for both firms.
“Before visiting a website, Safari may send information calculated from the website address to Google Safe Browsing and Tencent Safe Browsing to check if the website is fraudulent,” it says.
Significantly, it also cautions that the website address may not be the only data that these companies receive.
“These safe browsing providers may also log your IP address,” it adds.
The presence of Tencent in the privacy information does not mean that data is being sent to the firm, only that Apple may use it for this feature when needed. The possible logging of IP addresses by either Google or Tencent may be necessary for their phishing prevention systems.
However, Apple did not announce the use of this second company in what is a significant area of its privacy work. And the Fraudulent Website Warning feature is turned on by default.
To turn it off, go to Settings, Safari and toggle Fraudulent Website Warning. Note, however, that you will then lose the protection against malicious sites.