Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Apple Sending User Data to Chinese Company for Fraudulent Website Warnings in Safari

MacRumors

MacRumors

macrumors bot
Original poster
Apr 12, 2001
63,537
30,844



ios7_safari_icon.jpg
Apple's Fraudulent Website Warning feature in Safari for iOS and Mac has come under scrutiny for using Chinese internet giant Tencent as one of its Safe Browsing providers.

The Safari feature has long sent data to Google Safe Browsing to cross-reference URLs against a blacklist and protect users against phishing scams and sites that attempt to push malware. However, it's unclear when Apple started sending user data to Tencent as well.

Apple notes in iOS that it sends some user IP addresses to Tencent, but most users are probably unaware of the fact. The mention can be found in the "About Safari & Privacy" screen, which is linked via small text under the Privacy & Security section in Settings -> Safari. The Fraudulent Website Warning feature also found here is enabled by default, so users aren't likely to know that their IP address may be logged unless they opt to view the information screen.

Apple's reference to Tencent has been found on devices running iOS 13, but some tweets suggest versions as early as iOS 12.2 also included the Chinese company as a safe browsing provider.

At this point, it's difficult to know for sure whether Apple users residing outside of China are having their data sent to Tencent, but the company appears to be mentioned on iPhones and iPads registered in the U.S. and the U.K., and possibly in other countries, too.

apple-safari-fraudulent-website-warning-tencet.jpeg

The privacy implications of shifting Safe Browsing to Tencent's servers are unknown, because Apple hasn't said much about it. However, according to Johns Hopkins University professor Matthew Green, a malicious provider could theoretically use Google's Safe Browsing approach to de-anonymize a user by linking their site requests.

Apple's relationship with the Chinese government has come in for increasing criticism lately, and that could make customers uneasy about Apple's links to Tencent, which is known to work closely with the Chinese Communist Party.

As such, Green believes users "deserve to be informed about this kind of change and to make choices about it. At very least, users should learn about these changes before Apple pushes the feature into production, and thus asks millions of their customers to trust them."

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Article Link: Apple Sending User Data to Chinese Company for Fraudulent Website Warnings in Safari
 
Article Link
https://www.macrumors.com/2019/10/14/apple-sends-data-chinese-safe-browsing-safari/
Last edited:
  • Like
Reactions: macfacts
I

iLoveDeveloping

macrumors 6502a
Sep 24, 2009
593
2,265
Ireland
I don’t have an issue with them sending the website to them for a check but surely they don’t need my IP address. That seems overkill. Apple could easily write some code to check the website url without sending an IP address and return the request to the users device - maybe they just couldn’t be bothered. ¯\_(ツ)_/¯
 
  • Like
Reactions: Oblivious.Robot, The Barron, Somian and 17 others
haruhiko

haruhiko

macrumors 604
Sep 29, 2009
6,529
5,875
Apple needs to clarify if this is only for mainland Chinese users since Google service is not available for them.

(Anyway, sending data to Google is not really that safe too. One should turn off the feature completely if it causes any concern for privacy.)
 
  • Like
Reactions: bobob, The Barron, Marekul and 13 others
K

KALLT

macrumors 603
Sep 23, 2008
5,361
3,378
It is a bit premature to suggest that user data is sent to China (as written in the headline). Is there any evidence that devices from outside of China access Tencent’s servers (and if so, where are these servers located?)?

iLoveDeveloping said:
I don’t have an issue with them sending the website to them for a check but surely they don’t need my IP address. That seems overkill. Apple could easily write some code to check the website url without sending an IP address and return the request to the users device - maybe they just couldn’t be bothered. ¯\_(ツ)_/¯
Click to expand...

That’s unavoidable if the connection is made from the device to Google’s servers directly. The only way to avoid this is by putting a server in-between, e.g. a server maintained by Apple.
 
  • Like
Reactions: hans1972, !!! and TMax
itsmilo

itsmilo

Suspended
Sep 15, 2016
3,985
8,728
Berlin, Germany
Apple never truly cared about privacy or they wouldn’t allow every app to have a billion different tracking snippets built into it. Look how many Instagram and Facebook requests I have within minutes even tho I have neither app installed
 

Attachments

  • 32E76981-0A2F-4E82-9099-DEC40F75B2A7.png
    32E76981-0A2F-4E82-9099-DEC40F75B2A7.png
    395.5 KB · Views: 4,030
  • Like
  • Wow
Reactions: Oblivious.Robot, joy.757, kiensoy and 17 others
Delgibbons

Delgibbons

macrumors 6502a
Dec 14, 2016
745
1,600
London
Stick that on a billboard, Apple. Holier than thou.

MacRumors said:



ios7_safari_icon.jpg
Apple's Fraudulent Website Warning feature in Safari for iOS and Mac has come under scrutiny for using Chinese internet giant Tencent as one of its Safe Browsing providers.

The Safari feature has long sent data to Google Safe Browsing to cross-reference URLs against a blacklist and protect users against phishing scams and sites that attempt to push malware. However, it's unclear when Apple started sending user data to Tencent as well.

Apple notes in iOS that it sends some user IP addresses to Tencent, but most users are probably unaware of the fact. The mention can be found in the "About Safari & Privacy" screen, which is linked via small text under the Privacy & Security section in Settings -> Safari. The Fraudulent Website Warning feature is also enabled by default, so users aren't likely to know that their IP address may be logged unless they opt to view the information screen.

Apple's reference to Tencent has been found on devices running iOS 13, but some tweets suggest versions as early as iOS 12.2 also included the Chinese company as a safe browsing provider.

At this point, it's difficult to know for sure whether Apple users residing outside of China are having their data sent to Tencent, but the company appears to be mentioned on iPhones and iPads registered in the U.S. and the U.K., and possibly in other countries, too.

apple-safari-fraudulent-website-warning-tencet.jpeg

The privacy implications of shifting Safe Browsing to Tencent's servers are unknown, because Apple hasn't said much about it. However, according to Johns Hopkins University professor Matthew Green, a malicious provider could theoretically use Google's Safe Browsing approach to de-anonymize a user by linking their site requests.

Apple's relationship with the Chinese government has come in for increasing criticism lately, and that could make customers uneasy about Apple's links to Tencent, which is known to work closely with the Chinese Communist Party.

As such, Green believes users "deserve to be informed about this kind of change and to make choices about it. At very least, users should learn about these changes before Apple pushes the feature into production, and thus asks millions of their customers to trust them."

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Article Link: Apple Sending User Data to Chinese Company for Fraudulent Website Warnings in Safari
Click to expand...
 
  • Like
Reactions: Oblivious.Robot, Marekul, twistedpixel8 and 1 other person
dantroline

dantroline

macrumors 6502
Oct 28, 2016
366
495
iLoveDeveloping said:
I don’t have an issue with them sending the website to them for a check but surely they don’t need my IP address. That seems overkill. Apple could easily write some code to check the website url without sending an IP address and return the request to the users device - maybe they just couldn’t be bothered. ¯\_(ツ)_/¯
Click to expand...
I can't possibly imagine why a totalitarian regime would want to know what websites you browse.
 
  • Like
Reactions: Michaelgtrusa, Jimmy James, Oblivious.Robot and 14 others
TrueBlou

TrueBlou

macrumors 601
Sep 16, 2014
4,531
3,619
Scotland
Meh, I give my details to the Chinese every other week when I phone Alec for a takeaway.....

Ok, crap joke, but Alec would like it, in fact I'll have to show him this next time I go in :p
 
  • Haha
Reactions: iGeneo
himanshumodi

himanshumodi

macrumors 6502a
May 18, 2012
643
881
India
Sigh... bad week for apple. Though here, most reaction will be over-reaction. The headline is appropriately click-baitey and misleading. Sometimes comments here read as if people want Apple to have absolutely zero interaction with China. That's not possible in a global economy. There are hundreds of ways in which China plays a role in daily things in each of our lives. They just can't be that completely isolated... not all of a sudden. Not without turning it into another North Korea. Having a business engagement with a Chinese (or another country's) company is not per se a bad thing.

That said... Apple towing China government's line as in the case of HK.live... that deserves all the criticism it's getting.
 
  • Like
Reactions: CarlJ
macfacts

macfacts

macrumors 601
Oct 7, 2012
4,720
5,551
Cybertron
Why doesn't apple have the list of fraudulent web sites downloaded to the device and have the checks done locally on the device instead of remotely on some server owned by google or some chinese company. This doesn't sound like "what happens on your iPhone stays on your iPhone".
 
  • Like
  • Love
Reactions: nickgovier, Romeo_Nightfall, CE3 and 3 others
jezbd1997

jezbd1997

macrumors 6502a
Jul 8, 2015
928
1,243
Melbourne - Australia
Disabled on my end. Seems to only be iPhone? I checked on my Mac running Sierra and it only mentions google safe browsing, maybe it’s different on newer macOS?
Hope Apple clears this up soon and removes/changes it...
 
whooleytoo

whooleytoo

macrumors 604
Aug 2, 2002
6,607
716
Cork, Ireland.
It could be that all mobile devices have a global list of servers for fraudulent site checks, so if a UK/US user visits China the device will switch to the Tencent server.

It would be very nice to know for sure. There's no point in Tim Cook giving nice public speeches about privacy, if Apple aren't open and transparent about the details. (And no, burying this in the terms and conditions/ EULA somewhere doesn't count).
 
  • Like
Reactions: jezbd1997
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom