Apple redirects Google Safe Browsing traffic through its own proxy servers to prevent disclosing users’ IP addresses to Google in iOS 14.5

safebrowsing

Update 1:58 AM PT: Updated the post to clear confusion about how Google’s Safe Browsing feature works.


Apple’s privacy push is much more widespread than it seems at the surface. A perfect example is the new privacy feature in iOS 14.5 Beta 1 (V2) which redirects Google Safe Browsing traffic through Apple’s own proxy servers to enhance users’ privacy and to not let Google see your IP address.

Google Safe Browsing is a security service created by Google that checks whether a website is malicious. When you access a website on the desktop version of Chrome on your Mac or PC, for instance, Google Safe Browsing checks if a website is safe to browse and displays a warning accordingly. The user ultimately has the choice, however.

As Reddit user u/jaydenkieran explains, Apple uses Google Safe Browsing when you enable “Fraudulent Website Warning” within the Safari settings in the Settings app on iPhone or iPad.

According to Google, its Safe Browsing system works by scanning sections of Google’s web index and “identifying potentially compromised websites.” Then, Google tests those websites by using a virtual machine to check if the website compromises the system. If it does, it’s added to Google’s online database. Google also identifies phishing websites by using statistical models.

According to Apple, before visiting a website, Safari may send hashed prefixes of the URL (Apple terms it “information calculated from the website address”) to Google Safe Browsing to check if there’s a match.

Since Apple uses a hashed prefix, Google cannot learn which website the user is trying to visit. Up until iOS 14.5, Google could also see the IP address of where that request is coming from. However, since Apple now proxies Google Safe Browsing traffic, it further safeguards users’ privacy while browsing using Safari.

Apple has been intensifying its push for privacy with iOS 14 what with the App Tracking Transparency update and the inclusion of App Privacy Reports in the App Store.

At the same time, companies like Facebook are actively opposing the Cupertino giant, accusing it of negatively affecting the advertising industry. Apple’s response has been simple:

“We believe that this is a simple matter of standing up for our users. Users should know when their data is being collected and shared across other apps and websites — and they should have the choice to allow that or not. App Tracking Transparency in iOS 14 does not require Facebook to change its approach to tracking users and creating targeted advertising, it simply requires they give users a choice.”

Google itself had been holding off on updating its host of apps on the App Store due to the App Privacy Health Reports in the App Store that lets users view how an app tracks them. However, Google later disclosed that it will update its apps to include as little tracking as possible.

Having said that, it’s interesting to see Apple focus on enhancing user privacy as much as they can. And setting up a proxy server to filter Google Safe Browsing traffic just so Google cannot see users’ browsing activity will be a welcome move for a lot of users.