If you regularly use Apple’s Safari browser, you are probably familiar with its “Fraudulent Website Warning,” which gives you a try on whether the site you are about to visit, si, en elaborate phishing scams. What you probably did not know is that this security feature until now relied on a cloudy Google database to work. Now, as part of the privacy features soon rolling out in iOS 14, it seems that Apple is interrupting these ties completely.
MacRumors var first to notice some screenshots of iOS 14.5 beta are being swapped over Reddit that shows clearly Apple uses its own servers as an intermediary between your phone and Google’s databases. As the original poster was posted, it seems that web traffic on Safari stops a new URL – “proxy.safebrowsing.apple” – before it hits Google’s own service.
In a nutshell, “Google Safe Browsing“Database is actually a list of sites that are known to be scams or insecure in any way that Google continuously updates by crawling the web. Non-Google apps – such as Safari – can connect to Google’s servers and receive either a hash or non-hash list of prefixes from these scam sites. When you do this, everyone instinctively clicks on Google’s servers to see if the URL you are visiting matches any of the names on this list. If they do, a warning flag will go up.
The problem here is that Google is, well, Google, and Apple has made a solid effort to put privacy and data protection at the core of iOS 14 updates. Pinging Google’s servers in this way – especially if these addresses are hashed – can not expose too much information in addition to your IP address or other bits of so-called “unidentifiable data“But at the end of the day, data is still data, and that data is still coming to Google.
Earlier this week, Apple’s chief engineer for WebKit confirmed that Apple’s attempts to capture this traffic are a way to “limit the risk of information leakage.” In other words, it’s a way to keep Google’s dirty hands out of user data, no matter how harmless the cause may seem..