Google Under Fire for Circumvention of Cookie Settings in Safari for iOS to Track Users

The Wall Street Journal reports that Google and several other advertising agencies have been discovered to be circumventing privacy protections in Apple's Safari browser for iOS devices in order to track users through ads on numerous popular websites. Google implemented the technique in order to embed +1 buttons on its ads, tricking users' systems into allowing cookies by using an invisible form submission to make Google's third-party cookies, which are blocked by Safari, appear as first-party cookies that are allowed.

To get around Safari's default blocking, Google exploited a loophole in the browser's privacy settings. While Safari does block most tracking, it makes an exception for websites with which a person interacts in some way—for instance, by filling out a form. So Google added coding to some of its ads that made Safari think that a person was submitting an invisible form to Google. Safari would then let Google install a cookie on the phone or computer.

The cookie that Google installed on the computer was temporary; it expired in 12 to 24 hours. But it could sometimes result in extensive tracking of Safari users. This is because of a technical quirk in Safari that allows companies to easily add more cookies to a user's computer once the company has installed at least one cookie.

google safari ios tracking
Google halted the practice once it was contacted by The Wall Street Journal about it, but has tried to downplay the impact of the issue.

In a statement, Google said: "The Journal mischaracterizes what happened and why. We used known Safari functionality to provide features that signed-in Google users had enabled. It's important to stress that these advertising cookies do not collect personal information."

In a companion blog post, The Wall Street Journal notes that the loophole that had permitted Google to bypass Safari's privacy protections has been closed in WebKit, the open source engine behind Safari, with the change having been made by two Google engineers. Consequently, Apple could and appears to be preparing to bring that fix to the public version of Safari.

An Apple spokesman said: “We are aware that some third parties are circumventing Safari’s privacy features and we are working to put a stop to it.”

An update to the software that underlies Safari has closed the loophole that allows cookies to be set after the automatic submission of invisible forms. Future public versions of Safari could incorporate that update. The people who handled the proposed change, according to software documents: two engineers at Google.

The issue was discovered by Stanford graduate student Jonathan Mayer, who has also published an extensive blog post offering additional technical details on how Google and other advertising companies circumvented Safari's default cookie settings.

Top Rated Comments

3N16MA Avatar
145 months ago
"Don't be evil."
Score: 36 Votes (Like | Disagree)
newagemac Avatar
145 months ago
This is completely unacceptable. You would expect this kind of behavior from some type of shady malware outfit. Is this what Google has become? I know the "don't be evil" thing was thrown out the window a long time ago but this is stooping to a new low even for Google.
Score: 32 Votes (Like | Disagree)
lifeinhd Avatar
145 months ago
It's like Google is trying to become nothing more than adware or something.

:rolleyes:
Score: 31 Votes (Like | Disagree)
jon1987 Avatar
145 months ago
If they behave in this way with someone else's browser, makes you wander what shady activities they get up to on their own.
Score: 30 Votes (Like | Disagree)
FloatingBones Avatar
145 months ago
This is evil.

This is evil. These yahoos were deliberately working around the privacy/security on a platform. There should be a massive fine and people should be fired from the company.

The really shocking thing is that very smart people within the company noted this loophole and designed the workaround. Did their ethical light-bulbs never go on? Can the government subpoena email records to see how high up the company people knew about this evil act?
Score: 30 Votes (Like | Disagree)
trainwrecka Avatar
145 months ago
Google exploits it.
Google fixes it (both on their end, and in Webkit project source)

Sounds like it really was purely unintentional. It's such a short lived behavior, they can't really get anything significant out of it.

Non-issue, only newsworthy because it's mildly interesting.

Yup, I "unintentionally" write lines of code all the time that exploit loopholes that benefit me.
Score: 29 Votes (Like | Disagree)

Popular Stories

dynamic island

iPhone 15 Dynamic Island to Include New Integrated Proximity Sensor

Friday March 24, 2023 12:27 am PDT by
This year, all iPhone 15 models will include Apple's Dynamic Island that unifies the pill and hole cutouts at the top of the display, but there will also be a material change to the feature that wasn't included in the iPhone 14 Pro models. According to a new tweet by Apple industry analyst Ming-Chi Kuo, the proximity sensor on the iPhone 15 series will be integrated inside the Dynamic Island ...
apple park at night 1

Apple 'Tracking Employee Attendance' in Crackdown on Remote Working

Thursday March 23, 2023 3:41 am PDT by
Apple is tracking the attendance of its employees at offices using badge records in order to ensure they are coming in at least three times a week, according to Platformer's Zoë Schiffer. Since April 2022, Apple employees have been operating on a hybrid home/office work policy as part of a gradual return strategy following the pandemic, with staff required to work from the office at least...
iphone 14 pro max deep purple feature purple

iPhone 15 Pro Rumor Recap: 10 New Features and Changes to Expect

Thursday March 23, 2023 6:42 am PDT by
While the iPhone 15 series is still around six months away from launching, there have already been plenty of rumors about the devices. Many new features and changes have been rumored for the iPhone 15 Pro and iPhone 15 Pro Max in particular. Below, we have recapped 10 changes rumored for iPhone 15 Pro models that are not expected to be available on the standard iPhone 15 and iPhone 15 Plus:A1...
maxresdefault

Nothing Launches $149 Ear (2) Wireless Earbuds to Compete With AirPods Pro 2

Wednesday March 22, 2023 9:48 am PDT by
Nothing today announced the launch of its second-generation wireless earbuds, the Nothing Ear (2), which offer many of the same features as Apple's AirPods Pro 2 at a lower price point. We went hands-on with the Ear (2) earbuds to see whether they're a viable alternative to the AirPods Pro 2 for those who want to save some cash. The Ear (2) earbuds are the successor to the Nothing Ear (1),...
TMobile Sprint

Apple Stops Allowing Sprint iPhone Activations, Removes Sprint References From Online Store

Thursday March 23, 2023 12:06 pm PDT by
Apple is no longer allowing customers who purchase an iPhone, cellular iPad, or Apple Watch to activate a device with now-defunct mobile carrier Sprint. Apple has also removed remaining references to Sprint from its online store. When checking out with a new purchase, Sprint is no longer an option for connectivity, a change that Apple appears to have implemented today. Prior to now, Sprint...
iOS 16

iOS 16.4 for iPhone Nearing Launch With These 5 New Features

Monday March 20, 2023 11:50 am PDT by
Apple says iOS 16.4 is coming in the spring, which began this week. In his Sunday newsletter, Bloomberg's Mark Gurman said the update should be released "in the next three weeks or so," meaning a public release is likely in late March or early April. iOS 16.4 remains in beta testing and introduces a handful of new features and changes for the iPhone. Below, we have recapped five new features ...
Hero0009

Best Apple Deals of the Week: Samsung's Smart Monitor M8 Gets Massive $250 Discount, Along With Year's Best AirPods Prices

Friday March 24, 2023 10:23 am PDT by
We saw a lot of great deals on Apple products and related accessories this week, including Samsung's iMac-like Smart Monitor M8 for $250 off, a 30 percent off spring sale at Anker, and the year's best prices on numerous AirPods models. All of these deals are still available to purchase right now, so we're recapping them and more below. Note: MacRumors is an affiliate partner with some of these ...
top stories 25mar2023

Top Stories: iPhone 15 Pro Design Leak, iOS 16.4 Coming Soon, and More

Saturday March 25, 2023 6:00 am PDT by
We're still almost six months away from the official unveiling of the iPhone 15 lineup, but it seems like every day we're learning more about what to expect from the next-generation models. Notably, this week gave us our clearest look yet at what appear to be some changes for the volume and mute control hardware. iOS 16.4 and associated releases are also right around the corner with some new ...