Google Under Fire for Circumvention of Cookie Settings in Safari for iOS to Track Users

The Wall Street Journal reports that Google and several other advertising agencies have been discovered to be circumventing privacy protections in Apple's Safari browser for iOS devices in order to track users through ads on numerous popular websites. Google implemented the technique in order to embed +1 buttons on its ads, tricking users' systems into allowing cookies by using an invisible form submission to make Google's third-party cookies, which are blocked by Safari, appear as first-party cookies that are allowed.

To get around Safari's default blocking, Google exploited a loophole in the browser's privacy settings. While Safari does block most tracking, it makes an exception for websites with which a person interacts in some way—for instance, by filling out a form. So Google added coding to some of its ads that made Safari think that a person was submitting an invisible form to Google. Safari would then let Google install a cookie on the phone or computer.

The cookie that Google installed on the computer was temporary; it expired in 12 to 24 hours. But it could sometimes result in extensive tracking of Safari users. This is because of a technical quirk in Safari that allows companies to easily add more cookies to a user's computer once the company has installed at least one cookie.


Google halted the practice once it was contacted by The Wall Street Journal about it, but has tried to downplay the impact of the issue.

In a statement, Google said: "The Journal mischaracterizes what happened and why. We used known Safari functionality to provide features that signed-in Google users had enabled. It's important to stress that these advertising cookies do not collect personal information."

In a companion blog post, The Wall Street Journal notes that the loophole that had permitted Google to bypass Safari's privacy protections has been closed in WebKit, the open source engine behind Safari, with the change having been made by two Google engineers. Consequently, Apple could and appears to be preparing to bring that fix to the public version of Safari.

An Apple spokesman said: “We are aware that some third parties are circumventing Safari’s privacy features and we are working to put a stop to it.”

An update to the software that underlies Safari has closed the loophole that allows cookies to be set after the automatic submission of invisible forms. Future public versions of Safari could incorporate that update. The people who handled the proposed change, according to software documents: two engineers at Google.

The issue was discovered by Stanford graduate student Jonathan Mayer, who has also published an extensive blog post offering additional technical details on how Google and other advertising companies circumvented Safari's default cookie settings.

Top Rated Comments

(View all)
Avatar
113 months ago
"Don't be evil."
Score: 36 Votes (Like | Disagree)
Avatar
113 months ago
This is completely unacceptable. You would expect this kind of behavior from some type of shady malware outfit. Is this what Google has become? I know the "don't be evil" thing was thrown out the window a long time ago but this is stooping to a new low even for Google.
Score: 32 Votes (Like | Disagree)
Avatar
113 months ago
It's like Google is trying to become nothing more than adware or something.

:rolleyes:
Score: 31 Votes (Like | Disagree)
Avatar
113 months ago
If they behave in this way with someone else's browser, makes you wander what shady activities they get up to on their own.
Score: 30 Votes (Like | Disagree)
Avatar
113 months ago
This is evil.

This is evil. These yahoos were deliberately working around the privacy/security on a platform. There should be a massive fine and people should be fired from the company.

The really shocking thing is that very smart people within the company noted this loophole and designed the workaround. Did their ethical light-bulbs never go on? Can the government subpoena email records to see how high up the company people knew about this evil act?
Score: 30 Votes (Like | Disagree)
Avatar
113 months ago

Google exploits it.
Google fixes it (both on their end, and in Webkit project source)

Sounds like it really was purely unintentional. It's such a short lived behavior, they can't really get anything significant out of it.

Non-issue, only newsworthy because it's mildly interesting.


Yup, I "unintentionally" write lines of code all the time that exploit loopholes that benefit me.
Score: 29 Votes (Like | Disagree)

Top Stories

Early iPhone 12 Tests Show Ceramic Shield is Stronger and More Scratch Resistant Than iPhone 11 Glass

Friday October 23, 2020 1:21 pm PDT by
Apple's new iPhone 12 models are protected by a Ceramic Shield cover glass that has nano-ceramic crystals infused right into the glass to improve durability. According to Apple, Ceramic Shield offers four times better drop protection than the glass used for the iPhone 11 models. YouTube channel MobileReviewsEh conducted some tests on the iPhone 12 using a force meter to compare its performance ...

iPhone 12 Pro Allows You to Measure Someone's Height Instantly Using LiDAR Scanner

Saturday October 24, 2020 11:12 am PDT by
iPhone 12 Pro models feature a new LiDAR Scanner for enhanced augmented reality experiences, but the sensor also enables another unique feature: the ability to measure a person's height instantly using the Measure app. You can even measure the seated height of a person in a chair, according to Apple. When the Measure app detects a person in the viewfinder, it automatically measures their...

Google Reportedly Pays Apple $8-12 Billion Per Year to be Default iOS Search Engine

Sunday October 25, 2020 2:59 pm PDT by
The United States Justice Department is targeting a lucrative deal between Apple and Google as part of one of the U.S. government's largest antitrust cases, reports The New York Times. On Tuesday, the Justice Department filed an antitrust lawsuit against Google, claiming the Mountain View-based company used anticompetitive and exclusionary practices in the search and advertising markets to ...

Apple References Unreleased 2020 16-Inch MacBook Pro in Boot Camp Update

Monday October 26, 2020 8:42 am PDT by
Last week, Apple released an update for Boot Camp, its utility for running Windows on a Mac. While this update would typically be unremarkable, several of our readers noticed that the release notes reference an unreleased 2020 model of the 16-inch MacBook Pro. While this could easily be a mistake, the 16-inch MacBook Pro is nearly a year old, so it is certainly a worthy candidate for a...

Apple Warns MagSafe Charger Can Leave Circular Imprints on Leather Cases

Friday October 23, 2020 3:23 pm PDT by
If you keep your iPhone in a leather case while charging with Apple's new MagSafe Charger, the case might show circular imprints from contact with the accessory, according to a new Apple support document published today. Apple's leather cases for the iPhone 12 and iPhone 12 Pro are not available until November 6, but a MacRumors reader has already shared a photo of a circular imprint on...

iPhone 11 Pro Outlasts iPhone 12 and 12 Pro in Extensive Battery Life Test

Friday October 23, 2020 8:36 am PDT by
Arun Maini today shared a new side-by-side iPhone battery life video test on his YouTube channel Mrwhosetheboss, timing how long the new iPhone 12 and iPhone 12 Pro models last on a single charge compared to older models, with equal brightness, settings, battery health, and usage. All of the devices are running iOS 14 without a SIM card inserted. In the test, the iPhone 11 Pro outlasted both ...

PSA: Non-iPhone 12 Models Charge Super Slowly With MagSafe Charger

Friday October 23, 2020 4:11 pm PDT by
Alongside the iPhone 12 models, Apple introduced a new $39 MagSafe Charger that's meant to work with the magnets in the iPhone 12 Pro models to charge them up at a maximum of 15W. The MagSafe Charger is technically able to be used with older iPhones, but it's not a good idea because the charging with non-iPhone 12 devices is so slow. We did two tests with the iPhone XS Max, draining the...

MagSafe Charger Teardown Reveals Simple Design With Magnets and Charging Coil Encircling a Small Circuit Board

Friday October 23, 2020 7:50 am PDT by
iFixit has today shared a teardown of Apple's new MagSafe charger for the iPhone 12 and iPhone 12 Pro. An X-ray of the MagSafe charger courtesy of Creative Electron reveals the internal charging coil surrounded by a circular arrangement of magnets within the puck. The only seam that iFixit was able to leverage to open the device was where the white rubber circle meets the metal rim,...

Apple VP Kaiann Drance Interview Addresses Battery Life, MagSafe, and Power Adapter Concerns

Friday October 23, 2020 3:37 am PDT by
Apple's Vice President of iPhone Marketing, Kaiann Drance, has provided a new interview to Rich DeMuro on the Rich on Tech Podcast, to discuss the iPhone 12 and iPhone 12 Pro. Although much of the interview repeated points from Apple's "Hi, Speed" event, there were a number of interesting tidbits regarding the affect of 5G on battery life, MagSafe concerns, and the lack of a power adapter in...

iFixit Shares Full iPhone 12 and 12 Pro Teardown Revealing Interchangeable Displays and Batteries

Saturday October 24, 2020 1:48 pm PDT by
After live streaming a teardown of the iPhone 12 and iPhone 12 Pro earlier this week, iFixit today provided a more in-depth teardown that goes through all of the components in the new devices, revealing several similarities between the two. Early testing conducted by iFixit shows that the iPhone 12 and 12 Pro displays are interchangeable and can be swapped without issue, though the max...