Apple Sending User Data to Chinese Company for Fraudulent Website Warnings in Safari

Monday October 14, 2019 3:52 am PDT by Tim Hardwick
Apple's Fraudulent Website Warning feature in Safari for iOS and Mac has come under scrutiny for using Chinese internet giant Tencent as one of its Safe Browsing providers.

The Safari feature has long sent data to Google Safe Browsing to cross-reference URLs against a blacklist and protect users against phishing scams and sites that attempt to push malware. However, it's unclear when Apple started sending user data to Tencent as well.

Apple notes in iOS that it sends some user IP addresses to Tencent, but most users are probably unaware of the fact. The mention can be found in the "About Safari & Privacy" screen, which is linked via small text under the Privacy & Security section in Settings -> Safari. The Fraudulent Website Warning feature also found here is enabled by default, so users aren't likely to know that their IP address may be logged unless they opt to view the information screen.

Apple's reference to Tencent has been found on devices running iOS 13, but some tweets suggest versions as early as iOS 12.2 also included the Chinese company as a safe browsing provider.

At this point, it's difficult to know for sure whether Apple users residing outside of China are having their data sent to Tencent, but the company appears to be mentioned on iPhones and iPads registered in the U.S. and the U.K., and possibly in other countries, too.


The privacy implications of shifting Safe Browsing to Tencent's servers are unknown, because Apple hasn't said much about it. However, according to Johns Hopkins University professor Matthew Green, a malicious provider could theoretically use Google's Safe Browsing approach to de-anonymize a user by linking their site requests.

Apple's relationship with the Chinese government has come in for increasing criticism lately, and that could make customers uneasy about Apple's links to Tencent, which is known to work closely with the Chinese Communist Party.

As such, Green believes users "deserve to be informed about this kind of change and to make choices about it. At very least, users should learn about these changes before Apple pushes the feature into production, and thus asks millions of their customers to trust them."

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Tags: China, Safari
[ 188 comments ]

Top Rated Comments

(View all)

Avatar
berrymetal
14 weeks ago
This past week has been a major turning point for me concerning my trust for Apple
Rating: 61 Votes
Avatar
KidAKidB
14 weeks ago


This past week has been a major turning point for me concerning my trust for Apple

This is what people have been saying for years... Apple doesn't truly care about privacy, it's all marketing to make up for the fact that they were falling behind in machine learning.
Rating: 35 Votes
Avatar
Heineken
14 weeks ago


This past week has been a major turning point for me concerning my trust for Apple

I have said in the past that I have no reason not to trust Apple unless they give me one. Now i have.
Rating: 22 Votes
Avatar
Heineken
14 weeks ago


Just go into the settings for Safari, and turn off fraudulent website warning

if turning it off actually turns it off.
Rating: 21 Votes
Avatar
iLoveDeveloping
14 weeks ago
I don’t have an issue with them sending the website to them for a check but surely they don’t need my IP address. That seems overkill. Apple could easily write some code to check the website url without sending an IP address and return the request to the users device - maybe they just couldn’t be bothered. ¯\_(ツ)_/¯
Rating: 20 Votes
Avatar
itsmilo
14 weeks ago
Apple never truly cared about privacy or they wouldn’t allow every app to have a billion different tracking snippets built into it. Look how many Instagram and Facebook requests I have within minutes even tho I have neither app installed

Rating: 20 Votes
Avatar
Jacquesvw
14 weeks ago
Apple claims to take privacy seriously, but then they send user data to some Chinese company... bloody hypocrites!
Rating: 17 Votes
Avatar
haruhiko
14 weeks ago
Apple needs to clarify if this is only for mainland Chinese users since Google service is not available for them.

(Anyway, sending data to Google is not really that safe too. One should turn off the feature completely if it causes any concern for privacy.)
Rating: 16 Votes
Avatar
iGeneo
14 weeks ago
Just go into the settings for Safari, and turn off fraudulent website warning
Rating: 16 Votes
Avatar
dantroline
14 weeks ago


I don’t have an issue with them sending the website to them for a check but surely they don’t need my IP address. That seems overkill. Apple could easily write some code to check the website url without sending an IP address and return the request to the users device - maybe they just couldn’t be bothered. ¯\_(ツ)_/¯

I can't possibly imagine why a totalitarian regime would want to know what websites you browse.
Rating: 16 Votes

[ Read All Comments ]