Security News > 2021 > February > Apple iOS 14.5 will hide Safari users' IP addresses from Google's Safe Browsing
Apple's forthcoming iOS 14.5 release, currently in beta, will conceal the IP address of Safari web surfers from Google's Safe Browsing service, integrated into Safari to spot fraudulent websites.
That means when Safari users visit a website with Safe Browsing active, their IP addresses will be associated with an Apple domain rather than their internet service provider or corporate network.
Nor is it obvious whether IP privacy is enough to justify activating Safe Browsing, which mobile Safari users can do via the Fraudulent Website Warning button in the browser's Settings menu.
The Safe Browsing API has improved since then in that there's now an alternative to the URL-exposing Lookup API: The Update API allows client software to download an encrypted Safe Browsing list of 32-bit prefixes of SHA256 hashes derived from bad URLs to match against a 32-bit hash prefix of the URL the user aims to visit.
Green said the privacy community had reconciled itself to the tradeoffs, allowing that Google might glean more information from those implementing and using Safe Browsing in exchange for reducing potential exposure to fraudulent or malicious websites.
As Apple explains in its macOS Safari help documentation, "Before you visit a website, Safari may send information calculated from the website address to Google Safe Browsing to check if the website is fraudulent. If you have China mainland set as your region in the Language & Region pane of System Preferences, Safari may also use Tencent Safe Browsing to do this check."
News URL
https://go.theregister.com/feed/www.theregister.com/2021/02/12/apple_safe_browing/
Related news
- Apple releases iOS 18, with security and privacy improvements (source)
- Week in review: Critical VMware vCenter Server bugs fixed, Apple releases iOS 18 (source)
- Fake Trading Apps Target Victims Globally via Apple App Store and Google Play (source)
- Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability (source)