Apple may be sending your browser data to China

Appel is in the news a lot this week with the removal of an App that allows Chinese protestors to know where police are at any moment and now Apple has been found to send Safe Browsing tech to China.

Up until recently Apple has used Google’s Safe Browsing tech to protect users from phishing sites, if you attempt to visit a URL that Google has flagged as fraudulent or as a source of malware, a warning will be displayed in Safari advising you not to proceed to the website.

In iOS 13, the small-print advising users of this fact has been changed to say that data may be sent to both Google and Tencent.

“Before visiting a website, Safari may send information calculated from the website address to Google Safe Browsing and Tencent Safe Browsing to check if the website is fraudulent. These safe browsing providers may also log your IP address.”

Trusting users data to Google was ok for most users as Google a SHA256 hash of each unsafe URL in its database, and truncates each hash down to a 32-bit prefix to save space. Google then sends the database of truncated hashes down to your browser. Each time you visit a URL, your browser hashes it and checks if its 32-bit prefix is contained in your local database. If the prefix is found in the browser’s local copy, your browser now sends the prefix to Google’s servers, which ship back a list of all full 256-bit hashes of the matching URLs, so your browser can check for an exact match.

Now with Tencent in the mix we have to trust that when our Data is sent to this Chinese company that they will not share it with Government officials. To turn it off, go to Settings > Safari and toggle off Fraudulent Website Warning. Note, however, that you will then lose the protection against malicious sites