It has been revealed that from at least iOS 12.2, Apple has been sending data to the Chinese tech giant Tencent.
A report by Reclaim The Net, has revealed that from as early as the iOS 12.2 beta in February 2019, Apple has been sending some users’ IP addresses to Tencent in the “About Safari & Privacy” section of its Safari settings, under the title “Fraudulent Website Warning.”
Safari’s Fraudulent Website Warning feature is designed like the Safe Browsing feature to protect users from various online threats by checking every website that is visited.
Apple said: “Before visiting a website, Safari may send information calculated from the website address to Google Safe Browsing and Tencent Safe Browsing to check if the website is fraudulent. These safe browsing providers may also log your IP address.”
The feature has come under scrutiny by privacy advocates as it brings to question what Tencent might do with the data and whether the data will be utilised for surveillance purposes.
Additionally privacy advocates and apple users are concerned about the lack of disclosure of such a big feature.
Cryptography Professor Matthew Green from John Hopkin University notes that theoretically a malicious provider could use the Google’s Safe Browsing approach to “de-anonymize” a user.
The report explained: “If Tencent logs the IP address of an iPhone or iPad user through its Safe Browsing service, this information could potentially be used to identify the owner of the device by searching for instances of the IP address across Tencent’s other services.”
“This feature appears to be ‘on’ by default in iOS Safari, meaning that millions of users could potentially be affected,” said Hopkins.
Users are able to turn the Fraudulent Website Warning feature OFF in safari.
The post #Privacy: Apple under scrutiny for sending users’ browsing data to China’s Tencent appeared first on PrivSec Report.