Apple brings another innovation to strengthen data protection in iOS. It affects a function in Safari that warns users of potentially fraudulent websites, i.e. pages on which personal data is to be extracted from the user through phishing, for example. Up until now, Safari has sent data about the website visited, such as the URL, to Google, where it was compared with a database containing information about fraudulent websites. Google calls this data pool Safe Browsing and also uses it for its own Chrome browser.
The URLs were not transmitted in clear text, but hash values were exchanged, so that Google never owned the websites visited by the iPhone users. However, the IP addresses could be saved by Google, that will now change.
As of iOS 14.5, data runs via Apple
As the chief engineer of WebKit development at Apple has now confirmed, the data query for Safe Browsing to Google will in future be sent via Apple servers that act as a proxy, so Google will no longer receive any data about the individual iOS users. Initial analyzes of incoming and outgoing data traffic under iOS 14.5 Beta 1 already show that the change has been implemented.
This article is a bit confused on the details of how Safe Browsing works, but in the new iOS beta, Safari does indeed proxy the service via Apple servers to limit the risk of information leak.https://t.co/TlDZNMO8do
– othermaciej (@othermaciej) February 11, 2021
This innovation is only a small piece of the puzzle, but once again shows Apple’s motivation to seriously strengthen user data protection.