Apple decided to take control of something that, until now, no one dared to touch. Leaks of personal data and other information about users. This information is used to target advertisements, but almost certainly not only for this. Many companies will lose billions because of Apple’s actions. Now that too – and it’s impossible to predict how Google will react to it. Apple’s previous initiative, security labels, has left Google confused. Since December 7 of last year, new apps and updates to existing ones are accepted on the App Store only when these shortcuts are provided. Labels are a list of user data that is collected by the application. We will return to this topic later. There is something new.
In the beta version of iOS / iPadOS 14.5, as it turned out, Google’s Safe Browsing service will not be able to collect user data Safari. The service checks if the user is trying to visit if the site is not fraudulent, for example, phishing, and whether it is blacklisted. Before sending such a request, the URL of the suspicious site turned into a 32-bit hash, and the sender’s IP was added to it, without informing anyone about it, in a compressed form. Before sending a request to Google, traffic is redirected to an Apple proxy service, which changes the sender’s IP to the IP of one of the Apple servers created specifically for this.
Why you need Google Safe Browsing?
This service was developed for Google Chrome and has become one of the important competitive advantages. Based on the service, APIs (Application Programming Interfaces) were produced, making it possible to support this service’s support in other browsers. The service is used in Firefox and Safari, and several others. This is indeed an excellent service that has saved the browser’s users in which it is used money, nerves, health, and possibly life.
If the site is dangerous, Google will warn you about it.
There is a “blacklist” of hundreds of thousands or even millions of URLs for suspicious sites somewhere in Google. The service uses algorithms to detect phishing. If the result is positive, the site’s loading is interrupted, the user is informed about the reason for the blocking. In parallel with this, it is checked whether the requested URL is included in the blacklist. If the suspicions are confirmed, and the resource is really dangerous, its download is canceled.
iOS 14.5 security
All requests sent to Google via Safari with Safe Browsing enabled will be verified through Apple’s servers.
Apple didn’t even hope that no one would find out about this innovation. Developers, as soon as the first beta of the next version of iOS and/or iPadOS falls into their hands, study it carefully (and not without pleasure). And not notice the appearance proxy: safebrowsing.appleto, which traffic is redirected instead of safebrowsing.googleapis.com, they couldn’t. The service works no worse than in iOS/iPadOS 14.4 and earlier. The head of WebKit developers confirmed everything: that traffic is being redirected, that the IP of one of the Apple servers is substituted for the user’s IP – by the way, he said about the servers created by Apple for this task. Fortunately, this service can be turned off – if suddenly it starts behaving strangely. Do you think it is valid?
What is the App Store privacy shortcut?
On December 7 last year, Apple stopped accepting new applications and updates to existing ones without a list of collected data for review. In these lists, Apple asked developers to be honest and not withhold anything. The developers did not long puzzle over the question: how can they find out what and how is leaking in each of the millions of applications in the App Store? It’s almost obvious — you’re not.
Apple does not actually verify the information provided. Why waste time, effort, and money on this? Users of applications that do not correspond to the information declared by their authors can easily cope with this task of their own free will. A third or half of the applications revealed the deception. How it will end – I do not know. Google had not updated its iOS apps since December 7 last year. They did not lie. Apparently, everyone understood immediately.