Apple has issued a statement following the media reports that were published over the weekend, claiming that the Safari web browser was secretly sending user browsing data to Chinese owned Tencent.
The reports came when it was found recently that that Apple had implemented a second “safe browsing” system within Safari.
Safe browsing mechanisms were named after Google’s Safe Browsing service. This feature has been designed to protect users from various online threats by simply checking every website they visit against a regularly updated list of malicious websites.
For several years, Apple was using Google’s Safe Browsing API inside Safari to check for malicious links. But from this year, Apple also added Tencent’s safe browsing system to Apple as well.
It was this news which has been misinterpreted by several news outlets under the scary headlines of “Apple sends users’ web browsing history to China.” But the reality is that this is not how modern safe browsing mechanisms work.
The earlier versions of safe browsing mechanisms depended on sending a URL over the internet to a “safe browsing provider” where the link was checked against a remote database of malicious sites. but in the case of most safe browsing mechanisms, like the ones managed by Google and Tencent, it works by sending a copy of the database to a user’s browser and allowing the browser to check the URL against this local database.
Apple states that their developers have implemented Safari’s safe browsing mechanism to never send the user’s internet browsing traffic to safe browsing providers.
It is also noted that Tencent is not the default safe browsing provider and that it is only used on devices where the Chinese locale is enabled.
The main reason for supporting Tencent is that the Chinese government had banned Google domains inside China.So, Safari users in China will not be able to receive Google’s database of malicious links and subsequent updates.
Apple added support for Tencent as an alternative safe browsing provider specifically for Chinese users so that their Chinese userbase is safe like all other users and to show alert whenever they end up landing on a malicious site.
Apple’s full statement is givern below
Apple protects user privacy and safeguards your data with Safari Fraudulent Website Warning, a security feature that flags websites known to be malicious in nature. When the feature is enabled, Safari checks the website URL against lists of known websites and displays a warning if the URL the user is visiting is suspected of fraudulent conduct like phishing.
To accomplish this task, Safari receives a list of websites known to be malicious from Google, and for devices with their region code set to mainland China, it receives a list from Tencent. The actual URL of a website you visit is never shared with a safe browsing provider and the feature can be turned off.