Despite being a "champion" of privacy and human rights, Apple is accused of sending IP addresses from its Safari browser on iOS to Chinese conglomerate Tencent.
The issue came to the fore when Reclaim The Net published an article on October 10.
Apple admits that it sends some user IP addresses to Tencent in the “About Safari & Privacy” section of its Safari settings which can be accessed on an iOS device by opening the Settings app and then selecting “Safari > About Privacy & Security.” Under the title “Fraudulent Website Warning,” Apple says:
“Before visiting a website, Safari may send information calculated from the website address to Google Safe Browsing and Tencent Safe Browsing to check if the website is fraudulent. These safe browsing providers may also log your IP address.”
Tencent is a company that is said to have close ties to the Chinese Communist Party. The company is accused of supporting surveillance activities within China, with the likes of QQ and WeChat allegedly supporting state monitoring.
Safe browsing is intended to do no more than warn users when they try to visit a suspected phishing site—as Apple explains, it helps prevent users visiting a fraudulent website which “masquerades as a legitimate one, such as a bank, financial institution or email service provider.” The issue, though, is that “before you visit a website, Safari may send information calculated from the website address to Safe Browsing providers to check if the website is fraudulent.” And one of those providers is Tencent, a conglomerate that is very much inside Beijing’s circle of trust.
Tencent’s Safe Browsing has been in the public domain since 2017.
Apple also uses Google’s equivalent safe browsing service. The safe browsing setting is switched on by default, so by default it could impact all iOS Safari browsing.
“It’s unclear when Apple started allowing Tencent and Google to log some user IP addresses,” Reclaim The Net says, “but one Twitter user reported seeing this change to Safari as early as the iOS 12.2 beta in February 2019. Safari is the default browser on iOS devices... Even if people install a third-party browser on their iOS device, viewing web pages inside apps still opens them in an integrated form of Safari called Safari View Controller... forcing people back into Safari make it difficult for people to avoid the Safari browser completely when using an iPhone or iPad.”
The news prompted Apple China backlash, with users taking to the internet to share their intent to turn off safe browsing, such was their concern about the invasion of personal privacy Beijing was about to inflict on them. Others sensibly dismissed the dangers—almost all of which are ambiguous.
U.S. or European users who are already under China's radar could consider Tencent’s Safe Browsing service could be just one way for China to keep internet users under radar. However, today, there are easier and more rewarding ways for China to follow you around. If you’re in China, though, there is every chance that such data is collected and used.
For Apple, it's just another day with a headline implying that the company is compromising its own standards and user privacy protections to benefit the Chinese state.