Privacy advocates criticize Apple for sharing some users browsing data with Tencent

New problems for Apple, most of its users likely ignore that the company is sharing iOS web browsing data on some of them to Chinese giant Tencent.

Most Apple users likely don’t know that the tech giant is sending iOS web browsing data on some of them to the Chinese giant Tencent.

The news is worrying, starting from at least iOS 12.2, Apple has integrated the “Tencent Safe Browsing” to improve security of its users and protect them from fraudulent websites. The Tencent Safe Browsing does it by implementing the “Fraudulent Website Warning” feature in the Safari web browser for both iOS and macOS that checks every site visited by the users.

The service leverages a blacklist of malicious websites that are continuously updated. The blacklist was initially provided by Google’s Safe Browsing service. In order to prevent users from visiting malicious websites, blacklisting services have to know the websites he visits and also log their IP address to manage the browsing history. At the time, it’s not clear if Tencent is also collecting IP addresses from users residing outside of China, likely the Tencent’s blacklist is only provided to Chinese users because Google’s services are blocked in the country.

“Before visiting a website, Safari may send information calculated from the website address to Google Safe Browsing and Tencent Safe Browsing to check if the website is fraudulent. These safe browsing providers may also log your IP address,” Apple notes.

Experts fear that Tencent could have access to the same data sent to Google and intelligence experts believe that it could share the same information with the Chinese government.

“Tencent works closely with the Chinese Communist Party. It facilitates government censorship in China through its multi-functional utility app WeChat.” reported the website “The company also released a game pro-Chinese Communist Party game called Clap for Xi Jinping: An Awesome Speech in 2017 which, as the title suggests, encourages users to virtually clap for the Chinese president Xi Jinping. In addition to this, Tencent is reportedly collaborating with the Chinese Communist Party to develop “patriotic” video games.”

Privacy advocates believe that such kind of major changes has to be notified to the users.

The good news is that users could turn off the Fraudulent Website Warning feature in Safari, even if they are potentially exposed to online threats.

The feature is enabled by default on iPhones and iPads devices running iOS 13, below the instruction to disable it:

iOS: Settings > Safari > Turn off Fraudulent Website WarningmacOS: Safari > Preferences > Security > Uncheck Warn when visiting a fraudulent website

window._mNHandle = window._mNHandle || {};
window._mNHandle.queue = window._mNHandle.queue || [];
medianet_versionId = “3121199”;

try {
window._mNHandle.queue.push(function () {
window._mNDetails.loadTag(“762221962”, “300×250”, “762221962”);
catch (error) {}

Pierluigi Paganini

(SecurityAffairs – Apple, privacy)

The post Privacy advocates criticize Apple for sharing some users browsing data with Tencent appeared first on Security Affairs.