Safari in iOS sends some Safe Browsing data to Tencent

Apple’s Safari browser has long sent data to Google Safe Browsing to help protect against phishing scams using its Fraudulent Website Warning feature, but it now appears Chinese tech giant Tencent gets some information as well. Users have discovered that iOS 13 (and possibly versions starting from iOS 12.2) sends some data to Tencent Safe Browsing in addition to Google’s system. It’s not clear at this stage whether Tencent collects any information outside of China — you’ll see mention of the collection in the US disclaimer, but that doesn’t mean it’s scooping up info from American web surfers.

The concern, as you might imagine, revolves over what Tencent might do with that data. Both Google and Tencent may log IP addresses in order for their anti-phishing systems to work, but Tencent’s frequent cooperation with the Chinese government raises concerns that its data could be used for surveillance or other nefarious ends. Johns Hopkins University professor Matthew Green noted that a malicious provider could theoretically use Google’s Safe Browsing approach to de-anonymize someone by linking site requests. So long as Tencent’s method is similar, it could have a way to identify users if the Chinese government pressures it to reveal dissidents.

We’ve asked Apple for comment.

You can turn Fraudulent Website Warning off (in Settings > Safari) as long as you’re willing to accept less vigilance against sketchy pages. The issue is really that Apple activates the feature by default without alerting users, and that it doesn’t specify just where Tencent operates. It doesn’t help that users are worried about China’s influence on tech, either. Between Apple’s decision to remove a Hong Kong protest app and Blizzard’s ban on a pro-Hong Kong Hearthstone player, it may be hard for Apple and Tencent to escape scrutiny regardless of their behavior.

[Read More…]