Apple’s Fraudulent Website Warning is designed to alert you when you’re about to visit a website that is known to host malware, or that is believed to be a phishing site. Previously, that check consulted a database hosted on a Google server, but as of iOS 14.5 it instead uses an Apple proxy to better protect user privacy.
That adds an extra layer of privacy to the protection Apple was already employing …
When Google crawls the web, it also checks the sites it indexes for malware. When a site is found to host malware, it’s added to a database of sketchy sites. Additionally, Google uses statistical models to identify suspected phishing sites and adds those to the database too.
Chrome checks this database every time you visit a website. If a URL is on the list, Chrome displays a warning and asks you whether you really want to visit the site.
Apple uses the same database, taking steps to ensure that Google never sees the URL you were trying to visit, but cautioning that Google may log your IP address.
When Fraudulent Website Warning is enabled, Safari will display a warning if the website you are visiting is a suspected phishing website. Phishing is a fraudulent attempt to steal your personal information, such as user names, passwords, and other account information. A fraudulent website masquerades as a legitimate one, such as a bank, financial institution, or email service provider.
Before visiting a website, Safari may send information calculated from the website address to Google Safe Browsing to check if the website is fraudulent. For users with China mainland set as their region in Settings > General > Language and Region, Safari may also use Tencent Safe Browsing to do this check. The actual website address is never shared with the safe browsing provider. These safe browsing providers may also log your IP address when information is sent to them.
Apple’s Fraudulent Website Warning in iOS 14.5
Apple has beefed-up its privacy protections as of iOS 14.5. The 8-Bit explains how this works:
According to Apple, before visiting a website, Safari may send hashed prefixes of the URL (Apple terms it “information calculated from the website address”) to Google Safe Browsing to check if there’s a match.
Since Apple uses a hashed prefix, Google cannot learn which website the user is trying to visit. Up until iOS 14.5, Google could also see the IP address of where that request is coming from. However, since Apple now proxies Google Safe Browsing traffic, it further safeguards users’ privacy while browsing using Safari.
Apple’s WebKit head Maciej Stachowiak said on Twitter that the site’s original explanation wasn’t quite right, but confirmed that the core claim – that Apple now uses its own copy of the database, held on Apple servers – is correct. The 8-bit subsequently corrected its explanation.
Apple is in the middle of a high-profile privacy battle over app privacy labels and upcoming requirements for apps to seek user permission for ad-tracking. On the former, some apps seem to be evading the requirements to declare the identifiable data they capture by avoiding updates. Google, for example, temporarily ceased updating a number of its apps when the requirement came into effect – something that led to some issues yesterday.
On the latter, Facebook went as far as taking out full-page newspaper ads attacking Apple, and unconvincingly claiming to be standing up for small businesses rather than its own ad revenue. A Harvard analysis found Facebook’s numbers to be misleading.
FTC: We use income earning auto affiliate links. More.