BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

An Ex-DOD Hacker Raises $20 Million To Stop ChatGPT-Fueled Cyberattacks
Tech Firms Pledge To Eliminate AI-Generated CSAM
Taser Company Axon Is Selling AI That Turns Body Cam Audio Into Police Reports
European Commission Launches Another TikTok Probe
Election 2024: Championing Proactive Cybersecurity To Fortify National Security
Malvertising Slips Through: Boosting Digital PR And Ad Safety Is Vital
Edit Story
ForbesInnovationCybersecurity

Apple Issues Response To Latest China Backlash (Updated)

Zak Doffman
Contributor
Opinions expressed by Forbes Contributors are their own.
I cover security and surveillance
Following
This article is more than 4 years old.

Apple has found itself in the middle of another storm in a China teacup, this one relating to the company’s inclusion of a Chinese company’s safe browsing service within its Safari web browser. The issue came to the fore when Reclaim The Net published an article on October 10 which warned that “it’s been discovered that Apple, which often positions itself as a champion of privacy and human rights, is sending some IP addresses from users of its Safari browser on iOS to Chinese conglomerate Tencent—a company with close ties to the Chinese Communist Party.”

Apple uses Tencent for users inside China and Google everywhere else. “It’s unclear when Apple started allowing Tencent and Google to log some user IP addresses,” Reclaim The Net had said, “but one Twitter user reported seeing this change to Safari as early as the iOS 12.2 beta in February 2019. Safari is the default browser on iOS devices... Even if people install a third-party browser on their iOS device, viewing web pages inside apps still opens them in an integrated form of Safari called Safari View Controller... forcing people back into Safari make it difficult for people to avoid the Safari browser completely when using an iPhone or iPad.”

There’s actually little technical substance here—the inclusion of Tencent’s Safe Browsing is old news, and has been in the public domain since 2017. Apple has also confirmed that this only impacts Chinese iOS users, explaining in a statement that to deliver safe browsing, “Safari receives a list of websites known to be malicious from Google, and for devices with their region code set to mainland China, it receives a list from Tencent. The actual URL of a website you visit is never shared with a safe browsing provider and the feature can be turned off.”

But, unsurprisingly, the original article prompted the usual Apple China backlash, with users taking to the internet to share their intent to turn off safe browsing. Others sensibly dismissed the dangers—almost all of which are ambiguous. Ultimately, though, the very real risk is that a theoretical issue of data being shared with China could see users turn off defences against the very real issue of phishing scams.

Safe browsing is intended to do no more than warn users when they try to visit a suspected phishing site—as Apple explains, it helps prevent users visiting a fraudulent website which “masquerades as a legitimate one, such as a bank, financial institution or email service provider.” The issue, though, is that “before you visit a website, Safari may send information calculated from the website address to Safe Browsing providers to check if the website is fraudulent.” And for users in China, one of those providers is Tencent, a conglomerate that is very much inside Beijing’s circle of trust.

MORE FOR YOU

Apple iPhone 16: Unique All-New Design Promised In New Report

Huawei s Pura 70 Ultra Beats iPhone With Pioneering New Feature

Meet The Fintech Billionaire Making A Fortune Rewarding Home Renters

Tencent is accused of supporting surveillance activities within China, with the likes of QQ and WeChat allegedly supporting state monitoring to varying levels. And along with fellow Chinese giants Baidu and Alibaba, Tencent is a major investor in the surveillance tech industry, several entities from which have recently been blacklisted by the U.S. government for “human rights violations” against the minority Uighur Muslim population in the country's Xinjiang region.

For users inside China this issue could be a concern, consistent with allegations that Apple can be pushed around by Beijing. “IP addresses can reveal user locations and be used to profile users across devices,” Reclaim The Net explains. “If Tencent logs the IP address of an iPhone or iPad user through its Safe Browsing service, this information could potentially be used to identify the owner of the device by searching for instances of the IP address across Tencent’s other services.”

But the article quickly prompted a backlash on Reddit, with one user complaining that “the article is not only wrong, it is dangerous—already you can see people who don't understand this who will turn this off and expose themselves to dangers, without any meaningful gain in privacy.”

So what’s the risk here? If you’re not in China, then there is no issue. And if you are in China, there is a chance that such data is already collected and used. Most people in China believe the state tracks online activity anyway—this is not new news.

But the real issue here is for Apple. It’s another day another headline implying that the company is compromising its own standards and user privacy protections to benefit the Chinese state. And for the U.S. tech giant that is an issue, because quite apart from this issue there is substance to its troubled stance on China. And so while this backlash might be undeserved, the big picture needs addressing by Apple, and fast.

I’m not including instructions on turning off safe browsing here because to do so would be irresponsible.

Updated later on October 14 with Apple clarification.

Follow me on Twitter or LinkedIn
Zak Doffman
Zak Doffman