Safari on iOS 14.5 will proxy 'Safe Browsing' feature through Apple's servers to protect privacy while browsing the web
The internet can be a dangerous place if one is not careful enough and there are several sites designed specifically to trick users into parting with their personal information and financial details. Google’s Safe Browsing project, launched in 2007, is a list of malicious URLs which all major browsers rely on to protect their users, including Apple’s Safari. However, a new report states that Apple has decided to make that security feature more privacy-friendly, in the latest beta.
If you look at your Safari settings, you’ll notice a feature called Fraudulent Website Warning, which basically relies on Google’s Safe Browsing database, a feature that is also present on Mozilla’s Firefox, Microsoft Edge, Opera and Vivaldi. When you navigate to a certain URL, such as tech.hindustantimes.com, Safari will check it against Google’s list of malicious sites and accordingly warn you, asking if you want to continue browsing.
Google might not be able to tell what a user is looking up, because Safari only sends a ‘hashed’ value of the webpage to the company’s Safe Browsing service. But that service could log the IP address you’re connecting from, which can be considered a form of data leak. In order to mitigate this privacy risk, Maciej Stachowiak, head of engineering of WebKit (the engine that powers Safari) confirmed that the browser would now proxy the entire Safe Browsing feature through their servers.
As pictured above, Reddit user u/StijnJB_ posted an image of his NextDNS logs showing requests made by Safari to the URLs proxy.safebrowsing.apple and token.safebrowsing.apple. After updating to iOS 14.5 beta, which is currently being tested before its eventual release. iOS 14.5, which is set to roll out in the coming weeks looks to be quite the upgrade in terms of privacy. From mandatory tracking consent requests (app transparency) to the proxied Safe Browsing service, Apple seems hard at work bringing new privacy features to its customers.