Apple has silently included a new line in its Privacy & Security tab under Safari where it indicates that it will be sending browser data to the Chinese tech giant, Tencent. The information was first noticed when the latest iOS software update recently launched.
It is not a secret that Apple’s Safari browser has been sending data to Google Safe Browsing to employ its Fraudulent Website Warning feature. This security helps protect Apple users from phishing scams and the like. Notably, Apple itself doesn’t maintain its own list of fraudulent websites, and so, it relies on Google for most of the world’s websites.
However, what critics have recently noticed is that Apple is not only sending data to Google, and it now appears that Tencent gets a piece of this information too. Users have discovered details in the latest update for iOS 13. Some, however, noted that Apple has been sending data to Tencent since earlier versions like iOS 12.2.
As part of that service, when checking if a website is fraudulent or not, Apple may send the IP address of the user to Tencent.
Apple admits sending user IP addresses to Tencent in the “About Safari & Privacy” section of its Safari settings which can be accessed by opening the Settings app and then selecting “Safari > About Privacy & Security” under the title “Fraudulent Website Warning.”
The exact text says: “Before visiting a website, Safari may send information calculated from the website address to Google Safe Browsing and Tencent Safe Browsing to check if the website is fraudulent. These safe browsing providers may also log your IP address.”
Reasonably, Apple employs Tencent as a way to cater to its Chinese users — given that the country is Communist governed. It is also not clear at this stage whether Tencent collects any information outside of China.
Apple has long positioned itself as a privacy-first company, leveraging it against other smartphone manufacturers because unlike most tech leaders, it develops its own software.
Another perspective raising the concern is that Apple included the feature by default and have neglected to explicitly include information regarding the limitations of the information sent and used by Tencent.
All of which, fueled by the on-going press cycle concerning Chinese influence over U.S. tech companies in general (and apple in particular,) has raised some concerns. Recently, people have criticized Apple’s decision to remove a Hong Kong protest app and Blizzard’s ban on a pro-Hong Kong Hearthstone player.
In particular, the concern revolves over Tencent’s close ties with the Chinese government. Furthermore, the concern fears over the possibility that China may use Tencent to exploit the data given by Apple for surveillance or other nefarious ends.
This could potentially be a threat because an IP address can reveal a user’s location and can even be used to profile users across devices. Once Tencent logs the IP address of an iPhone or iPad user through its Safe Browsing service, this information could potentially be used to identify the owner of the device by searching for instances of the IP address across Tencent’s other services or by linking site requests.
For now, you have the option to turn Fraudulent Website Warning (in Settings > Safari), as long as, you’re willing to accept less vigilance and warnings from the Safari browser.