Google in hot water after allegedly bypassing Apple’s Safari browser privacy settings

Google is facing an inquest after having allegedly been caught bypassing Apple’s Safari web browser privacy settings on iPhone, iPad, and Mac. Google gets the big headline, of course, but Vibrant Media Inc., WPP PLC's Media Innovation Group LLC and Gannett Co.'s PointRoll advertising companies were all named in the report for tracking the web browsing habits of Safari and Safari Mobile users even when users have opted out of such tracking via Safari's cookie settings. According to the Wall Street Journal, Google and the other advertising companies used a special code that tricked Apple’s Safari browser into providing information even though it should have blocked it.

The Google code was spotted by Stanford researcher Jonathan Mayer and independently confirmed by a technical adviser to the Journal, Ashkan Soltani, who found that ads on 22 of the top 100 websites installed the Google tracking code on a test computer, and ads on 23 sites installed it on an iPhone browser.  The technique reaches far beyond those websites, however, because once the coding was activated, it could enable Google tracking across the vast majority of websites

Google issued a statement to the WSJ claiming that it had mischaracterized what had happened and claimed Google had used known Safari functionality to provide features that signed-in Google users had enabled.

Google has since disabled the rogue code after being contacted by The Wall Street Journal. WebKit, the open-source browser engine that powers Safari (as well as Google's Chrome browser) already has a fix in place to prevent the work around, and Apple should be rolling that out to iOS users in a future update.

An Apple official said: "We are working to put a stop" to the circumvention of Safari privacy settings.

This bypass seems specific to Safari because, according to one of the advertisers, no other major web browser blocks their tracking by default. (Which should make any Chrome, Firefox, etc. users race to their settings post haste.)

This should also serve as yet another reminder not to believe companies by the words, but by their deeds. "Don't be evil" or "we care about every customer" is easy to say, and as technology enthusiasts we're predisposed to believe and even vigorously defend the companies we love. But they're big, they're out to make money, and as advertising revenue increases, we become their products, not their customers.

Were you surprised by this news? Is Google getting more of the attention than they deserve because they have the biggest name? How do you feel about companies bypassing Apple's tracking protection?

Source: WSJ


UK editor at iMore, mobile technology lover and air conditioning design engineer.

  • "Google in hot water after allegedly bypassing Apple’s Safari browser privacy settings to track users for advertising" - Yeah... and Facebook was one of them too, yet Google gets the bash.
  • Facebook never promised to not be evil, only Google did...we are just holding them to the standards that THEY promised to uphold.
  • I am not at all surprised. This notion that Google is not evil is a lot of malarkey. Wake up, people.
  • lol I like how you people talk a lot of crap about Google, yet use Facebook daily. I just hope all you people know that FB does a lot more dirty crap behind your backs.
    "Google has since disabled the rogue code after being contacted by The Wall Street Journal." - I wounder if FB disabled it, I doubt it.
  • But in the recent news about privacy, google stated, we do not do that. Guess what, they do, so does everyone else. That is the real problem, and how to control it.
  • What does the article mean by "Google is facing an inquest...". An inquest by whom? Apple? The government?
  • So hold on.... There was/is a security flaw in Apple's software (iOS Safari) - But Google is to blame? :-)
  • No. Safari never had a security flaw, in this case, Google is abusing a component of Safari/WebKit privacy settings, that has a legitimate usage, in order to allow themselves to gather data, even though the user has selected that they don't wish for Google to obtain that data.
  • I wonder if none of the other browsers were targeted because they only cared about what iOS and Mac customers surfed to. I'm sure they had some plan to use this info against Apple at some point.
  • Like I have written here before, I try to minimize my exposure to Google as much as practical. I refuse to use Goggle+, gmail, Google calendar, Android, etc. Why? Because, as a security professional, I have seen that Google is a black hole when it comes to information gathering; this has been abundantly evident by their actions. They constantly push the envelope to see how far they can go without getting caught, and (supposedly) stop only when called on their activities. This is really sad, because they really do produce very cool and useful tools, yet I cannot use them for lack of trust.
    On a side note, this is why I refuse to jailbreak my iPhone, it opens my precious data up to risks that I am simply not willing to accept. There are many cool and wonderful things available to those who do jailbreak their phones, and again it makes me sad that I cannot partake of them. If the Google/Android ecosystem sincerely took privacy and security seriously, then I MIGHT reevaluate. Until then, I stay away, of my own choice.
  • iphone users are more at risk than android users. Do you research. There's more fraudulent actions committed on somebodies iAccount than anything to do with google. nice try.
  • He's a security professional...and you don't think he has done his research...sheesh... Why do I trust Mr. Sheaver 's words much more than your flaming post (which offers no proof whatsoever)...yeah, read it in an article on the net, which of course makes your words the absolute Mr. Sheaver is working in this field and most likely has access to info that you probably don't have...So I'll put my money on Mr. Sheaver...Oh, and please read the article above for proof that you're clearly wrong ! Thanks :)
  • Not evil they say. If this had been Microsoft people would be swarming Redmond with pitch forks and torches and it would be on the front page of every news outlet. So far the WSJ and TiBb are the only places I've seen this mentioned. Lame.
  • Google - "Don't be evil"
    Apple - "We care about every (slave) worker in our supply chain." (sic)
    That about sums it up. But nice try with the moral equivalency argument.
  • Apple = Slave labor cause HP and Dell use the same Foxconn plant but their not Apple so I don't have to hate them.
  • Actually after some checking, Dell uses FOXCONN but HP doesn't. I'll grant you they are no better. However...
    Are they making the obscene profits & charging obscene prices for their tech Apple is? Apple can afford to do better.
    Fact is Steve Jobs put institutional greed into Apples DNA. The management team in place are his hand picked lackeys & will continue that legacy. And yes it's way more evil than somebody having a false expectation of privacy on the internet our a smart phone.
  • Is greed evil? There is no good and evil, only choices. Greed is damaging. Gathering information aginst people's will is a violation. At least the premise of Facebook is to share some personal information with the public. That is not the case with web browsing, email, etc.. In this case, Google is the biggest villian. We can vote with our feet when we've had enough.
  • I'll take a good OPEN os any day rather than "innovative" cop offs of other peoples work.
  • Google agreed with the FTC not to spy on users. Fine is 16K per instance according to their agreement.
  • I don't excuse big govt either. They go hand in hand. Big govt makes the rules big business abuses.
    At the expense of fair competition &a lvl playing field for workers & consumers. You are right... That is obscene. Glad we agree.
  • Hi there, You've done an excellent job. I'll certainly digg it and individually recommend to my friends. I'm confident they will be benefited from this website.
  • Hello there, just was alert to your blog through Google, and located that it's truly informative. I am going to watch out for brussels. I’ll be grateful when you proceed this in future. Many other folks will be benefited from your writing. Cheers!
  • Hi Michael, great roundup post, and for the plug! I'll give this one a push where I can.