Apple Safe Browsing and How to Use It
January 13 , 2021 Posted by Admin
Using the stock Safari web browser on many versions of iOS means that your IP address data is being sent to Google by default, or to Tencent if you are in mainland China. While all readers will know what Google is, they might not be aware of the entity that is Tencent. Tencent is the Chinese equivalent to Facebook, and they are the owners of the popular Chinese messaging app WeChat. Many users might find it disturbing that they regularly work together with the Chinese government in order to exchange data of its users. So, whether it’s Google collecting that data, or Tencent, people would want to find a way to stop this breach of privacy.
The Safari web browser is the default browser for devices that run iOS, and therefore a large portion of people using smart devices are using it by default. To get an idea of the margin of usage, according to stats, over half of the smartphone users in the United States use an iOS device. Now if you use this browser, odds are that you might have skipped over the Privacy and Protection section of their disclaimer. In short, the statement claims that the browser’s inbuilt “Fraudulent Website Warning Service” allows the browser to send information that is gained from your accessing a website, and using it to check if the web address appears in the fraudulent site list from either Google or Tencent. They warn users that using this service allows these companies to log your IP address, which might not be an issue for many, but for some it might not be worth the risk.
According to Apple, the aim of the company is to provide a safe and secure browsing experience, and that is why they developed this security feature. According to these sources, Safari uses these lists to check for possibly misleading malicious websites, which might harm the user’s device, or compromise the security of the device. Therefore, it regularly asks for these lists from Google and Tencent, so that it can be kept up to date on any new such websites.
Now, all of this data is being shared by default, even if you try to get around it by using other web browsers. If you are someone that provides iOS app development service, you know that whenever an app on an iOS device would try to view a web page, it would do so by using an inbuilt version of Safari, which defeats the purpose of using other browsers. So, the only way to do this is to stop the process itself. To do this, you need to disable the option for the “Fraudulent Website Warning”, which would stop these sites from collecting your data, at the expense of making your device more vulnerable to phishing and other malicious attacks.
Disabling Fraudulent Website Warnings in Safari Browser:
The process to disable that feature is quite simple, and consists of just two steps that barely take a few seconds to complete. The first step is to go to settings on your iOS device, and select the option for “Safari”. Then we scroll down till we find the toggle that reads “Fraudulent Website Warning”, and tap it to the off position. And there you go, you are all set with stopping this feature on your Safari app.
But another question that you might be thinking is, that in today’s scenario, what actually means by “Safe Browsing”. Well, we have compiled together the information that might help you understand this confusing phenomenon.
Safe Browsing in Today’s World:
Safe browsing is a very vague term, especially nowadays. You cannot be sure what exactly means by the term, because many features and protocols that might be projected as essential for the safe browsing experience, might be considered a breach of privacy and a threat to their online habits by many others.
The Fraudulent Website Warning service used in the Safari browser makes use of the Google Safe browsing for most of the world, except for china which is covered by Tencent’s safe browsing. Though it was initially developed by Google, many others have tried replicating it successfully, like Tencent.
Its use is quite interesting, and frankly was initially designed to help its users. Many web app development users have come across web addresses that might be malicious or phishing scams, either unknowingly or by unintentional page redirect. What Google does is that it keeps a list of such web addresses and tries to keep itself up-to-date with any new ones that might surface. Checking a user’s web request against its list for any known malicious activity allows Google to protect its users from visiting web pages that might harm their system, or make them vulnerable, by giving us a warning that the address we seek has been reported to be suspicious, and giving us the option to go back. It also allows us to visit the web address despite being warned, in case the page has been wrongfully marked or its users requires a visit to the site.
The process that entails this entire cycle is explained below.
- i) First, the address of each malicious site is converted into a SHA265 hash code, which is then trimmed down to a 32-bit number before saving it in the database, so that it takes up less storage.
- ii) Next, the compiled data consisting of these hashes is sent to your device’s browser, either on PC or on a mobile device.
- iii) Third, every time after receiving that list you visit a website, your web browser will first convert it into a hash code, and the resultant code’s first 32 bits will be compared with the list to check whether it matched with any entry.
- iv) In case your requested site’s hash code’s prefix matches with an entry on the list, the browser will then request the full code list from Google servers. This list contains the complete SHA256 codes of all suspected sites, and it will be used to compare and find the exact site that matches your request.
That is how this entire process is performed by Google, and presumably Tencent does it the same way as well, where instead of Google receiving the hash codes to check for possible options, its Tencent that is fulfills that part.
Now, theoretically this entire process should not only be safe, but quite anonymous as well. That is because instead of the actual web address, the servers are receiving the hash code. But some network specialists and researchers think that it is possible to make out the actual user by analyzing the multitudes of hash requests sent by that user. This could be a problem, especially when an average user spends a great part of their day online.
Now this isn’t just an issue with the Safari browser in iOS. In fact nearly all browsers such as Firefox, GNOME browsers and many more use Google’s Safe browsing service, especially the Google Chrome web browser, which is a Google Product itself. So, if you are wary of this service and think it is a security risk, then you have only two options. Either find out how to turn it off in the browser of your choice, or look for a web browser that does not make use of this service.
This is a gray area, in our opinion, as being safe from malicious sites might be a fair trade-off for many users to give away their network addresses, but for others it might be a serious breach of privacy and a serious security risk. So now that you know the entire narrative, the burden of decision is entirely on you, depending on your school of thought.
If you are looking for reliable iOS app Development Company, then be sure to visit App Development Pros. Their expert developers are always present to guide you on the best way to have your app developed, so that it maximizes the benefits that you aim to reap from the app.