Apple Safe Browsing and How to Use It

January 13 , 2021 Posted by Admin

Using the stock Safari web browser on many versions of iOS means that your IP address data is being sent to Google by default or to Tencent if you are in mainland China. While all readers will know what Google is, they might not be aware of the Tencent entity. Tencent is the Chinese equivalent of Facebook, which owns the popular Chinese messaging app WeChat. Many users might find it disturbing that they regularly work with the Chinese government to exchange data of its users. So, whether it’s Google collecting that data or Tencent, people would want to find a way to stop this breach of privacy.

Safari Browser:

The Safari web browser is the default browser for devices that run iOS, and therefore, many people using smart devices are using it by default. To get an idea of the margin of usage, according to stats, over half of the smartphone users in the United States use an iOS device. Now, if you use this browser, you might have skipped over the Privacy and Protection section of their disclaimer. In short, the statement claims that the browser’s inbuilt “Fraudulent Website Warning Service” allows the browser to send information that is gained from your accessing a website and using it to check if the web address appears in the fraudulent site list from either Google or Tencent. They warn users that using this service allows these companies to log their IP address, which might not be an issue for many, but for some, it might not be worth the risk.

According to Apple, the aim of the company is to provide a safe and secure browsing experience, and that is why they developed this security feature. According to these sources, Safari uses these lists to check for possibly misleading malicious websites, which might harm the user’s device or compromise the security of the device. Therefore, it regularly asks for these lists from Google and Tencent so that it can be kept up to date on any new such websites.

Now, all of this data is being shared by default, even if you try to get around it by using other web browsers. Suppose you are someone who provides iOS mobile app development services. In that case, you know that whenever an app on an iOS device tries to view a web page, it does so by using an inbuilt version of Safari, which defeats the purpose of using other browsers. So, the only way to do this is to stop the process. To do this, you need to disable the option for the “Fraudulent Website Warning”, which would stop these sites from collecting your data at the expense of making your device more vulnerable to phishing and other malicious attacks.

Disabling Fraudulent Website Warnings in Safari Browser:

Disabling that feature is quite simple and consists of just two steps that barely take a few seconds to complete. The first step is to go to settings on your iOS device and select the option for “Safari.” Then we scroll down till we find the toggle that reads “Fraudulent Website Warning” and tap it to the off position. And there you go, you are all set to stop this feature on your Safari app.

But another question you might be thinking is, in today’s scenario, what is “Safe Browsing”? Well, we have compiled together the information that might help you understand this confusing phenomenon.

Safe Browsing in Today’s World:

Safe browsing is a very vague term, especially nowadays. You cannot be sure what exactly means by the term because many features and protocols that might be projected as essential for the safe browsing experience might be considered a breach of privacy and a threat to their online habits by many others.

The Fraudulent Website Warning service used in the Safari browser uses Google Safe browsing for most of the world, except for China, which is covered by Tencent’s safe browsing. Though it was initially developed by Google, many others have tried replicating it successfully, like Tencent.

Its use is quite interesting, and frankly, it was initially designed to help its users. Many web app development users have come across web addresses that might be malicious or phishing scams, either unknowingly or by unintentional page redirect. What Google does is that it keeps a list of such web addresses and tries to keep itself up-to-date with any new ones that might surface. Checking a user’s web request against its list for any known malicious activity allows Google to protect its users from visiting web pages that might harm their system or make them vulnerable by giving us a warning that the address we seek has been reported to be suspicious, and giving us the option to go back. It also allows us to visit the web address despite being warned in case the page has been wrongfully marked or its users require a visit to the site.

The process that entails this entire cycle is explained below.

•  i) First, the address of each malicious site is converted into a SHA265 hash code, which is then trimmed down to a 32-bit number before saving it in the database so that it takes up less storage.
•  ii) Next, the compiled data of these hashes is sent to your device’s browser, either on a PC or mobile device.
•  iii) Third, every time after receiving that list you visit a website, your web browser will first convert it into a hash code, and the resultant code’s first 32 bits will be compared with the list to check whether it matches any entry.
•  iv) If your requested site’s hash code’s prefix matches with an entry on the list, the browser will then request the full code list from Google servers. This list contains the complete SHA256 codes of all suspected sites, and it will be used to compare and find the exact site that matches your request.

That is how this entire process is performed by Google, and presumably, Tencent does it the same way as well, where instead of Google receiving the hash codes to check for possible options, Tencent fulfills that part.

Now, theoretically, this entire process should not only be safe but quite anonymous as well. That is because instead of the actual web address, the servers are receiving the hash code. However, some network specialists and researchers think it is possible to determine the actual user by analyzing the multitudes of hash requests sent by that user. This could be a problem, especially when an average user spends much of their day online.

Now, this isn’t just an issue with the Safari browser in iOS. In fact, nearly all browsers, such as Firefox, GNOME browsers, and many more, use Google’s Safe browsing service, especially the Google Chrome web browser, which is a Google Product itself. So, if you are wary of this service and think it is a security risk, then you have only two options. Either find out how to turn it off in the browser of your choice or look for a web browser that does not use this service.

This is a gray area, in our opinion, as being safe from malicious sites might be a fair trade-off for many users to give away their network addresses. Still, for others, it might be a serious breach of privacy and a serious security risk. So now that you know the entire narrative, the burden of decision is entirely on you, depending on your school of thought.

If you are looking for a reliable iOS app Development Company, then be sure to visit AppDevelopmentPros. Their expert developers are always present to guide you on the best way to have your app developed so that it maximizes the benefits that you aim to reap from the app.

Also Read: 5 Best Online Resources For IOS App Development