How Safari in iOS 14.5 limits which personal data Google sees about you

Safari in iOS and iPadOS 14.5 further limits the risk of information leak by proxying safe-browsing services via Apple servers to prevents user data from being returned to Google.

Maciej Stachowiak, Apple’s head of WebKit, has confirmed on Twitter that Safari in iOS 14.5 users a copy of Google’s Safe Browsing database that’s hosted on Apple’s own servers. Doing so helps further safeguard users’ privacy while using the company’s Safari browser.

How Safe Browsing works

Google Safe Browsing powers Apple’s Fraudulent Website Warning feature in Safari, which was designed to alert you when the site you’re about to visit is a suspected phishing website, a fraudulent website that masquerades as a legitimate one or a website that hosts malware.

An image showing a Safari logo set against a white background

The Safari & Privacy document on the Apple website states that Safari may use the Google Safe Browsing feature to determine if a website is fraudulent.

Before vs. after

The 8-Bit explains that Safari sends a hashed version of the URL to Google Safe Browsing to check if it’s a suspected fraudulent website. While the actual website address is never shared with the safe-browsing provider (it’s sent in an encoded form), Apple acknowledges that safe-browsing providers may log your IP address when information is sent to them.

With the change in iOS 14.5, Safari no longer pings the Safe Browsing database hosted on Google’s server. Rather, it uses an Apple proxy along with a copy of a database hosted on its own servers. This effectively stops user data from being returned to Google.

And when can I use this feature?

Apple is currently testing iOS 14.5 and iPadOS 14.5 with its registered developers and public beta testers. The updates are currently at beta 1, which Apple released last week. There will be at least a couple more betas before Apple declares so-called release candidates. As for when the general public might be able to enjoy the new featurs, the updates are dropping this spring.

We need to point out that Apple might ultimately drop this new Dsafari feature from shipping versions of iOS 14.5 and iPadOS 14.5. It wouldn’t be the first time a new feature was present in an iOS beta release only to mysteriously disappear from the commercial release.

Safari’s Fraudulent Website Warning feature

At present, there’s no user-facing switch available to tell Safari to proxy the Google Safe Browsing service. It seems to be one of those under-the-hood features that work on autopilot to protect user privacy. However, you can disable Apple’s Fraudulent Website Warning feature.

An iPhone screenshot showing the Security & Privacy section of the Safari settings with the Fraudulent Website Warning feature switched on

To do so, venture into Settings → Safari on your device, then slide the switch labeled “Fraudulent Website Warning” to the OFF position. With the feature disabled, Safari will no longer flags websites known to be malicious in nature.

You’re wholeheartedly recommended to keep this helpful feature turned on. Doing so will ensure you receive a warning before visiting a fraudulent website that masquerades as a legitimate one, such as a bank, financial institution or your email service provider.

Other new Safari features in iOS 14.5

Safari in iOS 14.5 is also getting support for third-party extensions that will allow you to customize your New Window and New Tab pages. And with its App Tracking Transparency initiative, apps will need to seek user permission for tracking across other apps and websites.

To make accessing your saved Safari passwords easier on non-Apple platforms, the company has now released the iCloud Passwords extension for the Windows version of Chrome.

Google and Apple also continue to play a game of cat and mouse in terms of Picture-in-Picture support for YouTube videos in Safari. The current iOS 14.5 beta has now reinstated PiP support for YouTube videos in Safari, but it probably won’t last long as Google has gone to great lengths to disable the feature before.