Safari in iOS and iPadOS 14.5 further limits the risk of information leak by proxying safe-browsing services via Apple servers to prevents user data from being returned to Google.
Maciej Stachowiak, Apple’s head of WebKit, has confirmed on Twitter that Safari in iOS 14.5 users a copy of Google’s Safe Browsing database that’s hosted on Apple’s own servers. Doing so helps further safeguard users’ privacy while using the company’s Safari browser.
How Safe Browsing works
Google Safe Browsing powers Apple’s Fraudulent Website Warning feature in Safari, which was designed to alert you when the site you’re about to visit is a suspected phishing website, a fraudulent website that masquerades as a legitimate one or a website that hosts malware.
The Safari & Privacy document on the Apple website states that Safari may use the Google Safe Browsing feature to determine if a website is fraudulent.
Before vs. after
The 8-Bit explains that Safari sends a hashed version of the URL to Google Safe Browsing to check if it’s a suspected fraudulent website. While the actual website address is never shared with the safe-browsing provider (it’s sent in an encoded form), Apple acknowledges that safe-browsing providers may log your IP address when information is sent to them.
This article is a bit confused on the details of how Safe Browsing works, but in the new iOS beta, Safari does indeed proxy the service via Apple servers to limit the risk of information leak.https://t.co/TlDZNMO8do
— othermaciej (@othermaciej) February 11, 2021
With the change in iOS 14.5, Safari no longer pings the Safe Browsing database hosted on Google’s server. Rather, it uses an Apple proxy along with a copy of a database hosted on its own servers. This effectively stops user data from being returned to Google.
And when can I use this feature?
Apple is currently testing iOS 14.5 and iPadOS 14.5 with its registered developers and public beta testers. The updates are currently at beta 1, which Apple released last week. There will be at least a couple more betas before Apple declares so-called release candidates. As for when the general public might be able to enjoy the new featurs, the updates are dropping this spring.
No, we don't send URLs to the server, that would obviously be crazy bad, even with a proxy. The article seems confused about how the flow works.
— othermaciej (@othermaciej) February 11, 2021
We need to point out that Apple might ultimately drop this new Dsafari feature from shipping versions of iOS 14.5 and iPadOS 14.5. It wouldn’t be the first time a new feature was present in an iOS beta release only to mysteriously disappear from the commercial release.
Safari’s Fraudulent Website Warning feature
At present, there’s no user-facing switch available to tell Safari to proxy the Google Safe Browsing service. It seems to be one of those under-the-hood features that work on autopilot to protect user privacy. However, you can disable Apple’s Fraudulent Website Warning feature.
To do so, venture into Settings → Safari on your device, then slide the switch labeled “Fraudulent Website Warning” to the OFF position. With the feature disabled, Safari will no longer flags websites known to be malicious in nature.
You’re wholeheartedly recommended to keep this helpful feature turned on. Doing so will ensure you receive a warning before visiting a fraudulent website that masquerades as a legitimate one, such as a bank, financial institution or your email service provider.
Other new Safari features in iOS 14.5
Safari in iOS 14.5 is also getting support for third-party extensions that will allow you to customize your New Window and New Tab pages. And with its App Tracking Transparency initiative, apps will need to seek user permission for tracking across other apps and websites.
To make accessing your saved Safari passwords easier on non-Apple platforms, the company has now released the iCloud Passwords extension for the Windows version of Chrome.
Google and Apple also continue to play a game of cat and mouse in terms of Picture-in-Picture support for YouTube videos in Safari. The current iOS 14.5 beta has now reinstated PiP support for YouTube videos in Safari, but it probably won’t last long as Google has gone to great lengths to disable the feature before.