Apple’s Fraudulent Website Warning is designed to alert you when you are about to visit a website that is known to host malware or is believed to be a phishing website. Previously, this scan queried a database hosted on a Google server, but as of iOS 14.5, instead, it uses an Apple proxy to better protect user privacy.
This adds an extra layer of privacy to the protection that Apple was already employing …
Background
When Google crawls the web, it also checks the sites it indexes for malware. When a website hosts malware, it is added to a database of incomplete websites. In addition, Google uses statistical models to identify suspected phishing sites and also adds them to the database.
Chrome checks this database whenever you visit a website. If a URL is in the list, Chrome displays a warning and asks if you really want to visit the site.
Apple uses the same database, taking steps to ensure that Google never sees the URL you are trying to visit, but warning that Google may register your IP address.
When the Fraudulent Website Warning is enabled, Safari will display a warning if the website you are visiting is a suspected phishing website. Phishing is a fraudulent attempt to steal your personal information, such as usernames, passwords and other account information. A fraudulent website masquerades as a legitimate one, like a bank, financial institution or email service provider.
Before visiting a website, Safari can send information calculated from the website’s address to Google Safe Browsing to check if the website is fraudulent. For users with Mainland China defined as their region in Settings> General> Language and Region, Safari can also use Tencent Safe Browsing to perform this check. The actual address of the website is never shared with the safe browsing provider. These secure browsing providers can also register your IP address when information is sent to them.
Apple fraudulent website warning on iOS 14.5
Apple has strengthened its privacy protections starting with iOS 14.5. The 8 bits explains how this works:
According to Apple, before visiting a website, Safari can send hashed prefixes of the URL (Apple calls it “information calculated from the website’s address”) to Google Safe Browsing to check for a match.
Since Apple uses a hashed prefix, Google cannot figure out which website the user is trying to visit. Until iOS 14.5, Google could also see the IP address from which this request was coming. However, as Apple now proxies Google’s Safe Browsing traffic, it further protects users’ privacy while browsing using Safari.
Head of Apple’s WebKit, Maciej Stachowiak said on Twitter that the site’s original explanation was not right, but confirmed that the main claim – that Apple now uses its own copy of the database, kept on Apple servers – is correct. The 8 bits later corrected his explanation.
Apple is in the midst of a high-profile privacy battle over app privacy labels and future requirements for apps to seek user permission for ad tracking. In the first case, some applications appear to be avoiding the requirements to declare the identifiable data they capture, preventing updates. Google, for example, temporarily stopped updating a number of its applications when the requirement went into effect – something that created some problems yesterday.
In the latter case, Facebook even ran full-page ads in newspapers attacking Apple and, unconvincingly, claimed to be defending small businesses instead of its own advertising revenue. A Harvard analysis found that Facebook’s numbers were misleading.
Graphic: WikiHow
FTC: We use affiliate links for cars that generate revenue. Most.
Check out 9to5Mac on YouTube for more news from Apple: