- Apple’s Safari is sending user IP addresses and some other browsing data to Tencent.
- The Chinese company has ties with the government, and this raises many concerns for iOS users.
- The sharing of the data is set to “on” by default, and disabling it will increase the risk of trusting a dangerous website.
A group of iOS 13 users has noticed that Apple’s Safari browser is sending their IP addresses to the Chinese tech giant Tencent. While this detail has been included in the “About Safari & Privacy” section of the Safari since iOS 12.2, people have just started noticing it, and they are not very comfortable with the fact. Being a Chinese public business entity, Tencent is on the other side of the trench in terms of the ongoing trade wars with the United States. High-profile individuals who trust Apple to keep their data secured and private are somewhat surprised by what’s apparently going on.
Officially, Apple claims to only share user browsing data with the Tencent Safe Browsing unit to help its customers stay away from fraudulent and phishing websites. Similar data for the same purposes is sent to the Google Safe Browsing unit as well. If the user toggles the switch for the “Fraudulent Website Warning” feature to off in Safari’s settings, the corresponding data sharing is probably paused. We say probably because the connection between the setting and the sending of the data hasn’t been made absolutely clear by Apple.
Safari’s default setting puts the toggle to “ON”, so Apple’s own browser is sending data to Tencent out of the box. If the user disables this feature, they are then left without any warning about visiting a risky website. That said, the situation is a double-edged sword. Tencent has documented ties with the Chinese government, and while this isn’t enough to prove that they are involved in data surveillance practices, the status of the company is compelling specific categories of iPhone users to avoid using Safari. However, even if an alternative browser is installed on iOS, the various apps will still launch URL links on Safari, and this cannot be changed.
This leaves users with cumbersome usage conditions, having to copy and paste URLs on a different browser just to avoid sending data to Tencent. Obviously, the vast majority of users won’t do that, so the data collection and responsible management will stay between Apple and Tencent. As we explained recently, pseudo-deanonymized data is easy to correlate with real user identities for Google, and we can assume the same applies to Tencent as well. That said, both of the receptors of this data aren’t acting in a completely transparent data handling context.