Min menu

Pages

iOS 14.5 prevents IP addresses from leaking to Google

 


Apple's upcoming iOS 14.5 update comes with a new feature that redirects all fraudulent website verifications through its proxy servers as an alternative to maintaining user privacy and preventing IP addresses from leaking to Google.

The built-in feature focuses on security in the safari browser, alerting users about dangerous websites that have been reported to be deceptive or harmful by displaying a sign that says: A fraudulent website warning.

To achieve this, Apple relies on Google Safe Browsing – or Tencent Safe Browsing for users in China.

Safe browsing is a blocklist that provides a list of web resource URLs containing malware or phishing content, to compare the calculated hash prefix from the website address and check if the website is fraudulent.

Any match with the database causes Google or Tencent to request a full list of URLs that match the hash indent, thereby preventing the user from accessing the site with a warning display.

While the policy ensures that the actual URL of the website that the user is trying to visit will never be shared with your safe browsing provider, it leaks the IP address of the device from which the scan was selected.

With iOS 14.5, all these verifications are expected to be redirected via an Apple-owned proxy server, making all requests appear to come from the same IP address.

Maciej Stachowiak, Apple's head of WebKit engineering, said in a tweet: Safari's new trial version of iOS plays the role of the agent through Apple's servers to reduce the risk of information leaks.

The new change in iOS and iPadOS is part of a number of privacy-oriented actions recently introduced by Apple, including requiring app developers to disclose data collection practices in-app store listings using privacy labels.

In addition, iOS 14.5 requests users' permission before tracking them across other apps and sites as part of the new app tracking Transparency feature.

iOS 14.5 is currently in the pilot phase and is scheduled for launch later this spring.

reaction: