Apple will proxy Safe Browsing requests to hide iOS users’ IP from Google

Apple’s upcoming iOS 14.5 update will come with a new feature that will redirect all fraudulent website checks through its own proxy servers as a workaround to preserve user privacy and prevent leaking IP addresses to Google.

A built-in security-focused feature in the Safari browser, “Fraudulent Website Warning,” alerts users about dangerous websites that have been reported as deceptive, malicious, or harmful.

To achieve this, Apple relies on Google Safe Browsing — or Tencent Safe Browsing for users in Mainland China — a blocklist service that provides a list of URLs for web resources that contain malware or phishing content, to compare a hash prefix calculated from the website address and check if the website is fraudulent.

Any match against the database will prompt Safari to request Google or Tencent for the full list of URLs that match the hashed prefix and subsequently block the user’s access to the site with a warning.

While the approach ensures that the actual URL of a website a user is attempting to visit is never shared with a safe browsing provider, it does leak the IP address of the device from which the check was made.

With iOS 14.5, all these verifications are expected to be re-routed through an Apple-owned proxy server, thereby making all requests appear as originating from the same IP address.

“In the new iOS beta, Safari does indeed proxy the service via Apple servers to limit the risk of information leak,” said Maciej Stachowiak, head of WebKit engineering at Apple, last week in a tweet.

The new change in iOS and iPadOS is part of a number of privacy-oriented measures that Apple has been rolling out lately, including mandating app developers to disclose their data collection practices in App Store listings using “privacy nutrition labels.”

In addition, iOS 14.5 will also require apps to ask for users’ permission before tracking them across other apps and websites using the device’s advertising identifier as part of a new framework dubbed App Tracking Transparency.

iOS 14.5 is currently in beta and is slated to be released later this spring.