- Apple may in some cases share Safari web address information from iPhone users with their device region set to mainland China with the Chinese tech giant Tencent as part of a safety feature that monitors for phishing scams.
- Apple shares some web address data with Tencent Safe Browsing and Google Safe Browsing before a user visits a website to ensure that it’s not a phishing scam.
- The feature is attracting attention amid heightened concerns about the relationships between United States tech firms and China.
- Visit Business Insider’s homepage for more stories.
An Apple feature that shares Safari website information with Chinese tech behemoth Tencent is attracting attention amid heightened concerns about the relationships between US tech firms and China.
Apple may share certain information about the websites a user visits through Safari on the iPhone with Tencent and Google as part of a safety feature that checks for phishing scams called Fraudulent Website Warning. It’s important to note, however, that Apple only shares information with Tencent if the iPhone’s device region is set to mainland China.
The feature was recently highlighted by privacy news blog Reclaim the Net.
As part of the feature, Apple says it may share some information from a website’s address as well as a user’s IP address with Google Safe Browsing and Tencent Safe Browsing before visiting that website. It doesn’t share the actual URL of a website.
It’s part of a process Apple uses to check whether or not the website a user is trying to visit is a phishing scheme attempting to steal personal information. Apple receives a list of websites that are known to be fraudulent or malicious from Google, which it then uses to check whether the website a user is visiting may be a phishing scam. For devices with their country code set to China, it will obtain this list from Tencent.
This Fraudulent Website Warning feature is turned on by default in iOS 13, and Apple’s description of it reads as follows:
“When Fraudulent Website Warning is enabled, Safari will display a warning if the website you are visiting is a suspected phishing website. Phishing is a fraudulent attempt to steal your personal information, such as user names, passwords, and other account information. A fraudulent website masquerades as a legitimate one, such as a bank, financial institution, or email service provider. Before visiting a website, Safari may send information calculated from the website address to Google Safe Browsing and Tencent Safe Browsing to check if the website is fraudulent. These safe browsing providers may also log your IP address.”
Fraudulent Website Warning can be turned off by launching the settings menu on your iPhone, choosing “Safari,” and toggling the switch next to “Fraudulent Website Warning.” Doing so, however, could leave you vulnerable to malicious websites.
It’s not the first time it’s been discovered that Apple may share some website information from Safari with Tencent. Some users spotted the above disclaimer in Safari’s Privacy section as far back as February in the beta for iOS 12.2.
Apple provided Business Insider with the following statement regarding Fraudulent Website Warning and how it works:
“Apple protects user privacy and safeguards your data with Safari Fraudulent Website Warning, a security feature that flags websites known to be malicious in nature. When the feature is enabled, Safari checks the website URL against lists of known websites and displays a warning if the URL the user is visiting is suspected of fraudulent conduct like phishing. To accomplish this task, Safari receives a list of websites known to be malicious from Google, and for devices with their region code set to mainland China, it receives a list from Tencent. The actual URL of a website you visit is never shared with a safe browsing provider and the feature can be turned off.”
Tencent is a technology company headquartered in Shenzhen, China, that operates in a range of industries from instant messaging to mobile payments and entertainment. Tencent owns WeChat, the popular messaging app with one billion daily users, and has grown to become a major player in the video game industry. It owns a 40% stake in Epic Games, the firm behind “Fortnite,” and owns Riot Games, the studio behind “League of Legends” and “Teamfight Tactics.” In its annual ranking, Forbes listed Tencent Holdings as the ninth largest technology company in the world.
The discovery that Apple may sometimes share some website data with Tencent comes amid heightened tensions between US tech companies and China. California-based video game giant Blizzard Entertainment recently faced backlash for banning a competitive “Hearthstone” player after he voiced his support for the ongoing protests in Hong Kong.
Apple had also fallen under some scrutiny last week after it removed an app from the App Store used by Hong Kong protesters to monitor police activity. Apple CEO Tim Cook defended his company’s decision in a letter to employees obtained by Bloomberg’s Mark Gurman, saying that the app was nixed because it was being used to “maliciously target individual officers for violence” and “victimize individuals and property where no police are present.”
The fact that Chinese firms like Tencent are required to help the government with intelligence work if asked certainly doesn’t help ease concerns about potential espionage – an issue that’s been amplified in the public eye since Huawei was placed on a blacklist that prevents it from working with US companies back in May.