Google Reportedly Bypassed Safari Privacy Settings to Track iPhone Users

Wall Street Journal reports that Google and few other advertising companies have used a loophole in iPhone’s Safari browser to track the web-browsing habits of users.

WSJ explains how Google managed to track iPhone users:

Last year, Google added a feature to put the +1 button in ads placed across the Web using Google’s DoubleClick ad technology. The idea: If people like the ad, they could click “+1” and post their approval to their Google social-networking profile. 

But Google faced a problem: Safari blocks most tracking by default. So Google couldn’t use the most common technique—installation of a small file known as a “cookie”—to check if Safari users were logged in to Google.

To get around Safari’s default blocking, Google exploited a loophole in the browser’s privacy settings. While Safari does block most tracking, it makes an exception for websites with which a person interacts in some way—for instance, by filling out a form. So Google added coding to some of its ads that made Safari think that a person was submitting an invisible form to Google. Safari would then let Google install a cookie on the phone or computer.

The cookie that Google installed on the computer was temporary; it expired in 12 to 24 hours. But it could sometimes result in extensive tracking of Safari users. This is because of a technical quirk in Safari that allows companies to easily add more cookies to a user’s computer once the company has installed at least one cookie.

This was first discovered by Stanford researcher Jonathan Mayer and was independently confirmed by WSJ’s technical adviser, Ashkan Soltani. The thing that makes it even more suspicious is that Google disabled its code after it was contacted by WSJ.

Google has issued the following statement:

“The Journal mischaracterizes what happened and why. We used known Safari functionality to provide features that signed-in Google users had enabled. It’s important to stress that these advertising cookies do not collect personal information.” 

Apple is not too happy that advertising companies like Google are using loopholes to track their users. It issued the following statement on the issue:

“We are working to put a stop” to the circumvention of Safari privacy settings.

Here’s how to find out if you’re being tracked on Safari:

  • Launch the Settings App from your iOS device’s home screen
  • Then tap on Advanced
  • Then Website Data
If you see a website in the list that you can’t recognize, it could be one of the domains used by advertising companies for tracking. WSJ reports that one tracker that stored data on their iPhone was, which is linked to Google.

Google’s privacy practices has been under increased scrutiny and such incidents will only raise more eyebrows.

[via WSJ]