Google Reportedly Bypassed Safari Privacy Settings to Track iPhone Users

Wall Street Journal reports that Google and few other advertising companies have used a loophole in iPhone’s Safari browser to track the web-browsing habits of users.

WSJ explains how Google managed to track iPhone users:

Last year, Google added a feature to put the +1 button in ads placed across the Web using Google’s DoubleClick ad technology. The idea: If people like the ad, they could click “+1″ and post their approval to their Google social-networking profile. 

But Google faced a problem: Safari blocks most tracking by default. So Google couldn’t use the most common technique—installation of a small file known as a “cookie”—to check if Safari users were logged in to Google.

To get around Safari’s default blocking, Google exploited a loophole in the browser’s privacy settings. While Safari does block most tracking, it makes an exception for websites with which a person interacts in some way—for instance, by filling out a form. So Google added coding to some of its ads that made Safari think that a person was submitting an invisible form to Google. Safari would then let Google install a cookie on the phone or computer.

The cookie that Google installed on the computer was temporary; it expired in 12 to 24 hours. But it could sometimes result in extensive tracking of Safari users. This is because of a technical quirk in Safari that allows companies to easily add more cookies to a user’s computer once the company has installed at least one cookie.

This was first discovered by Stanford researcher Jonathan Mayer and was independently confirmed by WSJ’s technical adviser, Ashkan Soltani. The thing that makes it even more suspicious is that Google disabled its code after it was contacted by WSJ.

Google has issued the following statement:

“The Journal mischaracterizes what happened and why. We used known Safari functionality to provide features that signed-in Google users had enabled. It’s important to stress that these advertising cookies do not collect personal information.” 

Apple is not too happy that advertising companies like Google are using loopholes to track their users. It issued the following statement on the issue:

“We are working to put a stop” to the circumvention of Safari privacy settings.

Here’s how to find out if you’re being tracked on Safari:

  • Launch the Settings App from your iOS device’s home screen
  • Then tap on Advanced
  • Then Website Data
If you see a website in the list that you can’t recognize, it could be one of the domains used by advertising companies for tracking. WSJ reports that one tracker that stored data on their iPhone was doubleclick.net, which is linked to Google.

Google’s privacy practices has been under increased scrutiny and such incidents will only raise more eyebrows.

[via WSJ]
Like this post? Share it!

  • SP

    Google is quickly becoming a company that disgusts me. I’m starting to circumvent their services more and more.

  • http://smartphonegeeks.in/ DJScope

    So you would share your info with Apple and not with Google? Whats the difference? In recent developments of these court cases, IMO Apple is doing all the evil without thinking about how it will effect its customers.

  • Lex

    Done with Google. Switching to Bing for now.

    • Melvarius

      M$ will probably do the same or similar. Lets wait and see…

  • http://www.motorbeam.com/ fas

    Apple will update this in next iOS.

  • Lahey

    The instructions given in the article are incorrect.

    In iOS5, tap “Settings,” then tap “Safari,” and then “Advanced” and then “Website Data.” If there are many websites listed you can extend the visible list by tapping the last entry.

    We have not made plans to change this in the new release to the best of my knowledge.