Apple continues to come under scrutiny for its relationships with the Chinese government and Chinese businesses. It has been discovered that Safari’s Fraudulent Website Warning feature for Mac and iOS is sending user data to Chinese internet firm Tencent as one of its Safe Browsing providers.
The feature sends data to both Google Safe Browsing and Tencent to cross-reference URLs against blacklists to protect users against malware and phishing schemes. While it has long been known that data was being sent to Google, no one is certain when Apple began also sending data to Tencent.
While Apple does disclose to users that it sends some user IP addresses to Tencent, the disclosure is easy to miss, as the mention can be found “About Safari & Privacy” screen, which is linked via a tiny link in the “Privacy & Security” section in the Settings menu on the Safari screen (“Settings” -> “Safari”). The Fraudulent Website Warning found there is enabled by default, so many users may never see the information screen.
I currently isn’t certain if Apple users located outside of China are having their data sent to Tencent, or if it is limited to Chinese users. However, the company is mentioned on iOS devices registered in the U.S. and the U.K., and possibly other regions.
While the privacy implications of shifting safe browsing to Tencent’s server are as yet known, a malicious party could possibly use the feature to link site requests to a particular user via their IP address.
Apple’s relationship with the Chinese government has come under increasing scrutiny and criticism in recent weeks, and Apple’s relationship with Tencent (who works closely with the . Chinese Communist Party), will surely increase the scrutiny.