iOS 14.5 will hide users’ IP from Google

The upcoming iOS 14.5, which will be released in the coming months, will have the option to hide IP as developers will add a feature that will redirect all Safari Safe Browsing traffic through proxy servers controlled by Apple. Thus, the company wants to preserve the privacy of users and prevent Google from finding out their IP addresses.

At first, information about the new function appeared on Reddit, but soon these rumours were confirmed by the head of the Webkit development department Maciej Stachowiak.

The new feature will only work if the user has enabled the Fraudulent Website Warning option in Safari preferences. This option provides support for Google’s Safe Browsing technology.

Safe Browsing works simply: it checks any URL that a user tries to access by sending that URL (anonymized) to Google’s servers, and then the company’s systems access the site and scan it for threats.

If malware, phishing forms and other threats are detected on the site, Google tells the Safari user to block access to the site and displays a full-screen warning.

At the same time, companies such as Facebook have actively opposed such Apple policies, accusing it of negatively impacting the advertising industry.

“We believe that this is a simple matter of standing up for our users. Users should know when their data is being collected and shared across other apps and websites — and they should have the choice to allow that or not. App Tracking Transparency in iOS 14 does not require Facebook to change its approach to tracking users and creating targeted advertising, it simply requires they give users a choice”, — Cupertino answers.

A few years ago, when Google first launched the Safe Browsing API, the company could trace which sites the user was accessing. However, then the developers took a number of steps to anonymize this data. However, Google still knows the IP address from which the Safe Browsing verification request comes.

“The problem is, Update API Safe Browsing was never safe. Its goal was not to provide complete privacy for users, but rather to degrade the quality of the data that providers collect”, — the famous cryptographer and professor at Johns Hopkins University Matthew Green wrote back in 2019.

Apple’s new feature will pass all Safe Browsing requests through Apple’s own proxy, and as a result, they will all appear as coming from the same IP address.

Let me remind you that Google experts found 14 vulnerabilities in iOS that for several years were used by attackers, and that bug in iOS allows bypassing the lock screen and open the address book.