Apple Fixed Tracking Flaws In Safari, But Google Director Disagrees

Google identified multiple privacy flaws in Apple’s Safari browser, which the iPad maker said it has fixed, but a Google director says it hasn’t

Google security researchers have published a paper which detailed a tool that Apple developed to halt web tracking, but which actually contained a number of flaws.

The ‘multiple security and privacy issues’ were found in Safari’s Intelligent Tracking Prevention (ITP) feature, according to a paper published on the matter. The tool was designed to block tracking software used by digital advertisers, but can be exploited to do the exact opposite, Google said.

Google reportedly told Apple about the problem with five flaws in August 2019, and in December Apple published a blog post saying it had fixed the issues and it thanked Google for its help.

Tracking flaw

According to the report among those issues Google found with ITP was a feature that stores information about websites visited by the user.

A flaw in the technology also could potentially allow hackers to “create a persistent fingerprint that will follow the user around the web”.

Other vulnerabilities Google researchers apparently discovered in ITP allowed third parties to observe what individual users were searching for on search engine pages.

Apple has worked hard over the years to protect user privacy and has installed anti-tracking technologies across its portfolio. Apple for example added ITP to Safari in 2017 to protect users from being tracked by third parties.

Not fixed

But it seems as though Google doesn’t believe that Apple has actually patched the problem, despite its claims that it had.

This week on Twitter, Google Chrome Engineering Director Justin Schuh tweeted that the actual vulnerabilities have not been fixed, despite Apple’s claim.

“No, I can assure you that they still haven’t fixed these issues, which is what made that blog post last year so weird,” tweeted Schuh in a thread. “Apple didn’t disclose the vulnerabilities or appropriately credit the researchers, but put out a post implying they fixed ‘something’”.

Do you know all about security? Try our quiz!