An Apple feature so privacy-minded it upset the ad industry also could have been exploited by hackers to reveal what you do as you browse the web, Google researchers claim in a paper described by the Financial Times.
According to the report, Google researchers discovered worrying flaws in the Safari web browser. The flaws were found, counterintuitively, in a feature made to protect Safari users from invasive ad-tracking technology. Google disclosed the issues to Apple last August, and Apple appeared to have addressed them in December, the Financial Times reports. Fast Company has reached out to both Google and Apple for more information.
When Apple described the reportedly vulnerable feature in 2017—which it called Intelligent Tracking Prevention—it argued in a statement published by 9to5Mac that the problem of invasive ad tracking was “so pervasive that it is possible for ad tracking companies to recreate the majority of a person’s web browsing history.” Apple said its tool “detects and eliminates cookies and other data used for this cross-site tracking, which means it helps keep a person’s browsing private.” In response, one industry group called Apple’s feature “heavy-handed” and claimed it would “drive a wedge between brands and their customers.” Pour one out for the brands.
Unfortunately, the Apple feature reportedly introduced security flaws that could’ve been exploited by hackers, allowing them to “create a persistent fingerprint that will follow the user around the web.” Other flaws found by Google researchers could’ve exposed what Safari users searched for on search engines, according to the FT. Google has an entire team of researchers focused on discovering and reporting security flaws on the web, and the company (which makes most of its money from ads, we must add!) regularly publishes its findings once the vulnerabilities it discovers are fixed on its Project Zero blog.
A Google rep told Fast Company: “We’ve long worked with companies across the industry to exchange information about potential vulnerabilities and protect our respective users. Our core security research team has worked closely and collaboratively with Apple on this issue. The technical paper simply explains what our researchers discovered so others can benefit from their findings.”
This story has been updated.