iOS 14.5 routes Safari traffic through Apple proxies before sending to Google’s ‘Safe Browsing’ servers
As we already know, Apple is upping security in iOS 14 with a new feature that requires apps to ask for permission before collecting data from users. Testers using the iOS 14.5 beta have discovered another security measure that Apple never mentioned. It seems that Safari will now use Apple servers as a proxy while accessing Google’s “Safe Browsing” feature.
If you have used the Safari web browser enough, you have likely encountered its “Fraudulent Website Warning” at least once. It is a security measure employed to help keep users from accidentally stumbling on phishing websites. It is powered by Google Safe Browsing, which is also used for the same purpose in Chrome and Firefox.
The mechanics are relatively straightforward. Google has an API that Apple and others use to run traffic through a database of websites Google believes are suspicious. If it gets a hit, the warning is triggered. The URLs are fully encrypted using a 32-bit hash prefix when using this API, so Google’s servers cannot see what sites users are visiting. However, the servers can snag their IP address or other information.
To prevent this, Safari will route traffic through Apple proxy servers before accessing the Safe Browsing database. Apple’s Head of WebKit confirmed the measure via Twitter, saying it was “to limit the risk of information leak.”
The feature is one of several we have seen since Apple unleashed the iOS14.5 beta to the public. It brings with it the ability to unlock your iPhone when wearing a mask, provided you have a paired Apple Watch running the latest version of watchOS. Users will also be allowed to set their favorite music app to the default instead of using Apple Music.