Apple’s upcoming iOS 14.5 update comes with a new feature that redirects all fake site checks through its own proxy servers as a solution to preserve users’ privacy and prevent leakage of IP addresses to Google.
A built-in security-focused feature of the Safari browser, “Fraudulent webpage warning, “warns users about dangerous sites that have been reported as misleading, malicious, or malicious.
To achieve this, Apple trusts Google’s secure browsing – or Tencent Safe Browsing for Users in China – a blockchain service that provides a list of web resource URLs that contain malware or phishing content, to compare a hash prefix calculated from the site URL and to check if the website is fraudulent.
Any match against the database will ask Safari to ask Google or Tencent for the full list of URLs that match the hashed prefix and then block the user’s access to the site with a warning.
While the procedure ensures that the actual URL of a website that a user is trying to visit is never shared with a secure browser provider, it leaks the IP address of the device from which the check was made.
With iOS 14.5, all of these verifications are expected to be redirected through an Apple-owned proxy server, with all requests appearing to originate from the same IP address.
“In the new iOS beta, Safari actually proceeds the service through Apple servers to limit the risk of information leakage,” said Maciej Stachowiak, head of WebKit engineering at Apple, last week in a tweet.
The new change in iOS and iPadOS is part of a series of privacy-oriented initiatives that Apple has rolled out recently, including mandating app developers to disclose their data collection practices in App Store lists using “privacy labels. “
In addition, iOS 14.5 will also require apps to ask for users’ permission before being tracked across other apps and websites using the device’s advertising identifier as part of a new framework called Transparency in app tracking.
iOS 14.5 is currently in beta and is expected to be released later this spring.
