“Do Not Track” enabled in your Apple iPhone could have helped third-parties track your web-browsing activities & collect your sensitive information! Yes, the Information Security Team at Google has reported of several security issues in Safari’s Tracking System that caused Apple’s Privacy Blunder.
Apple’s Privacy Blunder – Vulnerabilities in Safari’s ITP
The tech giant, Apple is eminent globally for being the “privacy-above all” brand & focusing on protecting user’s data privacy by all means. In order to ensure the security of its user’s data, Apple rolled a feature – “Intelligent Tracking Prevention” Tool in year 2017.
This tool was specifically designed to restrict third-party cookies & protect Safari browser users from being tracked by the advertisers.
However, according to a technical paper published on https://arxiv.org/, a group of security engineers at Google have found vulnerabilities in safari’s Intelligent Tracking Prevention (ITP) recently. The vulnerabilities in Safari Browser put web security & data privacy of the users at risk.
It is suspected that the bunch of flaws in ITP would have allowed potential cyber-crooks to sneak a peek into user’s search & browsing history. This Apple’s privacy blunder also leaked web-browsing habits & online activities of the users.
Insight into the Recent Security Issues
1). According to the reports, the security issues in Safari first surfaced to lime-light in 2017, which were stemmed with Safari’s Intelligent Tracking Prevention (ITP) feature.
This feature protected Apple users against cookies-tracking third-parties by logging their use. ITP would block the websites from utilizing the cookies.
The researchers said that ITP marked such websites as wide-spread domains & were added to the ITP List when it observed them sending data that could be used by the advertisers to recognize the user.
However, these logs made a way for the potential cyber-crooks to get details of a person’s web-browsing history, the Google research paper revealed.
2). The second instance of online security issue with Apple iPhones was found in 2019, the sources state. The “Do Not Track” feature enabled the websites to track the people better. This feature created a digital fingerprint of the browser settings of the users.
While the main motive of “Do not Track” utility was to prevent the users from being tracked by the websites, the effort failed. As a result, Apple discontinued “Do not Track” standard during Safari 12.1 release in 2019.
Some of the flaws were addressed & fixed by Apple with the release of security patches in Safari 13.04 & iOS 13.3 in December 2019.
John Wilander, Apple’s WebKit Engineer at ITP thanked Google for its assistance in an official statement. He extended his gratefulness to Google for exploring the ability of web-content detection when trying to prevent its tracking & other possible worst situations that could have happen.
While Apple’s Privacy Blunder of ITP flaws have been addressed, Google security researchers say the mitigation did not completely resolve web security & data privacy issues. The research paper rolled out on arxiv.org by Google asserts the fixes have limits.
(21)