Newsdeck

Apple Criticized for Sending Some Browsing Data to Tencent

By Bloomberg 14 October 2019
Caption
(FILE) - A silhouette next to an Apple during the sale start of the new iPhone X at the Apple store Grosse Bockenheimer Strasse in Frankfurt, Germany, 03 October 2017 (issued 02 July 2018). After positive earnings report, shares of Apple surged making it the first company in history to reach a market value of one trillion US dollars. EPA-EFE/ARMANDO BABANI

Apple Inc. came under fire on Monday for sending web browsing data, including IP addresses, to China’s Tencent Holdings Ltd., the latest criticism of how the company operates in the world’s most populous nation.

For about two years, Apple has been sending data to Tencent as part of an iPhone and iPad security feature that warns users if a website is malicious or unsafe before they load it. The U.S. company checks addresses against an existing list of sites known to be problematic. That list is maintained by Tencent for users in mainland China and by Google for other regions, including in the U.S.

In newer versions of Apple’s iOS operating systems, the company says this feature “may also log your IP address,” potentially providing Tencent, a Chinese internet conglomerate with government ties, data such as a user’s location. The safe browsing feature with Google was first added to iOS in 2008, but it was expanded to include Tencent with iOS 11 in 2017. Apple updated its description of the feature in more recent versions of iOS.

“We deserve to be informed about this kind of change and to make choices about it,” Matthew Green, a cryptographer and professor at Johns Hopkins University, wrote in a blog post. “Users should learn about these changes before Apple pushes the feature into production, and thus asks millions of their customers to trust them.”

This isn’t the first time Apple has been criticized for working with a Chinese company to handle local data. In 2018, Apple partnered with Guizhou-Cloud Big Data to store iCloud data locally for users in mainland China.

More recently, Apple has been scrutinized for appeasing China. BuzzFeed recently reported that Apple told creators of shows for its TV+ streaming service to avoid portraying China in a poor light. The company recently removed the Taiwanese flag from the emoji keyboard on devices running in Hong Kong and Macau, after earlier pulling it from Mainland China. It also came under fire for removing a maps app in Hong Kong that the developer said was designed to help users avoid areas of protest. Apple said it was following local laws in both instances.

Apple said in a statement that the feature protects user privacy and safeguards people’s data. The checks occur on the devices, and the actual web addresses are never shared with Tencent and Google, the safe browsing providers. The feature is on by default, but can be switched off, Apple also said. The IP address of a user’s device is shared when a website is found to be suspicious and a warning is sent.

Some users were concerned that data would be sent to Tencent globally because the firm is mentioned even on iPhones outside of China. Apple will likely clarify this in a future version of iOS.

The feature can be disabled under the Privacy & Security section in the Settings app by tapping the “Fraudulent Website Warning” toggle. If a user does that, IP addresses won’t be shared, but Apple also won’t be able to check websites against Tencent’s or Google’s lists.

(Updates with more comments from Apple in seventh paragraph.)
To contact the reporter on this story:
Mark Gurman in San Francisco at [email protected]

To contact the editors responsible for this story:
Tom Giles at [email protected]
Alistair Barr, Andrew Martin

Gallery

Comments - share your knowledge and experience

Please note you must be a Maverick Insider to comment. Sign up here or if you are already an Insider.

FEATURE

‘Everyone in Orania is woke’: A journey to SA’s most notorious town

By Rebecca Davis