Apple’s Fraudulent Website Warning is designed to alert you when you’re about to visit a website that is known to host malware, or that is believed to be a phishing site. Previously, that check consulted a database hosted on a Google server, but as of iOS 14.5 it instead uses an Apple proxy to better protect user privacy.
That adds an extra layer of privacy to the protection Apple was already employing …
When Google crawls the web, it also checks the sites it indexes for malware. When a site is found to host malware, it’s added to a database of sketchy sites. Additionally, Google uses statistical models to identify suspected phishing sites and adds those to the database too.
Chrome checks this database every time you visit a website. If a URL is on the list, Chrome displays a warning and asks you whether you really want to visit the site.
Apple uses the same database, taking steps to ensure that Google never sees the URL you were trying to visit, but cautioning that Google may log your IP address.
When Fraudulent Website Warning is enabled, Safari will display a warning if the website you are visiting is a suspected phishing website. Phishing is a fraudulent attempt to steal your personal information, such as user names, passwords, and other account information. A fraudulent website masquerades as a legitimate one, such as a bank, financial institution, or email service provider.
Before visiting a website, Safari may send information calculated from the website address to Google Safe Browsing to check if the website is fraudulent. For users with China mainland set as their region in Settings > General > Language and Region, Safari may also use Tencent Safe Browsing to do this check. The actual website address is never shared with the safe browsing provider. These safe browsing providers may also log your IP address when information is sent to them.
Apple’s Fraudulent Website Warning in iOS 14.5
Apple has beefed-up its privacy protections as of iOS 14.5. The 8-Bit attempted to explain how this works:
According to Apple, before visiting a website, Safari may send hashed prefixes of the URL (Apple terms it “information calculated from the website address”) to Google Safe Browsing to check if there’s a match.
Since Apple uses a hashed prefix, Google cannot learn which website the user is trying to visit. Up until iOS 14.5, Google could also see the IP address of where that request is coming from. However, since Apple now proxies Google Safe Browsing traffic, it further safeguards users’ privacy while browsing using Safari.
Apple’s WebKit head Maciej Stachowiak says on Twitter that this explanation isn’t quite right, but confirms that the core claim – that Apple now uses its own copy of the database, held on Apple servers – is correct.