What with the whole Path address book debacle, this isn’t a good week to be caught up in a user privacy scandal on iOS as far as public perception is concerned. Google better batten down the hatches then, as it has just been discovered that they have been exploiting a loophole in the way Safari blocks cookies to bypass the privacy settings of millions of iPhone, iPad and Mac owners. Ouch.
According to The Wall Street Journal, the way Google went about doing things is like this.
In Safari on the Mac or iPhone, there is an option to always block cookies from third parties and advertisers, but Apple makes an exception on pages where a user has interacted with it in some way: by, say, filling out a form. So what Google did was make sure that any time someone did a Google search or accessed one of their pages, Safari would automatically send an invisible form to Google, which would then allow them to install a tracking cookie on any iOS device or Mac even against that user’s explicit privacy settings. And once that initial cookie got installed, things snowballed, because a glitch in Safari then allows an unlimited number of subsequent cookies to be added.
Apple on their part is pissed, and told the Wall Street Journal that it is working to put a stop to Google’s shenanigans. But Google’s unapologetic, saying that they used “known Safari functionality to provide features that signed-in Google users had enabled” and that “these advertising cookies do not collect personal information.” Yeah, we’ll see how far that sort of attitude takes you.