Google Tracked Millions Of iOS & Mac Safari Users Against Their Wishes



What with the whole Path address book debacle, this isn’t a good week to be caught up in a user privacy scandal on iOS as far as public perception is concerned. Google better batten down the hatches then, as it has just been discovered that they have been exploiting a loophole in the way Safari blocks cookies to bypass the privacy settings of millions of iPhone, iPad and Mac owners. Ouch.

According to The Wall Street Journal, the way Google went about doing things is like this.

In Safari on the Mac or iPhone, there is an option to always block cookies from third parties and advertisers, but Apple makes an exception on pages where a user has interacted with it in some way: by, say, filling out a form. So what Google did was make sure that any time someone did a Google search or accessed one of their pages, Safari would automatically send an invisible form to Google, which would then allow them to install a tracking cookie on any iOS device or Mac even against that user’s explicit privacy settings. And once that initial cookie got installed, things snowballed, because a glitch in Safari then allows an unlimited number of subsequent cookies to be added.

Apple on their part is pissed, and told the Wall Street Journal that it is working to put a stop to Google’s shenanigans. But Google’s unapologetic, saying that they used “known Safari functionality to provide features that signed-in Google users had enabled” and that “these advertising cookies do not collect personal information.” Yeah, we’ll see how far that sort of attitude takes you.

  • ZuDfunck

    I think every year I consider abandoning Google. No light undertaking there. But every year they come out with some advancement that keeps me in their clutches.

  • FriarNurgle

    We do get a TON of pretty nice and useful features and services from Google, even as Apple users. But they should be upfront about it.

  • sincarne

    Same. This has pushed me to drop the $30 for Fever ASAP. The only thing I can’t seem to divest myself of is GMail.

  • prof_peabody

    I block Google everything anyway so I wasn’t affected.  There are several easy to use third party tools on the Mac that will block ads, cookies, and especially Google.  

    I find it interesting how Google does evil thing after evil thing and never seems to get much bad press, but Apple instead tries to do the right thing by it’s users and is constantly pilloried.

    Antennagate, Locationgate, workers in china, etc. … 

    – *none* of these were Apple’s fault. 
    – *all* of them involved other parties doing the same thing
    – *all* of them showed Apple leading the way in attempts to fix or mitigate them
    – *all* were reported in the press as Apple’s deliberate fault.

  • imajoebob

    I dropped Google from my search box long ago, and don’t use any of their products except Google Earth.  But I’ve recently used Bing Maps, and while not as complete, it’s a decent alternative.

    Let’s face it, in the Internet world, Google is evil.  You need look no further than their cozy relations with the Chinese government, even after the Chinese attacked Google’s servers.  If you really need proof, this is the only thing Prof Peabody and I are in complete agreement.

  • ddevito

    Ah ha. Google outsmarted Apple once again. Don’t blame Google for taking advantage of something Apple left open.

    And to all the iSheep, Apple is just as evil with all their bogus patent infringements. Just wait until Google is awarded the patent for pull-down notifications, Apple will be SO SCREWED. 

    And you know what, Apple still uses Google maps, and that precious Siri uses Google search too. So whether you want to realize it or not, Apple needs Google. 

  • ddevito

    Are iOS jailbreakers “evil” in Apple fans’ eyes? I didn’t think so 


  • ddevito

    Then you’re only fooling yourself, your loss. Google Search is a great product

  • ddevito

    get your mouth off Cook’s c0ck

  • ddevito

    A glitch in Safari – so how is that Google’s fault? Apple got caught with their pants down

  • ddevito

    I thought Apple carefully tested all software before getting released? Looks like they need to hire better talent. 

  • ddevito

    Apple still uses Google maps, and that precious Siri uses Google search too. So whether you want to realize it or not, Apple needs Google.


  • Brian

    I don’t understand why people keep getting surprised by this stuff. If you are not paying for it you are the product not the consumer. Of course they are taking this information from you and using it to make money. If you think otherwise you are naive.

  • Mike Rathjen

    Google purposely creates and sends an invisible form in order to artificially simulate user interactions that didn’t occur, therefore simultaneously circumventing both Safari’s security and the user’s privacy settings, and you wonder how that is Google’s fault?

    You seem to confuse the victims with the perpetrator.

    I suppose when someone robs a bank you blame the bank? When a rapist acts, you blame the victim?

  • ddevito

    Lots of “invisible” type forms and such are created each and every day. It’s called malware, phishing, etc.

    The security hole is discovered, and the party responsible needs to fix it. If you downloaded a malware app from the App Store and it infects 10M iPhones – will Apple get blamed? Absolutely. 

    If you’re going to create the walled garden, you damn well better make sure you secure it.

  • thewinchesterau

    Sorry, but the story here should be “Poor security in Safari allows user tracking online”.

    Just because it was Google who might have used Safari’s terrible security and loopholes to gain advantage of this doesn’t mean they should be the focus.

    Apple has a poor history of looking after users, and this along with the Path example is proof positive they need to do more to look after those who roam in the Apple walled garden.

  • Mikofox

    Cult of Mac tracks you with:

    Google Adsense,
    Google Analytics,
    Federated Media,
    Kontera ContentLink,
    Comscore Beacon,

    + three Social Buttons

    All Blocked Here with Firefox and Do Not Track Plus extension.

  • lowtolerance

    Say what you will about Antennagate, but Apple *did* design the iPhone 4’s antenna in such a way that holding the phone normally causes a reduction in signal. They’ve admitted this was a problem, and it is pretty likely that they were aware that it was an issue prior to shipping a product. Apple *did* address the issue rather admirably, but it was a still an issue *that they created*(ie, it was totally their fault). Whether other products have the same faults is really irrelevant.