Cupertino tech juggernaut Apple has been advertising itself as an advocate of user privacy. As part of this advocacy, the company took its customers' privacy to another notch when it introduced a feature to Safari called Intelligent Tracking Prevention. However, Google researchers discovered that this same privacy feature is actually exposing users' data.
The Intelligent Tracking Prevention that Apple released to Safari has a major issue. Essentially, the feature makes it hard for websites to track visitors. But, its recently discovered major flaw exposes users' data and affects Safari on macOS, iPadOS, and iOS.
Safari Intelligent Tracking Prevention Feature
Apple designed the Intelligent Tracking Prevention (ITP) to prevent cookies. It is also the company's answer to online marketers that tracks their visitors on different websites. The feature was first launched on iOS 11 and has received several updates since then.
To determine which advertisers and websites track users and to disable cross-site tracking, the feature uses machine learning. Its latest build 2.3, was released on iOS 13, iPadOS 13, and macOS Catalina 10.15. The latest version received support for preventing embedded sharing and like buttons, particularly in social networking sites, from tracking users without their consent.
ITP Exposes Users' Data on Safari
In a new paper, however, Google researchers claim that the ITP feature leaks the web browsing habits of users. As per the Financial Times, the ITP vulnerabilities enabled websites to get 'sensitive private data of the user's browsing habits. It allows 'persistent cross-site tracking' and enables cross-site information leaks such as cross-site search, the researchers revealed.
Google researchers identified five different attacks that could trigger security flaws in Safari. Last Aug. 2019, Apple was informed about these vulnerabilities. The Cupertino company released a fix in Dec. 2019, following the report.
Google security researchers, however, claim that mitigations do not totally resolve privacy issues. "Such fixes will not address the underlying problem," they say. Jason Schuh, Google's Director of Chrome, says that Apple was not able to resolve the ITP bugs that the team reported.
The system is lethally flawed since it produces worse privacy and security issues than the problems it was designed to address. Schuh also shares that Apple requested a disclosure extension without disclosing any of the vulnerabilities. Apple has to do something about the major flaw and vulnerabilities of the Intelligent Tracking Prevention feature in Safari.
In other Apple news, the Cupertino company reportedly dropped its earlier plans of fully encrypting backups on iCloud. According to a report, the decision comes following the complaint of the Federal Bureau of Investigation (FBI). Apple has not yet released any statement or made any comment about the issue.
