Apple Sheds Light On Tencent's Role In Fraudulent Website Warnings; Checks Are Limited to Region-coded Devices

Ensuing users' concern over Apple using Chinese conglomerate Tencent as one of its Safe Browsing partners for Safari, the Cupertino-based tech giant released a statement assuring Apple users that website URLs are not shared with its safe browsing partners. This feature allows Safari to send data to the search engine giant’s Safe Browsing to cross-check URLs against a blacklist to protect users against malicious sites and phishers. Apple explained that Tencent is utilized for devices with region code intended for China only.

Apple users in the UK, the US, and other countries do not have their web browsing checked against the Chinese company’s safe list. The Cupertino-based tech giant noted that it intends to protect the privacy of its users and ensures their data with Safari Fraudulent Website Warning. This is a security feature that flags sites perceived as malicious in nature. When this feature is activated, Safari verifies the URL of the website based on the list of known sites and displays a warning if the URL the user is currently visiting is suspected to be of fraudulent conduct such as phishing.

To perform this task, Safari gets a list of websites from Google that are treated as malicious. For the devices with corresponding region code set to mainland China, Safari receives the file from Tencent. The URL of the website that Apple user visits is never shared with a safe browsing provider. Moreover, this particular feature can be turned off by the user.

Before the website loads, when a fraudulent website warning feature is activated, Safari cross-checks if the URL of the website has a hash prefix to match the list of hash prefixes of malicious websites. If a match is identified, Safari sends the hash prefix to the safe browsing provider and then requests for a complete list of URLs that have the same hash prefixes as the suspicious one.

Details about the safe browsing partners of Apple can be found in the About Safari and Privacy page. It is in the Privacy and Security section of Safari in the Settings. By default, the fraudulent website protection is enabled, and Apple users who are extremely worried about the safety check feature can simply turn it off.