Google, Advertising Companies, Found Bypassing Safari Privacy Settings

Google and several other advertising companies have allegedly been evading the privacy controls of Apple’s Safari browser by placing a special kind of tracking code on a handful of sites, according to new research done by Stanford grad student Jonathan Mayer.

Google and several other advertising companies have allegedly been evading the privacy controls of Apple’s Safari browser by placing a special kind of tracking code on a handful of sites, according to new research done by Stanford grad student Jonathan Mayer.

To follow up on Mayer’s work, independent security researcher Ashkan Soltani scanned the most popular websites according to Quantcast and found that 22 of the top 100 had implemented the code on their sites while 23 of the 100 had installed it when viewed via Safari on an iPhone.

WhilSafari Googlee Safari blocks most tracking by default, Google added code to its ads that mimicked users interacting with elements of a page, which overrides the no-tracking setting. To Safari, these ads appeared as invisible forms, in turn allowing Google to install a tracking cookie. Google has stressed however that these cookies “do not collect personal information.”

The code was disabled by Google shortly after they were contacted by the Wall Street Journal, which reported the findings on Friday.

In addition to Google, Vibrant Media and Media Innovation Group were all found serving similar scripts, according to Mayer’s research. Soltani also found that PointRoll Inc., a Gannett company, was using similar code on 10 of the top 100 U.S. sites he scanned.

This appears to be another bump in the road for Google in particular, which has had a tough go of it on the privacy front as of late. The company settled with the U.S. Federal Trade Commission last year, admitting it used “deceptive tactics” upon launching its Google Buzz social network. Google agreed to privacy audits every two years for 20 years following the settlement.

Last month Google announced it’d be tracking users across all of its services as of March 1, consolidating several dozen privacy agreements down to one.

For more on this, head to The Wall Street Journal.

Suggested articles

Discussion

  • Anonymous on

    Another security flaw exploited in Apple software.  If an 18 year old hacker did this sort of thing, the hacker would end up in jail for a long long time.  Google should should be fined too and spanked on the bare ass for supporting criminal mentality within their empire. 

  • Anonymous on

    Is it just google´s fault? Apple has a control-freak mentality, and as such perhaps it is not quite really interested that tools that give users some control work 100%..

  • Anonymous on

    Apple didn't pull Diginotar certs from 10.3-10.5, millions are vulnerable, mullahahallala!!! Have at it, Apple wants you too so they can upgrade their hardware when they come crying into a Apple Store.
  • Anonymous on

    I agree too that Google should be severely fined for such crap.

  • Anonymous on

    Maybe Google should be fined, but Apple Safari should be more secure.  If Google can evade Safari privacy settings, imagine what a determined attacker can.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.