Google is under the U.S. government’s hammer yet again after it was found out that the search giant was guilty of bypassing the privacy settings on the Apple-owned Safari browser. The Safari browser functions on Apple devices like the iPhones and iPads and the fact that privacy settings were bypassed meant that the iPhone tracking software had Apple users within their sight and menacing reach.
Google allowed various sites to set cookies with tracking intentions onto the browser which in turn resulted in the bypassing of Safari’s security. And this happened despite the presence of security settings which should never have allowed the security breach to have happened in the first place. The word is that the purpose of this entire soap opera was to allow Google+ users, who were present on Safari, to get access to the ‘+1’ button that is present within advertisements (powered by Google’s very own DoubleClick network). This in turn would’ve been a publicity coup and a tracking masterstroke – as it turned out it was neither.
Customarily, Safari’s security would’ve shut up shop and prevented ads from leaving behind a tracking cookie, for the simple reason that it blocks the cookies that originate from advertising networks. This is where Google’s code got the better of Safari’s defense mechanism, courtesy of creating the impression that the code submitted Google a web form. This ‘trick’ which convinced the browser that what it was dealing with was in fact form cookies – which are not blocked on Safari– was how the security was breached.
Exploitation of this particular kind isn’t exactly something new. According to Jonathan Mayer – a researcher at Stanford – it was first discovered in 2010. Even so, having a name as big as Google on the list of culprits is a totally different kettle of fish altogether. This not only brings the whole credibility debate into the mix, it also highlights the menace of iPhone tracking software and other hacking apps that can wreck havoc with any security system.
The DoubleClick ads with ‘privacy-circumventing’ code were found all over the web, including Match.com, AOL.com, YellowPages.com and TMZ.com. In fact according to CNET, Google’s double whammy Safari-breaching code was found in 22 of the top 100 websites. Oh and it gets worse; the website also reported that 23 sites have installed the exact same code on Safari’s iOS browser to add insult to injury.
After having been caught red-handed with both hands in the cookie jar, Google’s defense has been to downplay the threat of the cookies. It claimed that these cookies do not collect personal information, something which has been categorically rebuffed by Apple. And of course Microsoft, who would never have let the chance to take a jibe at its closest rival pass by, claimed this tracking move by Google is “nothing new”.
Google has a lot of explaining to do and potential fines to pay before this chapter closes. As far as Safari users on iPhones and iPads are concerned, they need to be on the lookout for tracking software…
Jane Andrew is the author of iPhone spy and cell phone monitoring technology. She provides tips and tricks on how to track a cell phone. You can also follow her on Twitter @janeandrew01 to get the latest tips about computer security.