Google Code Undermines Apple Defenses

Privacy measures put in place by Apple have apparently been undermined by surreptitious Google code.

Image: Everett Collection / Shutterstock

Just days after Apple said it would crack down on apps that collect user data without permission, a Stanford researcher has uncovered a privacy breakdown of relatively gigantic proportions.

The Apple PR challenges began earlier this week, when, as USA Today first reported, Apple faced disclosures that social-media startup Path and several other creators of apps for its iOS operating system collect and store users' address books without asking their permission. To calm the masses, the tech giant said it would require third-party suppliers of applications in its App Store to secure user approval to use address-book data, including full names, phone numbers, and email addresses.

That debacle, which happened on Wednesday, seemed bad enough, given that Path, whose big-name investors include Facebook’s first president and Napster founder Sean Parker, just announced its 2-millionth subscriber. But that's nothing compared to what Google is accused of doing today.

The Wall Street Journal now reports that Google and other advertisers have been using secret code to undermine the privacy settings put in place by Apple intended to protect the millions of people using Safari, the Apple-supplied Web browser.

In a blog post following up on her original Journal cover story, reporter Jennifer Valentino-DeVries wrote:

By default, Apple’s Safari browser accepts cookies only from sites that a user visits; these cookies can help the site retain logins or other information. Safari generally blocks cookies that come from elsewhere—such as advertising networks or other trackers. But there are exceptions to this rule, including that if you interact with an advertisement or form in certain ways, it’s allowed to set a cookie even if you aren’t technically visiting the site.

Google’s code, which was placed on certain ads that used the company’s DoubleClick ad technology and was uncovered by Stanford researcher Jonathan Mayer, took advantage of this loophole, as did the code used by the other companies.

To even further complicate Google’s position, the Journal also reported that the search engine/advertising giant, which was once known for its informal motto, “Don’t be evil,” may have lied to its users on one of its sites when it claimed that Safari’s privacy settings could continue to be relied on as a means to avoid its own tracking methods.

The apparent lie has since been removed, though Apple's defenses, twice compromised in so short a time, are no less in question.