Apple’s ‘incredibly private’ Safari users could still be tracked in Europe

Apple’s latest clash with the EU has left European Safari users potentially vulnerable to web activity tracking.

Apple has a history Attempt to circumvent EU rulesEven getting slapped €1.8 billion fine for streaming violations in March. Now, the company’s latest change to European antitrust rules by allowing third-party apps on iPhones has left users potentially vulnerable to web activity tracking.

Previously, Apple’s Safari has been described as a private, secure way to browse. However, now, As reported by The RegisterDevelopers Talal Haj Bakari and Tommy Misik have revealed that the way Apple allows access to third-party apps leaves potential privacy gaps.

Essentially, when visiting Safari via iOS, any website can pin a chosen approved software marketplace with a unique identifier for each user. As users move from one site to another, that information can be quietly revealed to a third-party (aka non-Apple) app store. This tracking data may be used for targeted advertisements and other data-driven personalization.

Is there any real risk to Apple Safari users?

As things stand, it appears this vulnerability only applies to iOS 17.4 users in the EU and there are no reports of the privacy gap being exploited yet. However, there seem to be possibilities.

“Our testing shows that Apple introduced this feature with catastrophic security and privacy flaws,” wrote Becker and Mysk. an advice Published on 28 April.

According to the developer duo, Apple’s major failings are: It fails to investigate the origin of a website, allowing unsupervised tracking; It does not validate JSON web tokens, ‘opening the door’ to malicious targeting; And it lacks certificate pinning, which provides room for an intermediary to access communications.

iOS users in Europe are urged to use a different privacy-driven browser like Brave or DuckDuckGo, both of which close the loopholes that Safari left open in Europe.

Featured Image: Unsplash