iOS Will Hide Users’ IP Addresses from Google

In the upcoming iOS 14.5 update, expected to be released in the coming months, Apple will introduce a feature that routes all Safari Safe Browsing traffic through proxy servers controlled by Apple. This move is designed to protect user privacy and prevent Google from learning users’ IP addresses.

The first reports about this new feature appeared on Reddit, and were soon confirmed by Maciej Stachowiak, head of WebKit development at Apple.

How the New Feature Works

This new privacy feature will only be active if the user has enabled the “Fraudulent Website Warning” option in Safari’s settings. This option supports Google’s Safe Browsing technology.

Safe Browsing works by checking any URL a user tries to access. The URL (in anonymized form) is sent to Google’s servers, which then scan the site for threats. If malware, phishing forms, or other dangers are detected, Google notifies Safari to block access and displays a full-screen warning to the user.

Background and Privacy Concerns

When Google first launched the Safe Browsing API several years ago, the company could see which sites users were visiting. Over time, developers took steps to anonymize this data. However, Google still receives the IP address from which the Safe Browsing check is made.

“The problem is that the Safe Browsing Update API was never designed to be completely secure. Its goal was not to provide full privacy for users, but rather to degrade the quality of data collected by providers,” wrote Matthew Green, a well-known cryptographer and Johns Hopkins University professor, back in 2019.

Apple’s Solution

With the new feature, all Safe Browsing requests will be sent through Apple’s own proxy server. As a result, all requests will appear to come from the same IP address, further protecting user privacy.