Google and Apple, two of the biggest — if not the biggest — technological companies in the world have products used by millions of people on a daily basis. But what happens when one of them is caught bypassing the security of the other? This happened recently, when Google was caught circumventing the security settings of Safari, the main browser used by Apple’s products.
As many news sources are reporting, Google was discovered to have bypassed the security settings of Apple’s default browser, Safari. If you are to believe the many news articles, what Google has done is a big issue. But what did Google actually do, and how does this affect your business?
What Did Google Do?
Google was caught using software to trick Safari’s security settings into allowing third-party cookies. The cookies placed by Google were used to track users’ internet behavior with the idea of providing personalized ads targeted to the users. Google stressed that no personal data was recorded.
Why would Google do this?
Safari is set up to block all third-party cookies — cookies usually used by advertisers placed on a user’s hard drive that don’t have the same URL the user is looking at. Since the majority of Google’s ad services don’t operate under the Google URL, Google needs to use third-party cookies to track users. In other browsers, when a user signs into a Google Account, third-party cookies used by Google’s ad services are automatically placed. With Safari, the cookies are automatically blocked.
To get around the established security, Google took advantage of a known loophole found in 2010 by putting a form in some pages that tricked Safari into thinking the user had agreed to let Google’s Ad services track them.
What Does this Mean to Us?
In all honesty, not very much. Google has said that they are removing the forms from the websites and cookies from the browsers. Apple has said they are working to stop all third party cookies, but no updates have been released as of March 1.
What Can We Do?
To ensure that third party cookies are blocked in Safari, go to:
You can also set your browser to never allow cookies. The downside to this is you will find yourself having to log into a site each time you go to it in a new window. Another strategy is to clear your cookies regularly. In the same tab you set your cookie preferences, select: Remove All Website Data
If you would like to learn more about protecting your organization, or if you have questions, please contact us.