This is how and why Apple sends Safari user traffic to China’s Tencent

Catalin Cimpanu for ZDNet:

Apple has issued a statement today following a slew of misleading and poorly-researched media reports that were published over the weekend, claiming that the Safari web browser was secretly sending user traffic to Chinese company Tencent…

For years, Apple has used Google’s Safe Browsing API inside Safari to check for bad links. Starting earlier this year, Apple also added Tencent’s safe browsing system to Apple as well.

But this update has been misinterpreted by several news outlets over the weekend under scary headlines of “Apple sends users’ web browsing history to China,” amid a recent rise in Chinese anti-sentiment and fearmongering triggered by the recent Hong Kong protests and the US-Sino trade war.

However, the reality is that this is not how modern safe browsing mechanisms work.

Most safe browsing mechanisms, such as those managed by Google and Tencent, work by sending a copy of the database to a user’s browser and letting the browser check the URL against this local database. According to Apple, this is also how Apple developers have implemented Safari’s safe browsing mechanism — to never send the user’s internet browsing traffic to safe browsing providers.

MacDailyNews Take: Apple’s statement (via Slashdot): Apple protects user privacy and safeguards your data with Safari Fraudulent Website Warning, a security feature that flags websites known to be malicious in nature. When the feature is enabled, Safari checks the website URL against lists of known websites and displays a warning if the URL the user is visiting is suspected of fraudulent conduct like phishing. To accomplish this task, Safari receives a list of websites known to be malicious from Google, and for devices with their region code set to mainland China, it receives a list from Tencent. The actual URL of website you visit is never shared with a safe browsing provider and the feature can be turned off.

To turn off this “feature” on your iOS 13 or iPadOS 13 device: Settings > Safari > toggle off “Fraudulent Website Warning.”


  1. amid a recent rise in Chinese anti-sentiment and fearmongering triggered by the recent Hong Kong protests and the US-Sino trade war.

    Right. Fearmongering. It’s not what we know and see with our eyes that causes fear. That piece should have had a “Made in China” sticker on it.

    1. A ‘recent’ anti-China sentiment? Where have you been for the past innumerable decades? That Apple is playing with them at all is pretty unbecoming. The Chinese government is and hasn’t been a boon to humanity, period, for generations. I am pretty ashamed of Apple. If there were an alternative that didn’t involve Google, Amazon, or Microsoft, I’d do it in a heartbeat. This is unacceptable in every sense of the word, and I was wrong: any future trust-busting and regulation should absolutely include and apply to Apple.

  2. The problem is not how the browser checks work, it’s where the data goes. I don’t trust China in any respect due to their heavy hand in suppressing OUR freedom to watch movies and tv shows they don’t like. If my data goes to China then I have to expect it is being used in ways I did not agree to. I trust Apple fine, but not China.

    1. Read the article. Is your region code set to China. If not, don’t worry. Also, the safe website check is performed on your device against a list provided by Google or TenCent. So your web browsing history is not sent out (not for this function, at least).

      If you are living in China or accessing servers in China, then expect your web browsing to be tracked. In fact, it is tracked everywhere – Google is the largest offender by far. In many countries you can gain some measure of anonymity by using a VPN and proxies, but nothing is foolproof.

      The point of this article is that giving in to the FUD circulated by the ill-informed and click-bait organizations just hurts you and makes it easier to influence and control you. Protect yourself by staying informed.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.