Apple’s Safari is Sending User Browsing Data to Chinese Company Tencent

Last updated September 25, 2021
Written by:
Bill Toulas
Bill Toulas
Cybersecurity Journalist

A group of iOS 13 users has noticed that Apple’s Safari browser is sending their IP addresses to the Chinese tech giant Tencent. While this detail has been included in the “About Safari & Privacy” section of the Safari since iOS 12.2, people have just started noticing it, and they are not very comfortable with the fact. Being a Chinese public business entity, Tencent is on the other side of the trench in terms of the ongoing trade wars with the United States. High-profile individuals who trust Apple to keep their data secured and private are somewhat surprised by what’s apparently going on.

apple-safari-ip-address

Source: Reclaim the Net

Officially, Apple claims to only share user browsing data with the Tencent Safe Browsing unit to help its customers stay away from fraudulent and phishing websites. Similar data for the same purposes is sent to the Google Safe Browsing unit as well. If the user toggles the switch for the “Fraudulent Website Warning” feature to off in Safari’s settings, the corresponding data sharing is probably paused. We say probably because the connection between the setting and the sending of the data hasn’t been made absolutely clear by Apple.

apple-safari-settings

Source: Reclaim the Net

Safari’s default setting puts the toggle to “ON”, so Apple’s own browser is sending data to Tencent out of the box. If the user disables this feature, they are then left without any warning about visiting a risky website. That said, the situation is a double-edged sword. Tencent has documented ties with the Chinese government, and while this isn’t enough to prove that they are involved in data surveillance practices, the status of the company is compelling specific categories of iPhone users to avoid using Safari. However, even if an alternative browser is installed on iOS, the various apps will still launch URL links on Safari, and this cannot be changed.

This leaves users with cumbersome usage conditions, having to copy and paste URLs on a different browser just to avoid sending data to Tencent. Obviously, the vast majority of users won’t do that, so the data collection and responsible management will stay between Apple and Tencent. As we explained recently, pseudo-deanonymized data is easy to correlate with real user identities for Google, and we can assume the same applies to Tencent as well. That said, both of the receptors of this data aren’t acting in a completely transparent data handling context.

Do you blindly trust Apple and iOS, or are stories like the above causing some concern to you? Let us know in the comments down below, or join the discussion on our socials, on Facebook and Twitter.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: