Google may have tracked Apple‘s Safari users without their knowledge, raising questions on the search engine’s attention to privacy.
Coding for Google‘s “+1” button in advertisements placed tracking cookies in Safari browsers across all platforms when users clicked the social media site’s button, The Wall Street Journal reported.
Safari browsers generally do not allow tracking cookies from third-party advertisers, but Google‘s “+1” buttons in ads contained a piece of workaround code that may have allowed it get around the Safari block, tricking the Apple browser into allowing it to place tracking cookies. These cookies have the potential to store and track Web viewing history.
Google‘s bypass of Apple’s security took advantage of an unintentional loophole, Google says, but the incident raises concern about the Internet giant’s attention to user privacy, and the ability of security settings to keep up with other platforms.
Stanford researcher Jonathan Mayer discovered the loophole, which allows placement of cookies after the Safari user interacts with the ad. When The Wall Street Journal contacted Google about the tracking concerns, it responded by saying they weren’t aware of it. A statement from Google says it designed the “+1” feature to interact with existing Safari functionality, despite the browser’s automatic block on third-party cookies.
“However, the Safari browser contained functionality that then enabled other Google advertising cookies to be set on the browser,” according to a statement from Google‘s spokeswoman Rachel Whetsone. “We didn’t anticipate that this would happen, and we have now started removing these advertising cookies from Safari browsers. It’s important to stress that, just as on other browsers, these advertising cookies do not collect personal information.”
Google asserts it was an honest mistake, but it comes at a time when headlines are abuzz with Google security flaws. The company’s mobile division is combating Android malware with new software after security breaches resulted in a $1 million loss for Android users hacked through malware-laced Market apps.
Some question Apple’s own wrinkles in security, but Safari is a top browser choice for users who want to block third-party cookies by default. Since the security flaw in this case enabled itself when triggered from users logged into Google+, Apple’s challenge is ensuring its ability to keep its browser functionality consistent despite interaction with other platforms.
Google disabled the code after it surfaced, but the potential for tracking through advertisements is well within Google‘s capabilities as a multi-platform service. The Google flaw underscores that until the industry can get a better handle on these types of problems, users should remain cautious trusting privacy settings that may not accommodate technologies as they develop, leaving them vulnerable to unwanted data collection.