Google bites into Apple, crams down cookies

Google has been secretly bypassing privacy settings on iPads and iPhones, via the Safari browser. Meet the new cookie monster

Google has been caught with its hands quite literally in the cookie jar again. And no amount of Doubleclick -- er, double talk -- is going to save it this time.

According to the Wall Street Journal's intrepid privacy reporters, Julia Angwin and Jennifer Valentino-Devries, Google has been deliberately bypassing the privacy settings in Apple's Safari browser to allow itself and other advertising firms to deposit cookies on users' iPhones and iPads.

[ Also on InfoWorld: Don't look now, but your mobile apps may be spying on you. | For a humorous take on the tech industry's shenanigans, subscribe to Robert X. Cringely's Notes from the Underground newsletter. | Get the latest insight on the tech news that matters from InfoWorld's Tech Watch blog. ]

Essentially, Google was tricking Safari -- which is set to block third-party tracking cookies by default -- into allowing it to drop Doubleclick cookies on users' machines by pretending they weren't really Doubleclick cookies. Other ad networks followed suit.

I won't get into the technical fine print here. The Journal goes into it in some detail, as does Marketing Land's Danny Sullivan. Business Insider has a nice explanation of what Google was probably thinking.

Google's reasoning? It wanted to enable users who were logged into Google to click its little +1 button on Doubleclick ads. Before going any further, I'd like to see a virtual show of hands. Anybody out there ever clicked +1 on an ad? Anyone at all? Bueller? Bueller? OK, I may have clicked +1 on that Honda CRV ad featuring Matthew Broderick playing a middle-aged Ferris Bueller -- but only the extended YouTube version, not the actual ad.

So Google's reason for breaking Safari's privacy settings is dubious at best, but it's not the only ad company to play fast and loose with Apple's default settings. Other large third-party ad networks used similar tricks to set and reset cookies at will: Vibrant Media, WPP PLC's Media Innovation Group, and Gannett Co.'s PointRoll. According to the Journal, 29 of the most popular 100 websites contain ads served by at least one of these companies.

The secret Google code was uncovered by Stanford researcher Jonathan Mayer. People who follow the battle over Do Not Track will remember Mayer as the guy who reported last July that much of the "anonymous" data being collected by Web trackers wasn't all that anonymous. We in Cringeville are shocked -- shocked! -- at the spectre of yet another enormous company using subterfuge to have its way with our data.

1 2 Page
Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Join the discussion
Be the first to comment on this article. Our Commenting Policies