In a report from professor and cryptographer, Matthew Green today, concerns were raised about Apple sharing users’ browsing data to the Chinese company, Tencent. Now Apple has offered an official response, reassuring users that actual URLs aren’t shared with third-parties.

Apple has used Google to provide Safe Browsing services but with iOS 13 and macOS Catalina, it started using Tencent to comply with Chinese regulations.

As we reported this morning, professor and cryptographer Matthew Green raised some concerns about third-parties seeing users’ IP addresses as well as what webpages they are viewing.

Bloomberg has now gotten an official response from Apple on the matter and the company says actual website URLs aren’t shared with Tencent or Google and explains more about fraudulent website warnings including that users can turn the feature off.

The statement also clears up concerns that US users could have data mixed up with China-owned Tencent. Apple clarifies that it is only using Tencent as a safe browsing provider for users with their devices set with a mainland China region code. Apple’s statement to Bloomberg:

Update: We’ve learned more specifics about how Safari’s fraudulent website warnings work and why actual URLs aren’t shared with third-parties.

The process to check whether a website matches a list of known malicious sites happens before Safari loads a URL and the matching process starts by checking just hashed prefixes.

If Safari does see a match of the hashed prefix, it will send the hash to the safe browsing provider, Google or Tencent, to request the full list of URLs that have matched the prefix.

Since Safari talks directly with Google or Tencent for the request, they do receive the device’s IP address. After Safari gets the full list of malicious URLs matching the prefix, it checks if there is a full match on-device so the actual URL is never shared with the safe browsing provider.

If you still want to turn off these warnings, head to Settings → Safari → Fraudulent Website Warning.

On Mac you can find the option in Safari → Preferences → Security → Warn when visiting a fraudulent website.