Google Flouted iPhone Privacy Controls, Report SaysGoogle Flouted iPhone Privacy Controls, Report Says

12 Epic Tech Fails of 2011

Google has conceded that it used secret programming code to circumvent the privacy settings of iPhone users who surfed onto its websites, but denied there was anything malicious about the practice.

The company reportedly deployed the code so that it could defeat iPhone technology that's designed to prevent websites from tracking the Web surfing activities of Internet users in order to serve up so-called contextual ads. News about Google's practice was first reported by The Wall Street Journal.

The newspaper said that Google essentially developed a workaround that flouted privacy controls built into Apple's Safari browser, which comes preinstalled on its iPhone, iPad, and iPod Touch mobile devices. Apple said it was "working to put a stop" to Google's circumvention efforts.

[ Google defends its recent privacy policy changes, but not everyone is convinced. Read more at Google Defends Privacy Policy Consolidation. ]

Google conceded that it was using special techniques to track Apple users' Web surfing habits, but insisted there was nothing nefarious about its methods.

"The Journal mischaracterizes what happened and why," a spokesperson said in a statement. "We used known Safari functionality to provide features that signed-in Google users had enabled. It's important to stress that these advertising cookies do not collect personal information."

Google's spokesperson said the practice has been in effect since last year and that it tracked only users who voluntarily opted in to see ads that reflected their personal interests.

"Unlike other major browsers, Apple's Safari browser blocks third-party cookies by default. However, Safari enables many Web features for its users that rely on third parties and third-party cookies, such as ‘Like' buttons. Last year, we began using this functionality to enable features for signed-in Google users on Safari who had opted to see personalized ads and other content—such as the ability to ‘+1' things that interest them," the spokesperson said.

Google's anti-privacy methods were first uncovered by Stanford University security researcher Jonathan Mayer. The academic found that 23 of 100 Web sites he tested tracked users' activities when those sites were accessed through Google.

Google's own Chrome browser, as well as Microsoft's Internet Explorer 9, did not appear to be vulnerable to the tracking code due to difference in their default privacy settings, the researcher said.

Word of the controversy could put Google's privacy practices under heightened scrutiny. The company was already drawing heat for privacy changes announced earlier this month. Google said it was implementing technology changes that would allow it to view user activity across all of its major product brands, including Gmail, Google Apps, and Google search.

The EU has asked Google to hold off on implementing the changes until it can further study their impact on consumer privacy. Nominate your company for the 2012 information 500--our 24rd annual ranking of the nation's very best business technology innovators. Deadline is April 27. Organizations with $250 million or more in revenue may apply for the 2012 information 500 now.