According to Mayer, four advertising companies — Google, Vibrant Media, WPP PLC’s Media Innovation Group and Gannett’s PointRoll — have all been using code to work around privacy features in Safari’s iPhone browser. The search engine giant intended to place a temporary cookie on users’ devices to see if they were logged-in to Google services, but the research found that other cookies were also being placed on devices through the workaround.
Google has began removing the cookies, company spokeswoman Rachel Whetstone said in a statement, because the company never intended for additional cookies to be placed on users’ machines. She said that anyone who has opted out of Google’s Web-based advertising program was not affected.
By default, the Safari browser blocks third-party cookies, which companies use to track users habits across the Web. But it does allow for some tracking for some purposes, such as when a user submits a form on a Web site or wants to “Like” something on Facebook. By default, Safari accepts cookies only from sites that users visit directly.
The workaround, Google said, was to allow the company’s DoubleClick network to see if Safari users were signed in to Google’s services. If so, the cookie allowed Google to serve personalized ads or gain the ability to use its “+1” button.
Whetstone said: “The Journal mischaracterizes what happened and why. We used known Safari functionality to provide features that signed-in Google users had enabled. It’s important to stress that these advertising cookies do not collect personal information.”
In a statement, Apple spokesman Bill Evans said, “We are aware that some third parties are circumventing Safari’s privacy features, and we are working to put a stop to it.”
FTC: Apps for kids get poor grades for privacy
Google Wallet security bug fixed
Federal court expedites case on Google privacy policies