Skip to Content

Google under fire for undermining Apple’s security (again)

Inside An Orange SA Mobile Phone StoreInside An Orange SA Mobile Phone Store

Google is all about advertising, and its choices to keep ads flowing sometimes land the company in hot water. The latest example is a set of instructions that Google provided to mobile ad developers who want to skirt Apple’s new security settings.

Those settings, which are slated to arrive when Apple launches its iOS 9 operating system in September, will require all content that arrives on an iPhone (via apps, ads or otherwise) to use an encryption setting known as “https.” The setting ensures that third parties can’t read or track what users are doing on their phones.

Google (GOOG) is actually a big proponent of the security advantages of “https,” and even gives websites that use it a boost in its search rankings. But in the case of developers that use its AdMob product, which is the most common tool in the world for putting ads on mobile devices, Google is willing to bend the rules a bit.

In a blog post this week, Google told AdMob users to get ready for the new Apple (AAPL) setting. But if they’re not prepared, Google said, they can use a few lines of code to override it. While this appears to be just a temporary suggestion for clumsy developers, it struck a raw nerve of the tech community:

Meanwhile commenters on the website Hacker News, which is widely read by developers, took Google to task for its apparent hypocrisy:

“Intentionally disabling security settings for your entire application just to allow advertising from companies who haven’t upgraded their infrastructure seems quite user-hostile. Google is a big supporter for HTTPS, strong certificates, etc., but apparently only when it doesn’t affect their bottom line,” wrote one commenter.

Others, however, defended Google and suggested the company is simply trying to help app builders navigate an impending technical challenge; the only other option might be for Google to stand by and watch as certain ads and apps stop working when they bump into Apple’s new technical standard.

The debate is more complicated still, though, given Google’s past history of fiddling with Apple settings. In 2012, for instance, the FTC slapped a $22.5 million fine on Google for effectively hacking Apple’s Safari browser in order to disable a setting that blocked an ad tool.

In the current controversy, Google is certainly not doing anything unlawful. The company is simply sharing a workaround that Apple appears prepared to tolerate for now. (Apple has a technical post of its own on the issue.) And Google updated its blog post, in response to the outcry, to say it remains committed to https.

But the fuss is a useful reminder of advertising’s importance to Google, as well as the growing consensus in the tech community that online security should be a paramount value.

Update: As Re/Code notes, an Apple manual also includes includes instructions for how to get around the encryption.