A new report by the Wall Street Journal has leveled a pretty heavy accusation at Google, that they’ve been intentionally sidestepping Apple’s privacy measure in Safari to install cookies without user permission. Both on the desktop and iOS versions of the application, Safari requires permissions to run cookies, unlike most other browsers. The workaround used by Google (and a number of other companies) gets around this by using a quirk in Safari.
Safari doesn’t require approval for a cookie if the user is interacting with a website, say submitting a form. So in order for Google to get around the cookie block, they hid an “invisible form” in the Google+ +1 button that you see on some ads. When you hit the +1 button, the form is submitted, and Google gets their cookie to track you for 12-24 hours.
At this point, Google has denied any wrongdoing, but nonetheless has suspended the program, saying:
“The Journal mischaracterizes what happened and why. We used known Safari functionality to provide features that signed-in Google users had enabled. It’s important to stress that these advertising cookies do not collect personal information.”