Potential security risk with URL preview on iOS/iPadOS

Question

Level 1

15 points

Potential security risk with URL preview on iOS/iPadOS

URL Preview that is shown upon a long-press on a URL can be a potential security risk in particular when it comes to copying phishing/malicious/tracking URLs when reporting them. Long-pressing on a URL/CTA button to copy its URL can unnecessarily trigger the Preview of the URL to open up. Which causes unwanted data exchange through the URL.

Solution: URL previews should be disabled by default. Optionally, it should make users aware in the settings that enabling URL Preview can impose a security risk to them.

iPhone 11 Pro Max

Posted on May 17, 2020 4:06 PM

Reply

Answer 1

HAL9000XL Author

Level 1

15 points

May 18, 2020 6:45 AM in response to SravanKrA

You’re missing the point. It’s exchanging unwanted data when the URL Preview pops up without prior knowledge of such feature being there when trying to copy a URL. For example, if I were to give you a short URL and you’d want to see what the redirect path is without opening the URL, you’d long-press on the URL, only to find out the URL is actually being opened together with the option for you to copy. At this point, the URL Preview could’ve already redirected you to a page where data from your machine is being collected (Device, IP and such) and you’d only find out about that later on after diving into the redirect path. Hence, URL Preview should not be a feature that’s enabled by default.

Reply

Answer 2

May 17, 2020 8:46 PM in response to HAL9000XL

iOS / iPadOS devices cannot be hacked or infected with Virus / Malware / Spyware by merely clicking on a link in Safari, unless you have intentionally downloaded spurious softwares or unauthorised apps directly from internet and installed on your device or/and have Jail Broken.

However if you feel otherwise you may please provide --> Product Feedback - Apple <-- here

Reply

Potential security risk with URL preview on iOS/iPadOS

Similar questions