Safari Contacts Access / App Privacy Report

Since the publication of the App Privacy Report, several forum users have noted that Safari is trying to access contacts. There is no explanation of why Safari would need this information, or what it does with the accessed information…..

Created a separate thread to focus on this issue.

Comments:

Safari attempts to access Contacts when:

– Navigate to canard canard go, google, bing or a third-party site that offers a “connection with” these services. Using the search bar in Safari doesn’t reliably trigger it…but browsing directly to the search site and typing in a search does.

Once the page has written a cookie to the device (the user does not have to log in…. Access www.google.com enough….) subsequent visits do not generate further access to the contacts. I assume the cookie eventually expires and the hit reoccurs, but I haven’t tested that.

If the site cookie is deleted, the next visit will generate access to contacts. If all cookies are disabled in the settings, each visit to the site will result in access to contacts.

The following parameter changes do not affect the behavior:

Safari—>Autofill on/off

Siri—>Show when sharing on/off (controls which suggested contacts appear in the share sheet)

Password autofill on/off

The user having an account with the search engine (or not) has no effect. (Safari hits the contacts anyway)

Private browsing has no effect

Looking for suggestions on what information Safari needs from community contacts/observations of behavior. Essentially, is Safari providing information to search engines or other sites without the express permission of the user?

Jennifer C. Burleigh