Google has allegedly violated users' privacy on Apple's Safari Web browser, adding to mounting criticism from consumer groups over how the internet search giant tracks people online.
Using its DoubleClick ad network, Google has been dodging a privacy setting in Safari, the primary Web browser on the iPhone and iPad, a report by Stanford University's Security Lab and the Centre for Internet and Society claimed.
The study named three other companies — Vibrant Media, Media Innovation Group and PointRoll — that also allegedly evaded privacy settings.
"Apple's Safari Web browser is configured to block third-party cookies by default," Stanford graduate student Jonathan Mayer said in the report. "Google and Vibrant Media intentionally circumvent Safari's privacy feature."
Google, the world's biggest internet search company, has drawn regulatory scrutiny and pressure from consumer advocates for the way it handles personal information.
Last year it agreed to settle claims with the Federal Trade Commission (FTC) that Google used deceptive tactics and violated its own privacy policies when it introduced its Buzz social-networking service in 2010.
In the Stanford study, Mayer said Google's software employed cookies, or small pieces of code, that can be used to follow users' activities on the Web.
Blocking them is supposed to prevent the cookies from tracking behavior.
The actions potentially affected millions of users, Mayer said.
Safari is the top browser for mobile devices, with 55 per cent of the market, according to January data from Net Applications.
The findings of the Stanford study were reported by the Wall Street Journal.
Reacting to the report, three lawmakers asked the FTC whether Google has violated its settlement with the agency.
"Google's practices could have a wide sweeping impact because Safari is a major web browser used by millions of Americans," said the letter by Edward Markey, Joe Barton and Cliff Stearns.
"As members of the Congressional Bi-Partisan Privacy Caucus, we are interested in any actions the FTC has taken or plans to take to investigate whether Google has violated the terms of its consent agreement."
Google's actions also prompted Consumer Watchdog to send a letter to the FTC and demand action against Google.
"Safari users with the browser set to block third-party cookies thought they were not being tracked," John Simpson, privacy project director of Consumer Watchdog, said in the letter.
"Nonetheless, because of an element invisible to the user, but designed to mimic a form, DoubleClick was able to set tracking cookies in an obvious violation of the set preference."
Google has started removing the cookies from Safari browsers, Rachel Whetstone, senior vice president of communications and public policy at the California-based company, said in an e-mailed statement.
"It's important to stress that, just as on other browsers, these advertising cookies do not collect personal information," she said.
Google said it began to use the functions in the Safari browser last year to enable its "+1" feature, which lets surfers easily identify content that interests them.
Google created a temporary communication link between its servers and Safari's, so the company could know whether a user had signed up for +1, Whetstone said.
"But we designed this so that the information passing between the user's Safari browser and Google's servers was anonymous — effectively creating a barrier between their personal information and the Web content they browse," she said.
"However, the Safari browser contained functionality that then enabled other Google advertising cookies to be set on the browser. We didn't anticipate that this would happen."
Meanwhile, Bloomberg reported that a Safari user in Illinois has filed the first class-action lawsuit against Google for its role in the Safari mix-up, alleging that Google's "willful and knowing actions" violated federal wiretapping laws, among other statutes.