🍪 Web & Cookie Tools

3.1 Safari Tracker Blocker

Services: ContentBlockerService + Safari Extension

What it does: Blocks trackers and ads in Safari with two components: Content Blocker and Safari Web Extension.

Components

1. PrivacyInsightsContentBlocker (Content Blocker):

• Declarative JSON-based blocking list
• Runs in Safari without app access
• Blocks at network level (before request is sent)

2. PrivacyInsightsSafariExtension (Web Extension):

• Dynamic rule management
• Popup with statistics (BLOCKED, CUSTOM, TOTAL)
• Syncs custom rules from main app
• Persistent storage of custom rules in browser.storage.local

Technical Implementation

• App Group: group.com.privacyinsights.shared for sharing between app and extension
• Native Messaging: SafariWebExtensionHandler for communication
• Cached Rules: Extension stores custom rules locally for persistence between sessions
• Automatic sync: Extension fetches updates from app on startup

Synchronisation Flow

1. User blocks domain in Cookie Inspector
2. App writes to customBlockerRules.json in App Group
3. Extension reads via native messaging OR from cached storage
4. Rules persist in browser.storage.local.cachedDynamicRules
5. On next Safari start: Extension loads from cache if app isn't running

What is Blocked

• Known tracker domains (Google Analytics, Facebook Pixel, etc.)
• Ad networks
• Fingerprinting scripts
• Custom domains (from Cookie Inspector)
• Cross-site tracking cookies

Extension Popup Shows

• BLOCKED: Number of blocked requests this session
• CUSTOM: Number of custom blocking rules
• TOTAL: Total number of rules (standard + custom)

3.2 Cookie Inspector

Service: CookieInspectorService

What it does: Analyses cookies on websites.

Technical Implementation

• Loads webpage in WKWebView
• Retrieves cookies via WKHTTPCookieStore
• Analyses tracker scripts in HTML

What is Checked

• All cookies (name, value, domain, expiry)
• First-party vs third-party cookies
• Session vs persistent cookies
• Secure and HttpOnly flags
• Tracker scripts in HTML

3.3 QR Code Scanner

Service: QRCodeScannerService

What it does: Scans QR codes, identifies content type, and performs security analysis for URLs only.

Technical Implementation

• AVCaptureSession for camera scanning
• CIDetector for QR code detection
• Multiple image processing filters for QR codes with logos
• QRContentType enum for content type detection
• Integrated with URLScannerService for URL security analysis
• Automatic cookie inspection via WKWebView after URL analysis

Supported QR Content Types

• URL - Full security analysis
• Deep Link - App-specific links
• Email (mailto:) - Shows recipient, subject, content
• Phone/SMS (tel:, sms:) - Shows number
• WiFi (WIFI:) - Shows network, security
• Contact (vCard/MECARD) - Shows contact info
• Calendar (iCal/vEvent) - Shows event
• Location (geo:) - Shows coordinates
• Crypto (bitcoin:, ethereum:) - Shows address
• Plain text - Shows content

Context-Specific Actions

• URL: Open in Safari, copy
• Email: Open in Mail, copy
• Phone: Call, copy
• SMS: Send message, copy
• WiFi: Copy password
• Location: Open in Maps
• Contact: Add to Contacts

Image Processing for Difficult QR Codes

• Contrast adjustment (2.0x, 3.0x)
• Greyscale conversion
• High contrast black/white
• Threshold filter
• Sharpness enhancement

URL Security Analysis (URLs Only)

• Phishing detection
• Tracker parameters
• Cookies on destination site
• Tracker scripts
• Privacy Score (A-F)

Privacy Score Calculation

• 100 points = no trackers
• -15 per tracking cookie (max -40)
• -10 per advertising cookie (max -30)
• -5 per analytics cookie (max -15)
• -5 per tracker script (max -25)