🍪 Web & Cookie Tools

3.1 Safari Tracker Blocker

Services: ContentBlockerService + Safari Extension

What it does: Blocks trackers and ads in Safari with two components: Content Blocker and Safari Web Extension.

Components

1. PrivacyInsightsContentBlocker (Content Blocker):

• Declarative JSON-based blocking list
• Runs in Safari without app access
• Blocks at network level (before request is sent)

2. PrivacyInsightsSafariExtension (Web Extension):

• Dynamic rule management
• Popup with statistics (BLOCKED, CUSTOM, TOTAL)
• Syncs custom rules from main app
• Persistent storage of custom rules in browser.storage.local

Technical Implementation

• App Group Sharing: iOS App Group for data sharing between main app and Safari extension
• Native Messaging: Communication bridge between app and extension
• Cached Rules: Extension stores custom rules locally for persistence between sessions
• Automatic sync: Extension fetches updates from app on startup

Synchronisation Flow

1. User blocks domain in Cookie Inspector
2. App writes custom rules to shared App Group storage
3. Extension reads via native messaging OR from cached storage
4. Rules persist in extension's local storage
5. On next Safari start: Extension loads from cache if app isn't running

What is Blocked

• Known tracker domains (Google Analytics, Facebook Pixel, etc.)
• Ad networks
• Fingerprinting scripts
• Custom domains (from Cookie Inspector)
• Cross-site tracking cookies

Extension Popup Shows

• BLOCKED: Number of blocked requests this session
• CUSTOM: Number of custom blocking rules
• TOTAL: Total number of rules (standard + custom)

↑ Back to top

3.2 Cookie Inspector

Service: CookieInspectorService

What it does: Analyses cookies on websites.

Technical Implementation

• Loads webpage in WKWebView
• Retrieves cookies via WKHTTPCookieStore
• Analyses tracker scripts in HTML

What is Checked

• All cookies (name, value, domain, expiry)
• First-party vs third-party cookies
• Session vs persistent cookies
• Secure and HttpOnly flags
• Tracker scripts in HTML

↑ Back to top

3.3 QR Code Scanner

Service: QRCodeScannerService

What it does: Scans QR codes, identifies content type, and performs security analysis for URLs only.

Technical Implementation

• AVCaptureSession for camera scanning
• CIDetector for QR code detection
• Multiple image processing filters for QR codes with logos
• Content type detection for 10+ QR code types
• Integrated with URLScannerService for URL security analysis
• Automatic cookie inspection via WKWebView after URL analysis

Supported QR Content Types

• URL - Full security analysis
• Deep Link - App-specific links
• Email (mailto:) - Shows recipient, subject, content
• Phone/SMS (tel:, sms:) - Shows number
• WiFi (WIFI:) - Shows network, security
• Contact (vCard/MECARD) - Shows contact info
• Calendar (iCal/vEvent) - Shows event
• Location (geo:) - Shows coordinates
• Crypto (bitcoin:, ethereum:) - Shows address
• Plain text - Shows content

Context-Specific Actions

• URL: Open in Safari, copy
• Email: Open in Mail, copy
• Phone: Call, copy
• SMS: Send message, copy
• WiFi: Copy password
• Location: Open in Maps
• Contact: Add to Contacts

Image Processing for Difficult QR Codes

• Contrast adjustment (2.0x, 3.0x)
• Greyscale conversion
• High contrast black/white
• Threshold filter
• Sharpness enhancement

URL Security Analysis (URLs Only)

When a QR code contains a URL, the scanner runs the same 15 comprehensive security checks as the standalone URL Scanner:

• Phishing detection
• Tracker parameters
• Homoglyph and Punycode/IDN attacks
• Subdomain spoofing and typosquatting
• Open redirect exploitation
• Suspicious TLD and excessive subdomain checks
• Mixed content detection
• Cookies on destination site
• Tracker scripts
• Privacy Score (A-F)

Privacy Score Calculation

• 100 points = no trackers
• -15 per tracking cookie (max -40)
• -10 per advertising cookie (max -30)
• -5 per analytics cookie (max -15)
• -5 per tracker script (max -25)

↑ Back to top