Though the recent iPhone 3.1 update added support for protecting against phishing sites, there were concerns that it didn’t catch any. But, as it turns out, that’s mainly because activating the feature requires a few more steps that most users didn’t know about.
The Loop’s Jim Dalrymple clarified matters with Apple spokesman Bill Evans:
“Safari’s anti-phishing database is downloaded while the user charges their phone in order to protect battery life and ensure there aren’t any additional data fees,” Apple spokesman, Bill Evans, told The Loop.
This would suggest, among other things, that the anti-phishing database is stored locally on the iPhone. Presumably, it can be updated over the network after that initial download—otherwise it would be fairly useless against phishing sites, which sprout up with tremendous frequency. Apple's employed a similar technique in the Mac version of Safari, which works with Google's Safe Browsing system.
In order to take full advantage of the anti-phishing software, Apple recomends launching Safari on iPhone 3.1 on a Wi-Fi network, and then charging the phone with the screen off. The need for this extra step to download the database would probably explain why we noted such irregular results when investigating this feature. However, Apple doesn’t clarify this procedure on its support Web site or in the iPhone’s manual, which could lead to user confusion.