Google is in a lot of hot water over recent revelations about how it tracks user activity on Apple devices — particularly iPhones and iPads.

As reported by The Wall Street Journal, an independent researcher has discovered that Google embeds hidden software on many websites — software designed to circumvent the default settings on a web browser to record a user's behavior.

The issue involves how Safari, the default web browser on Apple devices, deals with cookies. Cookies, of course, are the little pieces of information (such as a user ID) that a website can leave on your phone, tablet or computer and later retrieve. Cookies allow you to log in to a website such as Flickr, and return without needing to log in again.

Cookies also enable advertisers to track your behavior. By keeping track of what you're looking at on one website, an ad network can serve you ads, based on those clicks, on another. Users can prevent that from happening via certain settings, but not all web browsers approach the issue in the same way.

So how is Safari different? What's at stake? And what can a concerned user do about it? Read on:

What exactly was Google caught doing? Google was using a software trick to get around a Safari setting that only allow certain types of cookies. That way the company could put cookies on a user's device, letting it track sites visited, which in turn let Google tailor advertising to the user.

Why would it need to "trick" Safari into doing that? By default, Safari blocks cookies from third parties. Most browsers allow users to block cookies, but don't set it as a default. Google happens to operate many of its advertising services, including DoubleClick, from a domain outside Google.com — a domain which Safari treats as a third party. So even if a user was logged into Google, DoubleClick was blocked from serving ads to the user — unless that user approved the cookie by, say, filling out a form.

How did Google get around that? The company put a hidden field in some of its sites that essentially acted as a form, even though the user never filled out anything. That told Safari it was OK for DoubleClick to serve ads to the unknowing, unwitting user.

Why would Google do that? Google says it's all an accident. Even though Google's primary business is advertising and the Safari browser on iPhones and iPads is said to account for more than 50% of mobile browsing, Google says it was merely taking advantage of a known workaround in Safari that lets do things like use Google's "+1" buttons on sites outside the Google.com domain.

Come again? Modules like the "+1" button and the Facebook Like button appear on many different sites, and users generally expect them to work without changing their browser settings. Facebook even encourages developers to exploit the same Safari quirk Google targeted here. Google says it was only trying to enable such functionality with those hidden fields, and it "didn't anticipate" advertising cookies to be set on Safari.

Is Google doing anything about it? Yes, it says it's started removing these cookies from Safari browsers.

What does Google do with the information it collected? Until it started removing the cookies, the company used the information mainly to tailor ads based on the websites you visited. The cookie doesn't track personal information, such as your address or phone number.

Will Google face any penalties for this? It's unclear. Google is under close watch by the FTC for privacy violations, and this might qualify. For its part, the FTC acknowledged to Mashable that it was aware of the issue, but didn't say if it would do anything about it.

Is Google the only one doing this? No. The original testing by Stanford grad student Jonathan Mayer pointed the finger at three other companies — Vibrant Media, Media Innovation Group and PointRoll — all of which exploit Safari's quirks to serve ads to unsuspecting users.

Can Apple do anything about this "quirk?" Apple says it's working on a way to "put a stop" to third parties circumventing Safari's privacy settings.

What can I do if I'm concerned about this? To ensure that no one puts unwanted cookies on your device, simply go into your browser settings and choose the option to never accept cookies. However, that will also mean you'll have a hard time logging into many sites. Another option is to simply clear your browser of cookies regularly. You can do that in you settings as well.

Image courtesy of iStockphoto, Alija