Google Inc. says it has disabled ad code and has begun removing tracking cookies it implanted on the computers and mobile devices of consumers using Apple Inc.’s Safari web browser. The moves come in response to a news report that says Google  has been exploiting a loophole in Safari that allowed Google to add code to ads that could track users’ online behavior.  The Wall Street Journal  tested how the code was downloaded to computer and mobile devices after being alerted of Google’s practice by a researcher at Stanford University.

The Safari web browser, by default, blocks the installation of cookies from ad networks unless the user interacts with the ad. In this case, the Journal says, Google disseminated some ads that included code that tricked the Safari web browser into thinking users had interacted with the ads, thus installing a tracking cookie, when they had not. The cookie then allowed Google to track users’ behavior across the web. The code was embedded in some ads that included Google’s +1 button, a button that consumers click to express that they approve or like something on the web.

The cookies in question expired in 12 to 24 hours, but Safari lets companies easily add more cookies once they’ve been allowed to install one cookie, which meant Google could then add more cookies to Safari users’ computers and mobile devices that tracked their behavior.

A Google spokeswoman confirmed the report, but said in a statement sent to Internet Retailer that the Journal article “mischaracterizes what happened and why,” and stressed that the cookies do not collect personal information. She says Google began using the code last year so signed-in Google users on Safari who opted to see personalized ads could take certain actions—like clicking the +1 button. Because Safari, unlike other major web browsers, blocks cookies as its default setting, Google began using the code so it could identify users who were signed in to Google and wanted the personalization. She says Google didn’t anticipate that the use of the first cookie would allow for the installation of more.

Google last year agreed to change how it presented its privacy policies to consumers in an $80 million settlement with the Federal Trade Commission. Last month, Google announced it will roll out a single, simplified privacy policy March 1 that will apply to all its properties.

The Journal report also cited several ad networks for distributing ads that used techniques similar to Google’s. The companies are Vibrant Media, WPP’s Media Innovation Group and PointRoll. WPP declined to comment. PointRoll did not immediately respond to inquiries. Vibrant Media says it is immediately addressing the issue.