According to Moscow-based forensics company Elcomsoft, Apple’s iCloud has been keeping users’ deleted internet browsing histories, records older than a year included. The company came to this conclusion after it deleted Safari browser histories from iCloud accounts and was able to pull them back.
The retrieved information included the date and time the site was visited and when the particular record was removed.
This is what the researchers said in a blog post:
Safari history is synced across devices. Once you delete a record on one device, it will disappear on all other devices in a matter of seconds (or minutes), provided that those devices are connected to the Internet. While those records can be retained in SQLite database for technical reasons, a flush or cleanup will purge them sooner or later (on an actively used device, this can happen in a few days or up to 2-3 weeks).
However, those same records will be kept in Apple iCloud for much longer. In fact, we were able to access records dated more than one year back. The user does not see those records and does not know they still exist on Apple servers.
Elcomsoft discovered the issue using its Phone Breaker product which is a forensic tool made to streamline extracting files from an iCloud account. Even though the kept browser history is definitely “invaluable for surveillance and investigations”, it’s still not known whether Apple knew about the issue of deleted records being stored.
Once the blog post went live, however, Apple started purging older browser history records from iCloud, the forensics experts say.
This is not the first discovery Elcomsoft has made about Apple, as previously it found that Applewas saving users’ call history to iCloud without offering a way to turn the synching on or off. Back then, Apple said that the call synching function only served for convenience as it allowed their users to return phone calls from any device.
Is there a solution? Privacy-savvy users can still opt-out of syncing Safari browsing history from iCloud.