Home > Cyber News > How Private Is iOS 10 Safari’s Private Browsing? Not Enough!

How Private Is iOS 10 Safari’s Private Browsing? Not Enough!


Security researcher Stacey Jury at IntaForesincs has shared some concerns in terms of iOS 10’s privacy, in particular Apple Safari’s private browsing mode. Apparently, Apple has changed some things in the private mode in Safari and it is now less private compared to previous ones.

Related: Which Are the Most Secure Smartphones In 2016

The issue the researcher stumbled upon stems from the way Safari stores data about Private Browsing sessions, and more precisely it’s about “suspended state” URLs.

These are URLs for tabs that are already closed are still kept in the browser. This is done in case the user wants to navigate back and forth in either a public or a private browsing session.

What Exactly Is the Issue with iOS 10’s Private Browsing?

Up until now, forensics analysts have been able to recover ‘Suspend State’ from IOS devices within the private browser and normal browser. Suspend State is a ‘back-forward’ list within the handset web browser ‘Safari’. These are links to web pages recently visited within currently open tabs, allowing for the user to easily go backwards or forwards to a specific web page.

Suspend State

The researcher also explains that Suspend State has previously been stored in a PList which means that when the user closes a tab the web page entry would be removed from the PList. Storing the data in a PList means the user can’t recover deleted or closed tabs. This way the user can be certain that when he closes the web page, it won’t be retrieved.

In iOS 10, released last month, Safari started using a database to store data on the Private Browsing Suspend State URLs. Here we get to the heart of the issue.

Even though Apple removed the suspended state URLs from the databases, it doesn’t overwrite the database entries with random data. This should be done as a precautionary measure.

The researcher did an experiment which proved the nature of the issue:

I carried out an experiment with an iPhone 5S running IOS 10.0.1. I populated the iPhone by opening new tabs within the Safari browser in private mode. Extracting the iPhone using XRY version 7.1, the web pages were present within the extraction. XRY also extracted the entries as ‘hidden’. Opening the new database ‘BrowserState.db’, it shows a column within the database which tracks if the web pages were opened in private mode.

Related: Security Concerns Emerge Over Apple’s Latest iOS 10

Of course, the experiment didn’t stop there, as the web pages within private mode were closed and the phone was extracted again. At this point, the entries were gone within the database. Unfortunately, XRY, an example of data recovery software, recovered those closed web pages, the researcher says. It won’t matter whether the user is browsing the web in private mode or not, Safari web history can be easily recovered with the help of the latest forensics tools.

This discovery just adds up to other complaints in regards of iOS 10.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree