Apple has reportedly stored Safari histories in the iCloud going back more than a year. Forbes quoted CEO of Russian hacking tool creator Elcomsoft, Vladimir Katalov, who said that Apple stored Safari deleted browser history for at least a year.
Apparently, Apple stored the data even after users confirmed that the browser history should be wiped from devices and servers. It seems that Apple kept a separate iCloud record titled “tombstone,” which contained deleted web visits for synching across devices.
Katalov came across the issue while looking through the Safari history on his own iPhone. He then used his company’s Phone Breaker software program to extract data from his iCloud account and found that deleted records from over a year ago were still kept. Apple calls the records “cleared.” not “deleted.”
“We have found that they stay in the cloud, probably forever,” Katalov claimed. It seems that Apple stored even Google searches with the full terms of search content. Mobile browsing records were also visible, although the whole issue appears to be rather a design problem connected to the syncing technology between iOS, Mac OS x and Apple’s servers.
Clearing the browsing history on an iPhone would also delete the records on a Mac or iPad linked to the same iCloud account, even if the devices were turned off when the request was made. Still, Elcomsoft found that some records were stored in unhashed form and dated back until November 2015.
Apple responded to the Forbes report and rolled out a server-side fix to stop the retrievals, deleting all records older than two weeks. An explanation has yet to be provided, but it appears that third-party users didn’t get access to records. In order to access a person’s iCloud account and browsing history, they would need login credentials or an authentication token on the user’s device.