iCloud secretly stores your deleted Safari history for years

iCloud secretly stores your deleted Safari history for years


Hacker who tried to extort Apple for $100k is spared prison
iCloud knows what you were looking at last summer.
Photo: Jim Merithew/Cult of Mac

iCloud has been caught storing “deleted” browser history from Safari for well over a year.

Even after users clear their data, it can be found in iCloud using software that’s readily available to anyone. But has Apple been quickly trying to clear its tracks?

Vladimir Katalov, CEO of Russian software company ElcomSoft, stumbled across his own iCloud history by accident. He then used a tool developed by his own company called Phone Breaker to extract the data Apple had been keeping in his iCloud account.

Katalov found “deleted” Safari records going back a year that had previously been cleared in his browser. Thomas Fox-Brewster of Forbes used the same tool to find a whopping 7,000 deleted entries, accompanied by a visit count and dates and times, going back to November 2015.

The entries included Google searches, the full terms of which were visible in the Phone Breaker software. Cleared entries were given “deleted” status, while Safari activity that hadn’t been cleared was labeled “actual.”

To ensure this wasn’t a coincidence, Forbes asked a forensics expert to confirm the findings. They used the tool to recover 125,203 records from their own iCloud account going back to the same date in 2015. They also found deleted Notes, but they were only kept for 30 days.

It’s not clear why Apple is storing Safari data for so long, but it seems more of an oversight than anything else. What’s most concerning isn’t that Apple’s keeping it, however, but that it isn’t encrypting it, which means it’s easily available with tools like Phone Breaker.

“Overall, assuming this was a mistake, it’s a reminder that storing and retention of data is the default as a technical matter,” said Jay Stanley, senior policy analyst at the American Civil Liberties Union.

“Browsing history is a very sensitive set of data… It’s vital that people are able to trust that they can be in control of that kind of information. It’s one reason we advise using search tools that don’t store your history.”

The good news is, Phone Breaker requires your iCloud account information to retrieve this information, so nobody can gain access to it without your password. What’s more, it looks like Apple is already taking steps to rectify the issue.

Since it was brought to the company’s attention, Katalov and another source told Forbes that their Safari records had suddenly started disappearing, which suggests Apple has no begun purging them already. The company hasn’t made an official comment.


Daily round-ups or a weekly refresher, straight from Cult of Mac to your inbox.

  • The Weekender

    The week's best Apple news, reviews and how-tos from Cult of Mac, every Saturday morning. Our readers say: "Thank you guys for always posting cool stuff" -- Vaughn Nevins. "Very informative" -- Kenly Xavier.