According to Vladimir Katalov, the CEO of Russian hacking tool creator Elcomsoft, Apple is storing Safari histories in iCloud going back more than a year, even where the user has asked for them to be deleted, Forbes is reporting. Katalov has revealed that Apple keeps a separate iCloud record titled “tombstone”, in which deleted web visits are stored for syncing across devices.
Katalov told me he came across the issue “by accident” when he was looking through the Safari history on his own iPhone. When he took Elcomsoft’s Phone Breaker software to extract data from the linked iCloud account, he found “deleted” records going back a year. (Apple calls them “cleared” in Safari, not “deleted”). “We have found that they stay in the cloud probably forever,” Katalov claimed.
Forbes reporter notes that when he tried clearing his Safari history and then ran the Phone Breaker tool on his iCloud account, it returned nearly 7,000 deleted records going back to November 2015. “There were also Google searches, the full terms of which were visible in the Elcomsoft control panel. Fresh Safari activity that I hadn’t cleared was given the status ‘actual’,” he writes.
An anonymous iOS forensics expert hired by the publication to validate Katalov’s claims found that the Elcomsoft Phone Breaker tool recovered 125,203 records from his browsing history going back to the same 2015 date, even though the Safari cache had been cleared.
While it remains unclear why Apple has been storing cleared browsing history for such a long period, Forbes was contacted shortly after publication by Katalov that his old records were disappearing, suggesting Apple may have started purging the data.