Flaw in Chrome for iOS 7 Reveals Incognito Searches

by

Chrome's latest update, which added support for iOS 7, also included a significant flaw that was discovered by design firm Parallax (via TechCrunch). When using the search or address bar in an Incognito window within the app, browsing history will be saved and shared with the standard Google.com browser.


Google’s Incognito mode is designed to keep searches for sensitive information private, but as detailed in the video, searches will be displayed when the standard Google.com browser is accessed. The flaw can be replicated with the following steps:

- Open an Incognito window
- Enter a search term in the address bar and hit enter
- Open a non-Incognito window
- Navigate to Google.com
- Tap the search box on the page to see Incognito searches

TechCrunch contacted Google and learned that there is no fix for the issue, as it is an "unfortunate but unavoidable loophole that comes with building a browser for iOS. The company cites its Incognito support note, which does address the issue.

On Chrome for iOS, due to platform limitation regular and incognito* tabs share HTML5 local storage, which is typically used by sites to store files on your device (client-side caching) or to provide offline functionality. This means the same sites can always access their data in this storage in both regular and incognito* tabs. Incognito* tabs will still keep browsing history and cookies separate from regular tabs, which are cleared once those tabs are closed.

Apple’s default Safari browser does not appear to have the same issue, accurately hiding searches made in Private mode.

Top Rated Comments

(View all)
Avatar
90 months ago
Hey everyone, Google here. We screwed something up in our browser. Apple's fault, not it!
Score: 8 Votes (Like | Disagree)
Avatar
90 months ago
I wouldn't be so quick to say "Safari is able to do it." Simply due to the fact Apple doesn't have to follow its own submission process, and their apps can have certain privileges that third-parties cannot.
Score: 6 Votes (Like | Disagree)
Avatar
90 months ago

I wouldn't be so quick to say "Safari is able to do it." Simply due to the fact Apple doesn't have to follow its own submission process, and their apps can have certain privileges that third-parties cannot.


Indeed, this would seem to be exactly the case, since Apple doesn't let third-party apps restrict HTML5 local storage, which is what Google and other sites use for this search history.

It's also been like this since at least iOS 6, so it's weird that it's suddenly getting all this coverage.
Score: 3 Votes (Like | Disagree)
Avatar
90 months ago



TechCrunch contacted Google and learned that there is no fix for the issue, as it is an "unfortunate but unavoidable loophole that comes with building a browser for iOS. The company cites its Incognito support note (https://support.google.com/chrome/answer/95464?hl=en), which does address the issue. Apple's default Safari browser does not appear to have the same issue, accurately hiding searches made in Private mode.

Someone is dropping the ball.
Score: 3 Votes (Like | Disagree)
Avatar
90 months ago
Guess I don't see the big draw to not use iOS Safari. I think it works rather well . Guess it provides benefits to some, but I see no reason to stray from built in apps if you don't have to.
Score: 2 Votes (Like | Disagree)
Avatar
90 months ago
Google is flat out full of bologna. This is their bug, irrefutably.

Sure, it's true that local storage is shared between incognito and normal modes, but it's also trivial to prefix all your storage keys with "incognito-" while reading/writing in incognito mode, and ensuring that normal mode never reads/writes storage keys prefixed with "incognito-".

Would your sensitive data still be on your system? Yeah, chrome would have to periodically clear all "incognito-" prefixed keys' values to resolve that. But at least these sensitive values would never be displayed via the browser. Only a data miner with access to your file system could get at them.

This kind of fix could be performed by a novice engineer. It is an embarrassing bug, not Apple's fault. Not unavoidable.
Score: 2 Votes (Like | Disagree)

Top Stories

Apple Takes Legal Action Against Small Company With Pear Logo

Saturday August 8, 2020 11:09 am PDT by
Apple is taking legal action against the developers of the app "Prepear" due to its logo, according to iPhone in Canada. Prepear is an app that helps users discover recipes, plan meals, make lists, and arrange grocery deliveries. The app is a spinoff of "Super Healthy Kids," and the founders claim that they are facing litigation from Apple. Apple reportedly takes issue with Prepear's logo, ...

Kuo: Global iPhone Shipments Could Decline Up to 30% If Apple Forced to Remove WeChat From App Store [Updated x2]

Sunday August 9, 2020 10:17 pm PDT by
In a worst-case scenario, Apple's annual global iPhone shipments could decline by 25–30% if it is forced to remove WeChat from its App Stores around the world, according to a new research note from analyst Ming-Chi Kuo viewed by MacRumors. The removal could occur due to a recent executive order aiming to ban U.S. transactions with WeChat and its parent company Tencent. Kuo lays out...

Google Maps Debuts New Apple Watch App and CarPlay Features

Monday August 10, 2020 9:16 am PDT by
Google today announced the launch of several features for Google Maps on Apple products, including new CarPlay functionality and a new Google Maps app that works on Apple Watch. The new Google Maps app for Apple Watch works similarly to the iOS app, allowing Apple Watch owners to get directions for a car, bike, public transit, or on foot. The app supports estimated arrival times and...

2020 iMac Teardown Reveals Internal Changes and Similarities

Saturday August 8, 2020 12:44 pm PDT by
A teardown video, shared by OWC, reveals the internal changes in the new 2020 27-inch iMac. The 2020 27-inch iMac was announced earlier this week with 10th-generation Intel Core processors, AMD Radeon Pro 5000 series graphics, up to 128GB of RAM, up to 8TB of storage, a 1080p front-facing FaceTime camera, a True Tone display with a nano-texture glass option, higher fidelity speakers, and...

Apple Seeds iOS 14 and iPadOS 14 Public Beta 4 to Testers

Thursday August 6, 2020 10:05 am PDT by
Apple today seeded new public betas of upcoming iOS 14 and iPadOS 14 updates to its public beta testing group. Today's software releases, which Apple labels as fourth betas to keep them in line with developer betas, are actually the third betas that Apple has provided and they come two weeks after the prior beta releases. Public beta testers who have signed up for Apple's beta testing...

Apple Believes This German Cycling Path Logo Infringes on Its Own Logo

Wednesday May 1, 2019 9:51 am PDT by
Apple recently objected to the logo of a new German cycling path in an appeal filed with the German Patent and Trademark Office, according to German outlets General-Anzeiger Bonn and Westdeutscher Rundfunk. Apple reportedly takes issue with the logo's green leaf and supposed "bitten" right side, attributes the company believes are too similar to its own logo. The logo, registered with the ...

Supposed iPhone 12 Display Unit Leaks

Thursday August 6, 2020 8:13 am PDT by
An image supposedly of an iPhone 12 display unit has been shared online by leaker "Twitter user Mr. White". Compared to images of an iPhone 11 Pro display piece, this new unit has a reoriented display connector, reaching up from the bottom of the display, rather than from the left-hand side on iPhone 11 Pro. This may be due to the logic board moving to the other side of the device. A...

Foxconn Reportedly Begins Seasonal Hiring Spree for iPhone 12 Production

Monday August 10, 2020 7:03 am PDT by
Apple's largest manufacturing partner Foxconn has begun its seasonal hiring spree to assist with iPhone 12 production, offering employees who recruit qualified applicants up to a 9,000 yuan bonus, according to Chinese media reports. As usual, Foxconn needs as many hands on deck as possible at its factory in Zhengzhou, China to assist with mass production of the upcoming iPhones. Apple is...

8 Third-Party Home Screen Widgets That You Can Try Out Now on iOS 14

Wednesday August 5, 2020 12:56 pm PDT by
One of the biggest new features of iOS 14 is Home Screen widgets, which provide information from apps at a glance. The widgets can be pinned to the Home Screen in various spots and sizes, allowing for many different layouts. When the iOS 14 beta was first released in June, widgets were limited to Apple's own apps like Calendar and Weather, but several third-party developers have begun to test ...

New 27-Inch iMac's Storage Affixed to Logic Board, 4TB and 8TB Configurations Have Expansion Connector

Friday August 7, 2020 7:46 am PDT by
Following a report from German blog iFun.de that claimed the new 27-inch iMac's flash storage is soldered to the logic board, MacRumors has obtained additional information in an internal document for Apple technicians. In the document, Apple says that the flash storage is indeed affixed to the logic board and cannot be removed. However, for the 4TB and 8TB configurations, Apple says that a...