Chrome's latest update, which added support for iOS 7, also included a significant flaw that was discovered by design firm Parallax (via TechCrunch). When using the search or address bar in an Incognito window within the app, browsing history will be saved and shared with the standard Google.com browser.
Google’s Incognito mode is designed to keep searches for sensitive information private, but as detailed in the video, searches will be displayed when the standard Google.com browser is accessed. The flaw can be replicated with the following steps:
- Open an Incognito window
- Enter a search term in the address bar and hit enter
- Open a non-Incognito window
- Navigate to Google.com
- Tap the search box on the page to see Incognito searches
TechCrunch contacted Google and learned that there is no fix for the issue, as it is an "unfortunate but unavoidable loophole that comes with building a browser for iOS. The company cites its Incognito support note, which does address the issue.
On Chrome for iOS, due to platform limitation regular and incognito* tabs share HTML5 local storage, which is typically used by sites to store files on your device (client-side caching) or to provide offline functionality. This means the same sites can always access their data in this storage in both regular and incognito* tabs. Incognito* tabs will still keep browsing history and cookies separate from regular tabs, which are cleared once those tabs are closed.
Apple’s default Safari browser does not appear to have the same issue, accurately hiding searches made in Private mode.