At least according to (indie) experts
Independent security experts have downplayed concerns about a reported flaw in iOS 10 private browsing.
Stacey Jury, a digital forensic analyst at IntaForensics, found that the private browsing mode in Apple iOS 10 is not foolproof, since it does not delete your data correctly, leaving it open to recovery.
“Apple have made the private browsing feature in Safari less ‘private’ in IOS 10… suspend state is now stored in a database which means recovering deleted records is now possible,” Jury explains.
Using a iPhone 5S running IOS 10.0.1, Jury says she was able to recover web pages opened in Safari’s private mode from a database using XRY, a computer forensics tool, detailed in a blog post by IntaForensics here.
Apple routinely ignores request for security comment from El Reg, so we’re not sure whether or not a fix for the reported flaw is in the works.
Russian computer forensics software firm Elcomsoft, which we approached for comment on IntaForensics research, said it hasn’t come across any major issues in “private mode” browsing with the latest version of Apple’s smartphone and tablet software.
“We looked at iOS private browsing mode a little bit, but have not found any issues – implementation seems to be good enough; all temp files seem to be properly deleted, visited links are not being saved in history etc,” Vladimir Katalov of ElcomSoft told El Reg.
Other independent third parties also played down the significance of the vulnerability reported by IntaForensics.
Lee Munson, security researcher for Comparitech.com, commented: “The flaw only relates to iPhone and iPad backups saved directly through iTunes on a Mac or PC, rather than via iCloud – which is the method adopted (knowingly or otherwise) by the majority of Apple’s customers.”
He added: “That small subset of fruity fans that do manually back up are hardly at risk either – as long as their Mac or PC is itself secured via a strong password (a long mixture of letters, numbers and symbols), they have very little to worry about.” ®