Although Safari is known as a secure browser for iOS users, a new discovery might surprise some users. iOS developer Mysk, in a published video, demonstrated how iOS devices could be tracked through a security flaw in Safari. What’s more, this traceability is valid even for those who use private browsing mode.
Safari users can be tracked even if they use private mode due to a security flaw
At the root of the issue lies a new URI scheme. This scheme allows alternative app stores to be installed through a website. However, the problem here is that Safari runs this scheme without checking whether the site is actually an app store.
This leads to various websites collecting information that can be used to track your device. Mysk showed that with just ten lines of code, Safari tried to download an alternative app store. This download attempt fails due to an authorization error, but in the process, Safari contains a unique client ID that can identify you.
This ID can be shared across different sites when certain attributes such as “adpURL” and “storeAccountName” are compatible, paving the way for your device to be tracked. The most concerning part of this flaw in the Safari browser is that it can occur even in private mode.
Normally, in this mode, your browser history is not saved and cannot be tracked. But this weakness eliminates this security guarantee. The good news is that this problem only affects iOS users in the European Union region.
The reason for this is Apple’s obligation to offer alternative app stores in the EU. This weakness does not occur in other regions. The best way to protect yourself is to use other browsers besides Safari.
Other browsers block tracking attempts and do not send such POST requests. Therefore, if you’re concerned about your device being tracked, it might be a good idea to choose a different browser instead of Safari. What do you think about this news? Feel free to share your thoughts in the comments section below.