Apple’s iCloud appears to have been holding on to users’ deleted internet browsing histories, including records over a year old.
Moscow-based forensics firm Elcomsoft noticed it was able to pull supposedly deleted Safari browser histories from iCloud accounts, such as the date and time the site was visited and when the record was deleted.
“In fact, we were able to access records dated more than one year back,” wrote Elcomsoft’s CEO Vladimir Katalov in a Thursday blog post.
Users can set iCloud to store their browsing history so that it’s available from all connected devices. The researchers found that when a user deletes that history, iCloud doesn’t actually erase it but keeps it in a format invisible to the user.
The company discovered the issue with its Phone Breaker product, a forensic tool designed to streamline the extracting files from an iCloud account.
Keeping a copy of a user’s browser history can certainly be “invaluable for surveillance and investigations,” Katalov said. But it’s unclear if Apple knew that its iCloud service was storing the deleted records.
On Thursday, Apple didn’t immediately respond to a request for comment but since Elcomsoft’s blog post went live, Apple appears to be “purging” older browser history records from iCloud, the forensics firm said.
“For what we know, they could be just moving them to other servers, making deleted records inaccessible from the outside,” the blog post said. But now only deleted records as old as only two weeks can be extracted, the company said.
Elcomsoft has previously found that Apple was saving users’ call history to iCloud, but offering no explicit way to turn the synching on or off. At the time, Apple responded that its call synching function was designed for convenience, allowing customers to return phone calls from any device.
For users concerned about their privacy, Elcomsoft said that they can opt-out of syncing their Safari browsing history from iCloud.