Flaw in Chrome for iOS 7 Reveals Incognito Searches - MacRumors
Skip to Content

Flaw in Chrome for iOS 7 Reveals Incognito Searches

by

Chrome's latest update, which added support for iOS 7, also included a significant flaw that was discovered by design firm Parallax (via TechCrunch). When using the search or address bar in an Incognito window within the app, browsing history will be saved and shared with the standard Google.com browser.


Google’s Incognito mode is designed to keep searches for sensitive information private, but as detailed in the video, searches will be displayed when the standard Google.com browser is accessed. The flaw can be replicated with the following steps:

- Open an Incognito window
- Enter a search term in the address bar and hit enter
- Open a non-Incognito window
- Navigate to Google.com
- Tap the search box on the page to see Incognito searches

TechCrunch contacted Google and learned that there is no fix for the issue, as it is an "unfortunate but unavoidable loophole that comes with building a browser for iOS. The company cites its Incognito support note, which does address the issue.

On Chrome for iOS, due to platform limitation regular and incognito* tabs share HTML5 local storage, which is typically used by sites to store files on your device (client-side caching) or to provide offline functionality. This means the same sites can always access their data in this storage in both regular and incognito* tabs. Incognito* tabs will still keep browsing history and cookies separate from regular tabs, which are cleared once those tabs are closed.

Apple’s default Safari browser does not appear to have the same issue, accurately hiding searches made in Private mode.

Top Rated Comments

R
Rocco83
163 months ago
Hey everyone, Google here. We screwed something up in our browser. Apple's fault, not it!
Score: 8 Votes (Like | Disagree)
seamer Avatar
seamer
163 months ago
I wouldn't be so quick to say "Safari is able to do it." Simply due to the fact Apple doesn't have to follow its own submission process, and their apps can have certain privileges that third-parties cannot.
Score: 6 Votes (Like | Disagree)
W
willdude
163 months ago
I wouldn't be so quick to say "Safari is able to do it." Simply due to the fact Apple doesn't have to follow its own submission process, and their apps can have certain privileges that third-parties cannot.

Indeed, this would seem to be exactly the case, since Apple doesn't let third-party apps restrict HTML5 local storage, which is what Google and other sites use for this search history.

It's also been like this since at least iOS 6, so it's weird that it's suddenly getting all this coverage.
Score: 3 Votes (Like | Disagree)
PracticalMac Avatar
PracticalMac
163 months ago


TechCrunch contacted Google and learned that there is no fix for the issue, as it is an "unfortunate but unavoidable loophole that comes with building a browser for iOS. The company cites its Incognito support note (https://support.google.com/chrome/answer/95464?hl=en), which does address the issue. Apple's default Safari browser does not appear to have the same issue, accurately hiding searches made in Private mode.
Someone is dropping the ball.
Score: 3 Votes (Like | Disagree)
bacaramac Avatar
bacaramac
163 months ago
Guess I don't see the big draw to not use iOS Safari. I think it works rather well . Guess it provides benefits to some, but I see no reason to stray from built in apps if you don't have to.
Score: 2 Votes (Like | Disagree)
redscull Avatar
redscull
163 months ago
Google is flat out full of bologna. This is their bug, irrefutably.

Sure, it's true that local storage is shared between incognito and normal modes, but it's also trivial to prefix all your storage keys with "incognito-" while reading/writing in incognito mode, and ensuring that normal mode never reads/writes storage keys prefixed with "incognito-".

Would your sensitive data still be on your system? Yeah, chrome would have to periodically clear all "incognito-" prefixed keys' values to resolve that. But at least these sensitive values would never be displayed via the browser. Only a data miner with access to your file system could get at them.

This kind of fix could be performed by a novice engineer. It is an embarrassing bug, not Apple's fault. Not unavoidable.
Score: 2 Votes (Like | Disagree)
Read All Comments

Popular Stories

iOS 26

iOS 26.4 Adds Two New Features to CarPlay

Tuesday March 24, 2026 1:55 pm PDT by
iOS 26.4 was released today, and it includes a couple of new features for CarPlay: an Ambient Music widget and support for voice-based chatbot apps. To update your iPhone 11 or newer to iOS 26.4, open the Settings app and tap on General → Software Update. CarPlay will automatically offer the new features so long as the iPhone connected to your vehicle is running iOS 26.4 or later....
Read Full Article25 comments
Apple Business hero

Apple Unveils 'Apple Business' All-in-One Platform

Tuesday March 24, 2026 8:53 am PDT by
Apple today announced Apple Business, a new all-in-one platform that unifies device management, productivity tools, and customer outreach features. The service is designed to be a consolidated replacement for several of Apple's existing business-focused offerings, including Apple Business Essentials, Apple Business Manager, and Apple Business Connect. It provides organizations with a single...
Read Full Article46 comments
AirPods Pro Firmware Feature

Apple Releases New Firmware for AirPods Pro 3, AirPods Pro 2 and AirPods 4

Tuesday March 24, 2026 12:31 pm PDT by
Apple today released new firmware for the AirPods Pro 2, AirPods Pro 3, and the AirPods 4. The firmware has a version number of 8B39, up from 8B34 on the AirPods Pro 3, 8B28 on the AirPods Pro 2, and 8B21 on the AirPods 4. There is no word on what's included in the firmware, but Apple has a support document with limited notes. Most updates are limited to bug fixes and performance...
Read Full Article87 comments