A Russian forensics firm named Elcomsoft announced a way by which web browsing records from Apple’s iCloud Storage can be extracted.
These web records include Websites URLs, names, and date about when a website was visited by the user. All the records are saved in the iCloud. Even the cleared browsing records are also visible but they are marked as “deleted”. Mobile browsing records are also visible in the table.
Elcomsoft didn’t disclose this method to Apple that how to extract the web records but after the report of such a bug became public, Apple fixed this and began to stop the retrieval of web records and deleting all the records which older than two weeks.
After the fix, Elcomsoft acknowledged the fix said “Good Move, Apple.”
iCloud used the web records to sync browser histories across different devices by which the users can access their browser history across different devices and was a central feature of Safari.
Clearing your browser history on any of your devices such as Mac or iPhone will clear it on all the devices which are linked through the same iCloud, even if the other devices are powered down. This function requires a record that a given website has been visited and then cleared from the history.
Still, Elcomsoft managed to find the records stored in unhashed form dating back to November 2015 making them suitable for forensic analysis.
Unlike most of the iCloud data, the web records don’t seem to have been accessible to the law enforcement agencies on requests.