How to Remove Evercookies from iOS based devices.

Published 2022-02-05

IU Home > Projects > evercookie-cleaning-algo
Do you want to know how do you get rid of persistent cookies in Safari? If so read on for the to solve this problem leaving your device evercookie free.
Our research has found a method to remove iOS Evercookies floating about in mobile safari. This method doesn't require a jailbreak or third party software and makes use of the command line and iTunes.

NOTE: We accept no responsibility for any problems resulting from following the procedure below. Ensure you have a full working backup in addition to the one you use to perform the evercookie removal incase anything goes wrong during the process described below.

What is a Supercookie?

If you have cleared your website data from your iDevice but still find there are items that do not delete, showing 0 bytes in size, you have probably encountered an Evercookie . Also known as Supercookies, these data bugs are intentionally difficult to remove from your device. They can be used to permanently identify you on any site you visit on the internet. Mobile Safari is particularly hard to cleanse. Until now solutions relied on jail breaking your device which can be time consuming and void your warranty. The procedure outlined below removes the files associated with the evercookie from your device by directly manipulating an iTunes backup. You then restore the backup to remove the pesky files for good.

Can persistent cookies be deleted?

Put simply, yes they can! Follow the steps below remove all evercookies from your iOS device:

  1. Clean as much website data from your device as possible. To do this go to the Settings app and select:
    Settings > Safari > Clear History and Website Data
    After confirming the clean go to:
    Settings > Safari > Advanced > Website Data
    If you still see anything in there continue with the following steps.
  2. Having first cleaned out as much website date as you can the next step is to backup your iPhone, iPod or iPad. Plug your device into your computer and start iTunes. Use iTunes to create an unencrypted Backup of your device from if one is not created automatically.
  3. Locate the backup and duplicate it in macOS Finder or Windows Explorer - to do this Open Preferences in iTunes and go to the Devices tab. Click on the backup you created and right click on it. Then select show in Finder. Once in finder Copy and paste the directory in place. This means if things go wrong you can always restore your phone to its current state.
  4. Now open the Terminal application and change directory to the backup folder identified in the previous step. This requires that you type the 'cd' command followed by the path of the folder so for example:
    $ cd ~/Library/Application Support/MobileSync/Backup/1233486346...
  5. You will now use SQLite to modify the backups Manifest.db file and remove all the data files from mobile safari that could store an evercookie. It is possible to be very specific in this step to remove only the cookies you want however the method here will simply remove them all. In the Terminal window type:
    $ sqlite3 Manifest.db
    You now simply remove the entries for the safari website data cache by typing:
    sqlite> DELETE FROM Files WHERE relativePath LIKE 'Library/WebKit/WebsiteData/%' AND domain = '';
    To leave SQLite type:
    sqlite> .quit
    You now have a backup free from all types of cookies.
  6. The remaining step is to restore the backup you just modified to your phone. After doing this you may need to set some of your account details by reentering passwords, you may have to reconnect to WiFi and you might have to reactivate cards added to Apple pay. However once done you will find that you have removed the evercookies from mobile safari without jail breaking your device.