Our research has found a method to remove iOS Evercookies floating about in
mobile safari. This method doesn't require a jailbreak or third party software
and makes use of the command line and iTunes.
NOTE: We accept no responsibility for any problems resulting from following
the procedure below. Ensure you have a full working backup in addition to the
one you use to perform the evercookie removal incase anything goes wrong during
the process described below.
What is a Supercookie?
If you have cleared your website data from your iDevice but still find there
are items that do not delete, showing 0 bytes in size, you have probably
encountered an
Evercookie
. Also known as Supercookies, these data bugs are intentionally difficult to
remove from your device. They can be used to permanently identify you on any
site you visit on the internet. Mobile Safari is particularly hard to cleanse.
Until now solutions relied on jail breaking your device which can be time
consuming and void your warranty. The procedure outlined below removes the files
associated with the evercookie from your device by directly manipulating an
iTunes backup. You then restore the backup to remove the pesky files for good.
Can persistent cookies be deleted?
Put simply, yes they can! Follow the steps below remove all evercookies from
your iOS device:
- Clean as much website data from your device as possible. To do this go to
the Settings app and select:
Settings > Safari > Clear History and Website Data
After confirming the clean go to:
Settings > Safari > Advanced > Website Data
If you still see anything in there continue with the following steps.
- Having first cleaned out as much website date as you can the next step is
to backup your iPhone, iPod or iPad. Plug your device into your computer and
start iTunes. Use iTunes to create an unencrypted Backup of your device from if
one is not created automatically.
- Locate the backup and duplicate it in macOS Finder or Windows Explorer - to
do this Open Preferences in iTunes and go to the Devices tab. Click on the
backup you created and right click on it. Then select show in Finder. Once in
finder Copy and paste the directory in place. This means if things go wrong you
can always restore your phone to its current state.
- Now open the Terminal application and change directory to the backup folder
identified in the previous step. This requires that you type the 'cd' command
followed by the path of the folder so for example:
$ cd ~/Library/Application Support/MobileSync/Backup/1233486346...
- You will now use SQLite to modify the backups Manifest.db file and remove
all the data files from mobile safari that could store an evercookie. It is
possible to be very specific in this step to remove only the cookies you want
however the method here will simply remove them all. In the Terminal window
type:
$ sqlite3 Manifest.db
You now simply remove the entries for the safari website data cache by typing:
sqlite> DELETE FROM Files WHERE relativePath LIKE 'Library/WebKit/WebsiteData/%' AND domain = 'AppDomain-com.apple.mobilesafari';
To leave SQLite type:
sqlite> .quit
You now have a backup free from all types of cookies.
- The remaining step is to restore the backup you just modified to your
phone. After doing this you may need to set some of your account details by
reentering passwords, you may have to reconnect to WiFi and you might have to
reactivate cards added to Apple pay. However once done you will find that you
have removed the evercookies from mobile safari without jail breaking your
device.