Wednesday, March 26, 2014

iOS Chrome Puts Per-Tab GUID in User-Agent

Thijs van der Vossen:

For some reason, Chrome on iOS now adds what looks like a per-device GUID to its User-Agent string.

This would seem to be a major privacy concern. There’s more information at Stack Overflow.

However, this bug says:

The tabID is then stripped off from the user agent before the request goes over the network. Again: this tab ID is not send over the network, only the normal user agent is send.

The only place the modified user agent is visible from is navigator.userAgent.

This would mean that Web servers don’t receive it by default but that the page does have access to it via JavaScript.

Comments RSS · Twitter

Leave a Comment