The new "Smart App Banner" feature in iOS 6 is designed to allow developers the ability to promote App Store software within Safari. The Smart App Banner detects whether a user has a specific application installed, and invites them to view the software on the App Store or open it on their iOS device.
The issue has reportedly existed since the release of iOS 6 months ago, though it has not been widely reported. Michael Stockwell, founder of FizzPow Games, helped confirm for AppleInsider that the issue applies to all builds of iOS 6 on all devices iPhone, iPad and iPod touch. In addition, people familiar with the latest beta of iOS 6.1 said the problem also remains in Apple's pre-release test software on the iPhone.
A potentially 'serious' issue?
Peter Eckersley, technology products director with digital rights advocacy group the Electronic Frontier Foundation, said he would characterize such an issue as a "serious privacy and security vulnerability."
Neither Eckersley nor the EFF had heard of the bug in iOS 6, nor had they independently tested to confirm that they were able to replicate the issue. But Eckersley said that if the problem is in fact real, it's something that Apple should work to address as quickly as possible.
"It is a security issue, it is a privacy issue, and it is a trust issue," Eckersley said. "Can you trust the UI to do what you told it to do? It's certainly a bug that needs to be fixed urgently."
But Lysa Myers, a virus hunter at security firm Intego, said she doesn't see the bug as a major concern for the vast majority of iOS device owners.
"It's not necessarily directly and immediately a security vulnerability, but it's the kind of thing that would enable some other vulnerability to be exploited," he said.
Highlighting less flexibility with mobile browsers
Eckersley feels the design ideology of modern smartphone platforms is to make everything as simple as possible, a strategy that he called "hostile to privacy."
"At this point, our advice for browsing the mobile web in private is: Don't do it," he said. "If you need privacy while you browse, use a desktop browser."