How To Get Rid Of Maliciously Injected Ads In Chrome For iOS

Advertisement

iOS sandboxes apps which means an app, if it’s malicious in itself and has managed to get past the App Store, cannot mess with or access data stored in another app. With any iOS device, it’s assumed with good reason that your browser cannot be hijacked by some other app, or indeed even by a malicious website but if you’re using Chrome, that might not be true. Back in December 2015, I experienced first-hand ads being injected on websites that I accessed in Chrome on my iPhone. The device isn’t jailbroken and the website I was visiting at the time was one I had visited often in the past without an ad ever appearing. It took a two months to get to the bottom of where the ads were coming from but I ultimately realized it was cookies that were responsible for it.

Chrome for iOS, like every other app built for iOS, cannot be hijacked by other apps installed on a device so when my browser began opening new tabs and redirecting me to ads, I wasn’t entirely sure why it was doing so.

The ads were from two well known malicious ad injecting names; terraclicks and DNSUnblocker. They were appearing on an e-Commerce website that never displayed ads and the ads were of competing products. Once I verified I was the only one seeing these ads, I knew the problem was with my phone, or with my browser app.  The ads refused to go away and were so intrusive that I couldn’t navigate a website. I ended up deleting the Chrome for iOS app from my phone, and installing it again.

chrome-malware chrome-malware-ads

Removing the app did the trick and for a whole month, I wasn’t plagued by any ads. Then it started happening again and this time, the ads were far more annoying. Something as simple as tapping and holding on my screen to scroll down a webpage would trigger the ads. A new tab would open each time and again, I was unable to navigate websites. It was time to dig deeper.

I browse the internet sparingly on my phone since I’m usually in front of a larger screen i.e., my desktop for most of the day. I can count the websites I visit on my phone and know for a fact that they are trustworthy. The same can’t be said for my browsing activity on the desktop where I will risk visiting links that don’t look all that safe so perhaps I did visit a malicious website that saved a malicious cookie to my browser. The only question is, how did it get on my phone? The answer is that I helped get it there. I have sync set up so that my browsing history, bookmarks, etc., sync between Chrome on my desktop to Chrome on my iPhone.

chrome-ios-privacy chrome-ios-cookies-del

To get rid of the ads this time around, I simply deleted the cookies in Chrome on my iPhone. The ads went away instantly and have not reappeared since. I’ve made a point to prevent cookies from being saved in Chrome on both the desktop and on my iPhone. It’s a pain, of course, but no ads so far. I’ve also switched off sync from my desktop to be extra safe.

The problem has not surfaced again but I do still have unanswered questions. I don’t know if the cookies that caused the ads to appear were saved to my desktop and then synced to my phone, or if they saved directly on my phone and then began displaying ads. It’s also alarming that cookies, which are normally considered super harmless are the apparent cause of all this.

Advertisement
  • Walt French

    “I do still have unanswered questions. I don’t know if the cookies that caused the ads to appear…”

    This post should be called The Kewl Kids Google Tax as it shows how using a Google browser on an iPhone despite widely-reported higher battery use and other problems, causes headaches.

    Ads, hoocoodanode? No, I don’t think that those spammy ads that were presenting an unacceptable security risk (as running obviously rogue javascript in an e-commerce site where you would otherwise think you’re conducting secure business, has to be called), came from Google. Rather, since ads are part-and-parcel of Google’s business model, and people who prefer Google products are used to seeing mass violations of normal security standards, it is just so much easier to run malware ads thru Google products and users.

    You just blundered into this hostile territory.

    I’m sure some developers need to test out how their site appears in Chrome, and there may even be some sites that simply break when visited from stock iPhone/Safari. Neither of those apply to 99%+ of the people who prefer Apple’s iOS products.

    Moral of the story is more that the Walled Garden is net-net more helpful than harmful, and being too smart by half, as it would be for most of us, and trying to dumb down an iPhone into an Android wannabe, is the mistake. Easily fixed, though it might take intensive psychotherapy to figure out why you wasted your time & talent on such a self-defeating quest in the first place.

  • Amit

    you can just install AdGuard iOS Ad Blocker which should block all the annoying ads. Works for me.