iOS 6 Bug Turns on JavaScript in Safari Without User Consent

A bug in iOS 6 causes previously disabled JavaScript to enable all by itself, without user consent, if a website that displays a “Smart App Banner” is visited. Introduced in iOS 6, Smart App Banners make it easier for website owners to redirect visitors to their app by simply adding a few lines of code to the webpage.

Smart app banners rely on JavaScript to function correctly, and it seems that iOS 6 forcefully, and permanently, enables JavaScript in Safari, even if the user has explicitly turned off JavaScript from Settings. This isn’t a big deal for the large majority of iOS users who don’t bother tinkering with the default settings, but it is a huge issue for people who knowingly disable JavaScript, for various reasons ranging from low internet speeds to security concerns.

You can reproduce the bug by diving into the Safari section of the Settings app, disabling JavaScript, and then visiting a website like mobile.twitter.com, which displays a Smart App Banner. Now if you go back to the Settings app, you’ll see that JavaScript has been re-enabled.

ios-6-javascript-bug

This won’t be a huge concern for most of you, as we noted earlier. It is a bug nonetheless, where Safari ignores the current JavaScript state, resulting in unexpected behaviour. AppleInsider notes that the bug has existed in previous versions of iOS 6, and is present in iOS 6.1 beta as well.

Apple should most likely fix this bug in the final release of iOS 6.1.

  • Bernard

    They didn’t fix it :o(