Fingerprint protection not (fully) working on iOS like it is on macOS

[JRHeaton]

Description

On iOS, the Brave browser has something broken in regards to the fingerprint blocking. I've been testing on https://coveryourtracks.eff.org on both my iPhone and Mac. All tests conducted in private windows. I have tested with the "Test with a real tracking company" option on and off. On iOS, fingerprint valid, presumably traceable hashes were listed on the page, and it said i'm only partially protected. Contrast this with Brave on Mac showing everything is randomized(ideal).

Troubleshooting actions taken

• Toggling all relevant shield/privacy settings and back again
• Uninstalled/reinstalled Brave on iOS, re-applying settings, ensuring latest version
• Closing the app from the switcher and re-opening it
• Rebooting the phone

Steps to reproduce

1. Open the latest version of Brave on the latest iOS version
2. Ensure these are the settings values(same when tested on iOS and on Mac):
   • Block fingerprinting: True
   • Trackers & Ads Blocking: Aggressive
   • Cookies: Block All
   • Block scripts: False
3. Clear all website data
4. Enter a private window and navigate to https://coveryourtracks.eff.org
5. Run the test
6. Observe that you don't have a green(good) result for your fingerprint blocking on iOS, but do on Mac.

Actual result

Short Description

The Mac results show Brave has a randomized fingerprint. The Brave iOS results show actual values for the hashes which show as randomized in the Mac results, and it gives me a rating of "Partial protection."

FWIW, I ran the same test in Safari with "advanced tracking & fingerprint protection" on in a private tab, and it also gave me "Partial protection" but unlike Brave-iOS, it just states the fingerprint hashes are randomized, like Brave-Mac. So Brave-iOS has worse protection than Safari but better than Brave-Mac.

In addition to the summarized results below, I will attach full renders of the results web page from both devices, which has the full technical breakdown.

Brave-iOS-CoverYourTracks.pdf Brave-Mac-CoverYourTracks.pdf

iPhone Results

Screenshots

Relevant results

• Hash of canvas fingerprint: (shows valid hash)
• Hash of WebGL fingerprint: (shows valid hash)
• AudioContext fingerprint: (shows valid hash)

---

Mac Results

Relevant results

• Hash of canvas fingerprint: "randomized by first party domain"
• Hash of WebGL fingerprint: "randomized by first party domain"
• AudioContext fingerprint: "randomized by first party domain"

Expected result

I expect the iOS version to provide the same level of robust randomization for fingerprint protection as the Mac version.

Reproduces how often

Easily reproduced

Brave version

1.66

Device/iOS version

iPhone 15 Pro 17.5.1

Affected browser versions

• [X] latest AppStore
• [ ] latest TestFlight
• [ ] previous TestFlight

Reproducibility

• [ ] with Brave Shields disabled
• [ ] in the latest version of mobile Safari

Miscellaneous information

No response

[diracdeltas]

cc @cuba @arthuredelstein

[ShivanKaul]

It's expected that Brave-iOS has fewer fingerprinting protections than brave-core given platform limitations on iOS, but Safari-iOS should be worse. I'm not sure how to interpret the following:

So Brave-iOS has worse protection than Safari but better than Brave-Mac.

Are you comparing Brave-iOS against Safari-iOS? Also, Brave-iOS will not have better protection than Brave-Mac.