By 
Security researcher Felix Krause announced the release of InAppBrowser, a tool that shows all the JavaScript instructions executed by an iOS app when its in-app browser produces a webpage, in a blog post on Thursday.
According to Krause’s findings, applications such as TikTok, Instagram, Facebook Messenger, and Facebook all change URLs that are opened in the in-app browser.
Krause discovered that TikTok conducts several unpleasant things, such as tracking all of the users’ keyboard inputs and taps, after digging a little more into what these applications’ in-app browsers truly do.
This includes inserting tracking code (such as inputs, text choices, touches, and so on). TikTok is also the only app Krause has investigated that does not even give an option to access the link in the device’s regular browser, forcing you to use its own in-app browser.
TikTok claims this is done to “provide an optimal user experience.”
Other applications Krause has investigated, such as Instagram, perform some surveillance of their own, though none go as far as TikTok.
Krause warns that applications might hide their JavaScript activities from their InAppBrowser tool, implying that they may be performing additional surveillance behind the scenes.
For the time being, the only method to ensure that they can’t perform any tracking is to open webpages in the device’s default browser – if the app even has this choice.
Comments