A website called InAppBrowser was created by Felix Krause to help users see what information the browser is collecting from users. Recently, security researcher Felix Krause has discovered that the browser integrated in social networking applications such as Tiktok, Facebook … has attached Javascript code to track users, more dangerously there is an application with Keylog function. can record what you type on the keyboard. I will show you how to use InAppBrowser to check if your browser is tracking you?
Join the channel Telegram of the AnonyViet 👉 Link 👈 |
How to use InAppBrowser to check if your browser is tracking you?
According to testing by InAppBrowser, when using TikTok to open any web page in the app, a tracking code is entered that can monitor all keystrokes, including passwords and all presses. So you can completely reveal your login account when using TikTok, very dangerous.
How to use InAppBrowser to list JavaScript commands executed by iOS apps:
Open the application (browser) for analysis:
- Share link https://InAppBrowser.com somewhere inside the app (e.g. send a direct message to a friend or post to the News Feed, comment)
- Click on the link you just shared
- Read the report on the screen, which will tell you what this browser is tracking you
The InAppBrowser author used this tool to analyze the most popular iOS apps that have their own in-app browser. Here are the results Felix Krause found.
For this analysis, the author has excluded all third-party iOS browsers (Chrome, Brave, etc.), as they use JavaScript to provide some functionality such as password managers. Apple requires all third-party iOS browser apps to use the Safari WebKit engine.
Important Note: InAppBrowser cannot detect all executed JavaScript commands, so errors may occur.
iOS Apps With Its Own In-App Browser
- Option to open in default browser: Does the app provide a feature to open the link currently displayed in the default browser?
- Edit page: Does the application inject JavaScript code into third-party websites to modify its content? This includes adding tracking code (like input, text selection, clicks, etc.), including external JavaScript files, as well as creating new HTML elements.
- Fetch metadata: Does the app run JavaScript code to fetch web page metadata? This does not pose any real security or privacy risks.
- JS: A link to JavaScript code, possibly other code being executed.
You can click on each Yes/No to see the InAppBrowser analysis results from the browser of the above applications.