A website named InAppBrowser.com claims that it can reveal how platforms like TikTok and Instagram may potentially see your sensitive data, including address, passwords and credit card information
A website named InAppBrowser.com claims that it can reveal how platforms like TikTok and Instagram may potentially see your sensitive data, including address, passwords and credit card information, without your consent. The website has a tool that will let users know how popular social media platforms are injecting “JavaScript code into third-party websites that cause potential security and privacy risks to the user".
According to the tool’s developer, Felix Krause, InAppBrowser.com has a simple tool to “list the JavaScript commands executed by the iOS app rendering the page".
InAppBrowser.com is designed for everybody to verify for themselves what apps are doing inside their in-app browsers.
“To try this tool yourself, open an app you want to analyse, share the url, tap on the link inside the app to open it and then read the report on the screen," he mentioned in a blog post. “I have decided to open source the code used for this analysis, you can check it out on GitHub. This allows the community to update and improve this script over time," he added.
Earlier this week, he warned that Chinese short-form video app TikTok may be monitoring all keyboard inputs and taps via its in-app browser on iOS.
TikTok said in a statement that Krause’s conclusions about the company are “incorrect and misleading".
“Contrary to its claims, we do not collect keystroke or text inputs through this code, which is solely used for debugging, troubleshooting and performance monitoring," the company said.
Krause also conducted a study on the iOS app of Instagram and Facebook where he found that both these apps can track online activity using the in-app browser to open third-party links, instead of using Apple’s in-built safari browser.
These apps, the researcher says, inject “their JavaScript code into every website shown, including when clicking on ads. Even though pcm.js doesn’t do this, injecting custom scripts into third party websites allows them to monitor all user interactions, like every button & link tapped, text selections, screenshots, as well as any form inputs, like passwords, addresses and credit card numbers."
