In-app browsers that act as keyloggers

Jason Snell writing for Six Colors

Introducing InAppBrowser.com, a simple tool to list the JavaScript commands executed by the iOS app rendering the page.

Krause’s tool lets anyone investigate what might be leaking through in-app browsers. Apps that use Apple’s SafariViewController are all pretty safe, but apps like TikTok, Instagram, Facebook Messenger, and Facebook are using their own in-app browsers that modify pages with JavaScript.

TikTok, in particular, is monitoring all keyboard inputs and taps. “From a technical perspective, this is the equivalent of installing a keylogger on third party websites,” Krause writes.

We just can’t have nice things can we?