π₯ New Post: Announcing InAppBrowser - see what JavaScript commands get injected through an in-app browser
π TikTok, when opening any website in their app, injects tracking code that can monitor all keystrokes, including passwords, and all taps.
krausefx.com/blog/announcin
Conversation
InAppBrowser.com - a new tool I used to investigate the in-app browsers of apps (that use them) to look for any external JavaScript code being injected.
17
649
2,332
When opening a website from within the TikTok iOS app, they inject code that can observe every keyboard input (which may include credit card details, passwords or other sensitive information)
TikTok also has code to observe all taps, like clicking on any buttons or links.
58
2,865
4,314
Continuing to analyse the Instagram iOS app, I found something new:
Besides injecting pcm.js (as covered last week), Instagram also injects JavaScript code to observe all taps happening inside their in-app browser, like clicking on buttons, links or images.
6
636
1,695
As of iOS 14.3, apps can easily hide their JavaScript activities from websites using WKContentWorld.
Hence,Β it becomes more important than ever to find a solution to end the use of custom in-app browsersΒ for showing third party content.
3
252
1,367
Apps that use the recommended SFSafariViewController approach, donβt have any of those problems.
Even with the WKContentWorld system, there is no way the iOS app can inject JS code into external websites, making it the safest choice for the user.
4
251
1,169
Wow, what an honour to have my work featured on
Including statements by TikTok confirming the code I found exists and does what I expected.
forbes.com/sites/richardn via
47
482
2,458
I knew Iβd forget something! Here we go, itβs public now:
1
17
152
Show replies
I wonder who the coders are ... who said yes to implementing this feature ... instead of just walking out, knowing that programming is in high demand.
9
13
266
Let me introduce you to the beautiful US visa system, where an employee is bound to a specific employer, and the engineer quitting means having to leave the country π
18
70
1,515
Show replies