Conversation

When opening a website from within the TikTok iOS app, they inject code that can observe every keyboard input (which may include credit card details, passwords or other sensitive information) TikTok also has code to observe all taps, like clicking on any buttons or links.
Image
58
4,314
Continuing to analyse the Instagram iOS app, I found something new: Besides injecting pcm.js (as covered last week), Instagram also injects JavaScript code to observe all taps happening inside their in-app browser, like clicking on buttons, links or images.
Image
6
1,695
As of iOS 14.3, apps can easily hide their JavaScript activities from websites using WKContentWorld. Hence,Β it becomes more important than ever to find a solution to end the use of custom in-app browsersΒ for showing third party content.
Image
3
1,367
Apps that use the recommended SFSafariViewController approach, don’t have any of those problems. Even with the WKContentWorld system, there is no way the iOS app can inject JS code into external websites, making it the safest choice for the user.
Image
4
1,169
Show replies
I wonder who the coders are ... who said yes to implementing this feature ... instead of just walking out, knowing that programming is in high demand.
9
266
Let me introduce you to the beautiful US visa system, where an employee is bound to a specific employer, and the engineer quitting means having to leave the country πŸ˜…
18
1,515
Show replies