This tool checks if in-app browsers are tracking you

Image of article titled

photo: Anqi Yang (Shutterstock)

In-app browser is crap They are also a major privacy and security risk compared to full-featured browsing apps. Many applications use a method called Javascript injection to sneak data trackers into websites you visit through their in-app browser, which adds extra code to the page as it loads. These trackers can collect browsing history, login data, and even keyboard keystrokes and text input.

While not always used for malicious means, Javascript injection is a potential security threat that, until now, has been difficult to inspect inside an in-app browser. Fortunately, security researcher Flix Krause’s new ap(p)tly naming tool, InAppBrowserchecks whether the application’s built-in browser uses potentially dangerous Javascript injections to track your data.

While InAppBrowser only works with apps with built-in web browser tools, such as TikTok, Instagram, or Messenger, you can also use it on the desktop to check for Javascript injections from browser extensions.

InAppBrowser.com in Instagram

If you suspect an app or browser extension, try InAppBrowser to see if it’s doing anything suspicious. That’s it:

  1. on the move [iOS/Android]: Open the application you want to test and load inappbrowser.com in the app’s built-in web browser. An easy way to do this is to send yourself the link in a message, comment or post.Alternatively, open a website link in the app (any web link will work) and go to https://inappbrowser.com.
  1. On the desktop: To test websites and browser extensions on desktop, open your favorite browser and go to inappbrowser.com.
  2. Once the site loads, you’ll see a message detailing any possible gross Javascript behavior (if any) that InApBrowser intercepted, along with an explanation of what the code might be used for.

These readings can help you spot possible malicious behavior, but there are a few caveats to mention.

On top of that, InAppBrowser will only alert you to the presence of Javascript injection and cannot tell if an app or browser extension is really malicious.It even flags apps and browser extensions that use Javascript injection, but do not Totally follow you. That means private browsing extensions that block website trackers, apps that collect browsing data for advertising or troubleshooting reasons (like TikTok), and malicious apps that spy on you outright all trigger the same warning.even claus Warning against jumping to conclusions If the application uses Javascript injection.

Likewise, InAppBrowser cannot alert you to tracking applications, browsers, and other forms that websites may use. This means that an app may pass InAppBrowser’s tests but still collect your data in other ways, so don’t rely on InAppBrowser as the only way to test your app’s security. Still, it’s important to know if an application uses Javascript injection — malicious or otherwise —So it’s up to you to decide if the app is worth using.

If you find that an app might be tracking you and want to stop it, you have a few options. The best solution is to delete the app. If it’s not on your phone, it can’t track you.

If you want to keep an app but limit its tracking, go to Go to the app’s settings and see if you can change the default browser to your favorite app like Safari, Firefox or even Chrome. Safari is an especially good choice because recent versions block many of the Javascript behaviors that InAppBrowser warns about.

also, Disable app tracking in iOS or Android settings menu. This works better for iOS users, but it also hinders ad tracking on Android. turn off location tracking, as well as. Frankly, we recommend tweaking these settings anyway, even if every app you use passes the Javascript inspection test.

[BleepingComputer]

Leave a Comment

Your email address will not be published.