{"id":46636,"date":"2022-08-16T04:15:52","date_gmt":"2022-08-16T04:15:52","guid":{"rendered":"https:\/\/harchi90.com\/dont-use-in-app-browsers-for-anything-important\/"},"modified":"2022-08-16T04:15:52","modified_gmt":"2022-08-16T04:15:52","slug":"dont-use-in-app-browsers-for-anything-important","status":"publish","type":"post","link":"https:\/\/harchi90.com\/dont-use-in-app-browsers-for-anything-important\/","title":{"rendered":"Don’t Use In-App Browsers for Anything Important"},"content":{"rendered":"
\n
\n
<\/p>\n
\n
\"Image<\/div>\n<\/div>\n

<\/span><\/p>\n

photo: DenPhotos (Shutterstock)<\/figcaption><\/p>\n<\/div>\n

<\/figure>\n

Both Apple and Google are doing great work to prevent multi-site tracking. Google Chrome is slowly phasing out cookies<\/span>and Apple goes the furthest by asking users to block multi-app\/multi-site tracking using their app transparency<\/span> popups.<\/p>\n

Custom in-app browsers are out of their reach, though. Such browsers are annoying by default, as they won’t have the history, usernames, passwords, or sharing options from your default browsers. Butt wcheat they are most commonly found in apps like Facebook and Instagram, they aren’t limited to the big two Meta apps.<\/p>\n

Because the app developers themselves code in-app browsers, they have a lot more freedom as to what goes on in there. A recent study by Fastlane developer Felix Krause<\/span> showed that Facebook and Instagram can basically track anything they want when you’re using their in-app browser, which they use to open all ads and links by default. <\/p>\n

How does in-app browsersprivate tracking work? <\/h2>\n

JavaScript injection. The study uses Instagram as an example. Instagram injects Meta’s Meta Pixel JavaScript tracking code into every website that you open. it’s a library designed for website developers to track visitors on their site. Meta is injecting it on every site, without asking the website, and collecting the data for themselves. <\/p>\n

\n
\n

G\/O Media may get a commission<\/p>\n<\/div>\n<\/div>\n

When you open a link in Instagram, the app injects JavaScript code (Meta Pixel) that helps the app view and record all kinds of stuff. They can record what you tapped on, what image you opened, how long you spent on a page, and more. Instagram then uses this information to serve you more ads and to build an even clearer picture of your identity. <\/p>\n

Technically, an in-app browser can even record personal information like passwords and credit card information as you’re entering it in the text field, but the study doesn’t show that Meta is doing anything that<\/em> nefarious It’s important to note, though, that a random app with its own built-in web browser does have the ability. <\/p>\n

What can you do about in-app browser tracking?<\/h2>\n

First, whenever you open a link in Instagram, Facebook, or any other app with an in-app browser, get the hell out of there. The app has already recorded that you opened the link and there isn’t a lot that you can do about that, but you can stop the tracking there. Instagram has an option to open the website in the default browser, hidden behind the Menu button. <\/p>\n

Another option is to stop using the app itself. Switch to the web app version and you won’t have to deal with this problem. And if we’re talking about Instagram<\/span>you’ll actually get a nicer and calmer, Reels-free experience. <\/p>\n

That’s about all that you can do. For website developers, Felix suggests a string of code that will fool Instagram into thinking that their code is already installed on the site. He also has suggestions on what Apple can do to prevent such kind of abuse in the future. If you’re curious about how he figured all of this out (it makes for a great read), take a look here: Felix Krause<\/span>\/9to5Mac<\/span>.<\/p>\n

<\/p>\n<\/div>\n

.<\/p>\n","protected":false},"excerpt":{"rendered":"

photo: DenPhotos (Shutterstock) Both Apple and Google are doing great work to prevent multi-site tracking. Google Chrome is slowly phasing out cookiesand Apple goes the furthest by asking users to block multi-app\/multi-site tracking using their app transparency popups. Custom in-app browsers are out of their reach, though. Such browsers are annoying by default, as they …<\/p>\n

Don’t Use In-App Browsers for Anything Important<\/span> Read More »<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"default","ast-global-header-display":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true},"categories":[4],"tags":[3764,554,1708,1479,18033,1702,4091,4633,1143,582,1712,1481,10840,4637,15946,3730,551,1323,18032],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":56688,"url":"https:\/\/harchi90.com\/this-free-app-alerts-whenever-you-google-collects-your-browsing-data\/","url_meta":{"origin":46636,"position":0},"title":"This Free App Alerts Whenever You Google Collects Your Browsing Data","date":"August 26, 2022","format":false,"excerpt":"photo: ymgerman (Shutterstock)How often would you guess Google collects your browsing data? We all know the tech giant siphons bits of information every time we use its search, sign into its apps, or zone out on YouTube, but you might be surprised to learn (or not, given the company's reputation)\u2026","rel":"","context":"In "Technology"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":48992,"url":"https:\/\/harchi90.com\/chrome-browser-gets-11-security-fixes-with-1-zero-day-update-now-naked-security\/","url_meta":{"origin":46636,"position":1},"title":"Chrome browser gets 11 security fixes with 1 zero-day \u2013 update now! \u2013 Naked Security","date":"August 18, 2022","format":false,"excerpt":"The latest update to Google's Chrome browser is out, bumping the four-part version number to 104.0.5112.101 (Mac and Linux), or to 104.0.5112.102 (Windows). According to Google, the new version includes 11 security fixes, one of which is annotated with the remark that \u201can exploit [for this vulnerability] exists in the\u2026","rel":"","context":"In "Technology"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":29097,"url":"https:\/\/harchi90.com\/google-postpones-third-party-cookie-bonfire-yet-again-the-register\/","url_meta":{"origin":46636,"position":2},"title":"Google postpones third-party cookie bonfire yet again \u2022 The Register","date":"July 29, 2022","format":false,"excerpt":"Google says it needs more time to build and test its ostensibly privacy-preserving ad technology, marketed as the \"Privacy Sandbox.\" So the ad biz has delayed its previous plan to block privacy-pilfering third-party cookies in Chrome until 2024. Back in January 2020, the internet search giant announced its intention to\u2026","rel":"","context":"In "Technology"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":27540,"url":"https:\/\/harchi90.com\/chromeos-is-looking-a-lot-like-windows-with-new-virtual-desks\/","url_meta":{"origin":46636,"position":3},"title":"ChromeOS Is Looking a Lot Like Windows With New Virtual Desks","date":"July 27, 2022","format":false,"excerpt":"Yes! This is Chrome OS's Virtual Desks you're looking at! Image: GoogleGoogle's cloud-based operating system has come a long way since its inception. Every new software update seems to bring it closer to parity with Microsoft's Windows and Apple's Mac operating systems. A new ChromeOS update, due this fall, brings\u2026","rel":"","context":"In "Technology"","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"fifu_image_url":"https:\/\/i.kinja-img.com\/gawker-media\/image\/upload\/c_fill,f_auto,fl_progressive,g_center,h_675,pg_1,q_80,w_1200\/402ad224aca7fc9e3fb747c32de74963.jpg","_links":{"self":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/posts\/46636"}],"collection":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/comments?post=46636"}],"version-history":[{"count":0,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/posts\/46636\/revisions"}],"wp:attachment":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/media?parent=46636"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/categories?post=46636"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/tags?post=46636"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}