{"id":53276,"date":"2022-08-22T23:32:44","date_gmt":"2022-08-22T23:32:44","guid":{"rendered":"https:\/\/harchi90.com\/this-tool-checks-if-in-app-browsers-are-tracking-you\/"},"modified":"2022-08-22T23:32:44","modified_gmt":"2022-08-22T23:32:44","slug":"this-tool-checks-if-in-app-browsers-are-tracking-you","status":"publish","type":"post","link":"https:\/\/harchi90.com\/this-tool-checks-if-in-app-browsers-are-tracking-you\/","title":{"rendered":"This Tool Checks If In-App Browsers Are Tracking You"},"content":{"rendered":"<div>\n<figure class=\"sc-1eow4w5-1 eLNveM align--bleed js_lazy-image js_marquee-assetfigure\" data-id=\"fa893833924bb3a3007c03192e407625\" data-recommend-id=\"image:\/\/fa893833924bb3a3007c03192e407625\" data-format=\"jpg\" data-width=\"6000\" data-height=\"3375\" data-lightbox=\"true\" data-recommended=\"true\" data-hide=\"false\" contenteditable=\"false\" draggable=\"false\">\n<div class=\"sc-1eow4w5-2 loxZOX has-data img-wrapper\" contenteditable=\"false\" style=\"max-width:6000px\" data-link-reference=\"\" data-link-target=\"\" data-syndicationrights=\"true\" data-imagerights=\"shutterstock\" data-hidecredit=\"false\"><span class=\"sc-1eow4w5-0 dnhHtZ js_lightbox-wrapper\"><\/p>\n<div style=\"padding-bottom:56.3%\" class=\"sc-1eow4w5-3 lktKQM image-hydration-wrapper\">\n<div><img alt=\"Image for article titled This Tool Checks If In-App Browsers Are Tracking You\" srcset=\"https:\/\/i.kinja-img.com\/gawker-media\/image\/upload\/c_fill,f_auto,fl_progressive,g_center,h_80,pg_1,q_80,w_80\/fa893833924bb3a3007c03192e407625.jpg 80w, https:\/\/i.kinja-img.com\/gawker-media\/image\/upload\/c_fit,f_auto,g_center,pg_1,q_60,w_140\/fa893833924bb3a3007c03192e407625.jpg 140w, https:\/\/i.kinja-img.com\/gawker-media\/image\/upload\/c_fit,f_auto,g_center,pg_1,q_60,w_265\/fa893833924bb3a3007c03192e407625.jpg 265w, https:\/\/i.kinja-img.com\/gawker-media\/image\/upload\/c_fit,f_auto,g_center,pg_1,q_60,w_340\/fa893833924bb3a3007c03192e407625.jpg 340w, https:\/\/i.kinja-img.com\/gawker-media\/image\/upload\/c_fit,f_auto,g_center,pg_1,q_60,w_490\/fa893833924bb3a3007c03192e407625.jpg 490w, https:\/\/i.kinja-img.com\/gawker-media\/image\/upload\/c_fit,f_auto,g_center,pg_1,q_60,w_645\/fa893833924bb3a3007c03192e407625.jpg 645w, https:\/\/i.kinja-img.com\/gawker-media\/image\/upload\/c_fit,f_auto,g_center,pg_1,q_60,w_740\/fa893833924bb3a3007c03192e407625.jpg 740w, https:\/\/i.kinja-img.com\/gawker-media\/image\/upload\/c_fit,f_auto,g_center,pg_1,q_60,w_965\/fa893833924bb3a3007c03192e407625.jpg 965w, https:\/\/i.kinja-img.com\/gawker-media\/image\/upload\/c_fit,f_auto,g_center,pg_1,q_60,w_1165\/fa893833924bb3a3007c03192e407625.jpg 1165w, https:\/\/i.kinja-img.com\/gawker-media\/image\/upload\/c_fit,f_auto,g_center,pg_1,q_60,w_1315\/fa893833924bb3a3007c03192e407625.jpg 1315w, https:\/\/i.kinja-img.com\/gawker-media\/image\/upload\/c_fit,f_auto,g_center,pg_1,q_60,w_1465\/fa893833924bb3a3007c03192e407625.jpg 1465w, https:\/\/i.kinja-img.com\/gawker-media\/image\/upload\/c_fit,f_auto,g_center,pg_1,q_60,w_1600\/fa893833924bb3a3007c03192e407625.jpg 1600w\" sizes=\"&#10;&#9;&#9;&#9;&#9;(max-width: 25em) calc(100vw - 32px),&#10;&#9;&#9;&#9;&#9;(max-width: 37.31em) calc(100vw - 32px),&#10;&#9;&#9;&#9;&#9;(min-width: 37.37em) and (max-width: 49.94em) calc(100vw - 32px),&#10;&#9;&#9;&#9;&#9;(min-width: 50em) and (max-width: 63.69em) 800px,&#10;&#9;&#9;&#9;&#9;(min-width: 63.75em) and (max-width: 85.19em) calc(66.5vw - 32px),&#10;&#9;&#9;&#9;&#9;800px&#10;&#9;&#9;&#9;\" draggable=\"auto\" data-chomp-id=\"fa893833924bb3a3007c03192e407625\" data-format=\"jpg\" data-alt=\"Image for article titled This Tool Checks If In-App Browsers Are Tracking You\" data-anim-src=\"\"\/><\/div>\n<\/div>\n<p><\/span><\/p>\n<p><figcaption class=\"sc-7s1ndr-0 ikKPtM no-caption\">photo<!-- -->: <!-- -->AngieYeoh<!-- --> (<!-- -->Shutterstock<!-- -->)<\/figcaption><\/p>\n<\/div>\n<p><span data-id=\"fa893833924bb3a3007c03192e407625\" data-recommend-id=\"image:\/\/fa893833924bb3a3007c03192e407625\" data-format=\"jpg\" data-width=\"6000\" data-height=\"3375\" data-lightbox=\"true\" data-recommended=\"true\" data-hide=\"false\" class=\"js_recommend\"\/><\/figure>\n<p class=\"sc-77igqf-0 bOfvBY\"><span>In-app browsers are bunk<\/span> compared to full-featured browsing apps, but they&#8217;re also a major privacy and security risk.  Many apps sneak data trackers onto websites you visit through their in-app browser using a method called Javascript injection, which adds extra code to a page as it loads. <!-- -->These trackers can scoop up browsing history, login data, and even keyboard presses and text entry.<\/p>\n<p class=\"sc-77igqf-0 bOfvBY\">While not always used for nefarious means, Javascript injection is a potential security threat that, until now, was difficult to check for inside in-app browsers. <!-- -->Luckily, security researcher Flix Krause&#8217;s new ap(p)tly named tool, <span>InAppBrowser<\/span>checks if an app&#8217;s built-in browser uses potentially dangerous Javascript injections to track your data.<\/p>\n<p class=\"sc-77igqf-0 bOfvBY\">While InAppBrowser only works in apps that have a built-in web browser tool, such as TikTok, Instagram, or Messenger, you can also use it on the desktop to check for Javascript injections from browser extensions.<\/p>\n<p><span class=\"flex-video widescreen\"><iframe data-src=\"https:\/\/lifehacker.com\/embed\/inset\/iframe?id=youtube-video-i2SfbHpZDQI&amp;start=0\" data-chomp-id=\"i2SfbHpZDQI\" data-recommend-id=\"youtube:\/\/i2SfbHpZDQI\" id=\"youtube-i2SfbHpZDQI\" data-recommended=\"false\" width=\"800\" height=\"450\" class=\"core-inset lazyload\" frameborder=\"0\" scrolling=\"no\" allowfullscreen=\"\" webkitallowfullscreen=\"webkitAllowFullScreen\" mozallowfullscreen=\"mozallowfullscreen\"><\/iframe><span data-chomp-id=\"i2SfbHpZDQI\" data-recommend-id=\"youtube:\/\/i2SfbHpZDQI\" id=\"youtube-i2SfbHpZDQI\" data-recommended=\"false\" class=\"js_recommend\"\/><\/span><figcaption class=\"sc-1ptbguh-0 hxeMec caption\">InAppBrowser.com in Instagram<\/figcaption><\/p>\n<p class=\"sc-77igqf-0 bOfvBY\">If you&#8217;re suspicious of an app or browser extension, give InAppBrowser a try to see if it&#8217;s doing anything fishy.  Here&#8217;s how:<\/p>\n<ol data-type=\"List\" data-style=\"Number\" class=\"sc-1lmbno3-1 sizyJ\">\n<li><strong>on mobile [iOS\/Android]:<\/strong> Open the app you want to test and load <span>inappbrowser.com<\/span> in the app&#8217;s built-in web browser.  An easy way to do that is to send the link to yourself in a message, comment, or post.  alternative, open a link to a website in the app (any web link works), then go to <span>https:\/\/inappbrowser.com.<\/span> <\/li>\n<\/ol>\n<ol data-type=\"List\" data-style=\"Number\" class=\"sc-1lmbno3-1 sizyJ\">\n<li><strong>On desktops:<\/strong> To test websites and browser extensions on desktop, open your preferred browser and go to <span>inappbrowser.com<\/span>.<\/li>\n<li>Once the site loads, you&#8217;ll see a message detailing any potentially sketchy Javascript behavior InApBrowser intercepts (if any), plus explanations of what the code may be used for. <\/li>\n<\/ol>\n<p class=\"sc-77igqf-0 bOfvBY\">These readouts can help you spot possible malicious behavior, but there are a few caveats to mention.<\/p>\n<p class=\"sc-77igqf-0 bOfvBY\">Most importantly, InAppBrowser only alerts you to the existence of Javascript injection and can&#8217;t tell if an app or browser extension is actually malicious.  It even flags apps and browser extensions that use Javascript injection but <em>don&#8217;t <\/em>track you at all.  That means private browsing extensions that block a website&#8217;s trackers, apps collecting browsing data for advertising or troubleshooting reasons (like TikTok), and malicious apps that outright spy on you will all trip the same warnings.  Even Krause <span>warns against jumping to conclusions<\/span> if an app uses Javascript injection.<\/p>\n<div class=\"bxm4mm-17 bubJdb\">\n<div class=\"sc-1atgi65-0 sc-1atgi65-1 bdNdA-D js_commerce-inset-permalink\" data-inset-url=\"https:\/\/www.pjatr.com\/t\/8-11779-163529-164504?url=https%3A%2F%2Fwww.jachsny.com%2F&amp;sid=IV-|xid:fr1660668335224jab&amp;website=280661\" data-inset-category=\"CommerceInsetMobile\">\n<p>G\/O Media may get a commission<\/p>\n<div class=\"sc-1atgi65-3 hMBKyp creative-type-A\">\n<div class=\"sc-1atgi65-6 gLSKws\">\n<div class=\"sc-1atgi65-10 hherpH js_lazy-image\">\n<div><\/div>\n<\/div>\n<div class=\"sc-1atgi65-15 jrXWJC\">\n<p>Up to 85% off<\/p>\n<p>Jachs NY Summer Sale<\/p>\n<\/div>\n<\/div>\n<div class=\"sc-1atgi65-12 dRyRwx\">\n<p class=\"sc-1atgi65-13 iFlqWg\"><strong>Styles starting at $10<\/strong><br \/><span>This sitewide sale will prepare you for any style situation that may arise in the transition between seasons\u2014whether it be a henley and jeans or a button up and chino shorts moment. <\/span><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<p class=\"sc-77igqf-0 bOfvBY\">Similarly, InAppBrowser can&#8217;t alert you to other forms of tracking apps, browsers, and websites may use.  That means an app may pass InAppBrowser&#8217;s test but still collect your data by other means, so don&#8217;t rely on InAppBrowser as your sole method for testing an app&#8217;s safety. <!-- -->Still, it&#8217;s important to know if an app uses Javascript injections\u2014maliciously or otherwise\u2014<!-- -->so you can decide for yourself if the app is worth using.<\/p>\n<p class=\"sc-77igqf-0 bOfvBY\">If you find out an app might be tracking you and you want to stop it, you have a couple options. <!-- -->The best solution is to delete the app.  If it&#8217;s not on your phone, it can&#8217;t track you.<\/p>\n<p class=\"sc-77igqf-0 bOfvBY\">If you want to keep an app around but curb its tracking, go<!-- --> to the app&#8217;s settings and see if you can change the default browser to your preferred app, like Safari, Firefox, or even Chrome.  Safari is an especially good option since recent versions block many of the Javascript behaviors InAppBrowser warns against.<\/p>\n<p class=\"sc-77igqf-0 bOfvBY\">additionally, <span>disable app tracking in the iOS<\/span> or <span>Android settings menus<\/span>.  This is more effective for iOS users, but it can stymie ad tracking on Android, too. <span>Turn off location tracking,<!-- --> as well<\/span>.  Frankly, we recommend tweaking these settings anyway, even if every app you use passes the Javascript inspection test.<\/p>\n<p class=\"sc-77igqf-0 bOfvBY\">[<span>BleepingComputer<\/span>]<\/p>\n<\/div>\n<p>    .<\/p>\n","protected":false},"excerpt":{"rendered":"<p>photo: AngieYeoh (Shutterstock) In-app browsers are bunk compared to full-featured browsing apps, but they&#8217;re also a major privacy and security risk. Many apps sneak data trackers onto websites you visit through their in-app browser using a method called Javascript injection, which adds extra code to a page as it loads. These trackers can scoop up &hellip;<\/p>\n<p class=\"read-more\"> <a class=\"\" href=\"https:\/\/harchi90.com\/this-tool-checks-if-in-app-browsers-are-tracking-you\/\"> <span class=\"screen-reader-text\">This Tool Checks If In-App Browsers Are Tracking You<\/span> Read More &raquo;<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"default","ast-global-header-display":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true},"categories":[4],"tags":[20067,20069,4635,20068,4091,582,20070,1712,5055,20066,15946,5614,551,1323,1419,4457],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":43323,"url":"https:\/\/harchi90.com\/facebook-and-instagram-apps-can-track-users-via-their-in-app-browsers\/","url_meta":{"origin":53276,"position":0},"title":"Facebook and Instagram apps can track users via their in-app browsers","date":"August 12, 2022","format":false,"excerpt":"If you visit a website you see on Facebook and Instagram, you've likely noticed that you're not redirected to your browser of choice but rather a custom in-app browser. It turns out that those browsers inject javascript code into each website visited, allowing parent Meta to potentially track you across\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":42685,"url":"https:\/\/harchi90.com\/meta-injecting-code-into-websites-visited-by-its-users-to-track-them-research-says-meta\/","url_meta":{"origin":53276,"position":1},"title":"Meta injecting code into websites visited by its users to track them, research says |  Meta","date":"August 11, 2022","format":false,"excerpt":"Meta, the owner of Facebook and Instagram, has been rewriting websites its users visit, letting the company follow them across the web after they click links in its apps, according to new research from an ex-Google engineer.The two apps have been taking advantage of the fact that users who click\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":49425,"url":"https:\/\/harchi90.com\/apple-patches-double-zero-day-in-browser-and-kernel-update-now-naked-security\/","url_meta":{"origin":53276,"position":2},"title":"Apple patches double zero-day in browser and kernel \u2013 update now!  \u2013 Naked Security","date":"August 18, 2022","format":false,"excerpt":"Apple just pushed out an emergency update for two zero-day bugs that are apparently actively being exploited. There's a remote code execution hole (RCE) dubbed CVE-2022-32893 in Apple's HTML rendering software (WebKit), by means of which a booby trapped web page can trick iPhones, iPads and Macs into running unauthorised\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":30489,"url":"https:\/\/harchi90.com\/apple-pay-may-finally-work-on-chrome-edge-and-firefox-in-ios-16\/","url_meta":{"origin":53276,"position":3},"title":"Apple Pay may finally work on Chrome, Edge, and Firefox in iOS 16","date":"July 30, 2022","format":false,"excerpt":"Apple Pay could finally be compatible with Microsoft Edge, Google Chrome, and Mozilla Firefox in iOS 16. MacRumors contributor Steve Moser found that Apple Pay works with Edge and Chrome in the iOS 16 beta 4, and shared his findings on Twitter. Moser's screenshots show a \u201cContinue with Apple Pay\u201d\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":49935,"url":"https:\/\/harchi90.com\/tiktoks-in-app-browser-reportedly-capable-of-monitoring-anything-you-type\/","url_meta":{"origin":53276,"position":4},"title":"TikTok&#8217;s In-App Browser Reportedly Capable of Monitoring Anything You Type","date":"August 19, 2022","format":false,"excerpt":"TikTok's custom in-app browser on iOS reportedly injects JavaScript code into external websites that allows TikTok to monitor \"all keyboard inputs and taps\" while a user is interacting with a given website, according to security researcher Felix Krause, but TikTok has reportedly denied that the code is used for malicious\u2026","rel":"","context":"In &quot;Technology&quot;","img":{"alt_text":"tik tok logo","src":"https:\/\/i0.wp.com\/images.macrumors.com\/t\/iEPoSksam5It_TajWR7FSueKcMg=\/400x0\/article-new\/2020\/08\/tiktok-logo.jpg?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]}],"fifu_image_url":"https:\/\/i.kinja-img.com\/gawker-media\/image\/upload\/c_fill,f_auto,fl_progressive,g_center,h_675,pg_1,q_80,w_1200\/fa893833924bb3a3007c03192e407625.jpg","_links":{"self":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/posts\/53276"}],"collection":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/comments?post=53276"}],"version-history":[{"count":0,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/posts\/53276\/revisions"}],"wp:attachment":[{"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/media?parent=53276"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/categories?post=53276"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/harchi90.com\/wp-json\/wp\/v2\/tags?post=53276"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}