The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 4,224 other subscribers

iOS/Android Privacy: – see what JavaScript commands get injected through an in-app browser · Felix Krause

Posted by jpluimers on 2022/08/31

Especially on Archive, but also on Android and other mobile operating systems, mobile apps can have their in-app browsers to circumvent the OS provided wrapper around the system browser.

On iOS, the Safari is the only system browser engine whereas on Android you can have other engines too, so less Android applications have in-app browsers.

Most of those in-app browsers are in social media applications that go to great length to keep their users inside a walled garden.

The site [Wayback/Archive] helps checking how severely information is leaked through the in-app browser as those potentially have a lot of control. TikTok is worst capturing all input including credentials like user names and passwords.

(next to mobile browsers, you can of course also use it with web browsers from your personal computer, but in that case note that the outcome will highly depend on which browser extensions you have installed (as most install event listeners). was announced by [Wayback/Archive] iOS Privacy: Announcing – see what JavaScript commands get injected through an in-app browser · Felix Krause which I found via [Wayback/Archive] Felix Krause on Twitter: “🔥 New Post: Announcing InAppBrowser – see what JavaScript commands get injected through an in-app browser 👀 TikTok, when opening any website in their app, injects tracking code that can monitor all keystrokes, including passwords, and all.

Image Image

Incidentally, at the same day, [Wayback/Archive] Scott Hanselman (@shanselman) was mad at apple for even allowing such in-app browsers:

  1. [Wayback/Archive] Scott Hanselman on Twitter: “Apple needs to KILL In-App Browsers. Just launch the damn default browser I trust.”
  2. [Wayback/Archive] “They just need to encourage in their ToS thay social media apps “link to bio” and what not need to launch normally. This isn’t about WebView usage, it’s about maliciously keeping the user from leaving their app”

Some of the above is based on the great insight presented by [Wayback/Archive] Roderick Gadellaa (@RGadellaa):


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: