This tool checks if in-app browsers are tracking you

Image for article titled This tool checks whether in-app browsers are tracking you

Photo: AngieYeoh (Shutterstock)

In-app browsers are overlaid compared to full-featured navigation apps, but they also pose a major privacy and security risk. Many apps insert data trackers on websites you visit through their built-in browser using a method called JavaScript injection, which adds additional code to a page as it loads. These trackers can retrieve browsing history, login data, and even key presses and text input.

Although not always used for nefarious purposes, JavaScript injection is a potential security threat that has until now been difficult to check in in-app browsers. Fortunately, the aptly named new tool from security researcher Flix Krause, InApp Browserchecks whether an app’s built-in browser is using potentially dangerous JavaScript injections to track your data.

Although InAppBrowser only works in apps that have a built-in web browser tool, such as TikTok, Instagram, or Messenger, you can also use it on desktop to check for Javascript injections from browser extensions. on Instagram

If you’re suspicious of an app or browser extension, try InAppBrowser to see if it’s doing anything fishy. Here’s how:

  1. On mobile [iOS/Android]: Open the app you want to test and load in the app’s built-in web browser. An easy way to do this is to send the link to yourself in a message, comment, or post. You can also open a website link in the app (any web link will work) and then go to
  1. On the desk : To test websites and browser extensions on desktop, open your favorite browser and navigate to
  2. Once the site loads, you’ll see a message detailing any potentially sketchy JavaScript behavior intercepted by InApBrowser (if any), along with explanations of how to use the code.

These readings can help you spot possible malicious behavior, but there are a few caveats worth mentioning.

More importantly, InAppBrowser only alerts you to the existence of Javascript injection and cannot tell if an app or browser extension is actually malicious. It even flags apps and browser extensions that use Javascript injection, but don’t follow you at all. This means that private browsing extensions that block a website’s trackers, apps that collect browsing data for advertising or troubleshooting purposes (like TikTok), and malicious apps that outright spy on you will all trigger the same warnings. . Even Krause cautions against hasty conclusions if an application uses JavaScript injection.

Similarly, InAppBrowser cannot alert you to other forms of tracking that apps, browsers, and websites may use. This means that an app can pass InAppBrowser’s test while collecting your data in other ways. So don’t rely on InAppBrowser as the only method to test the security of an application. Nevertheless, it is important to know if an application uses JavaScript injections, maliciously or you can decide for yourself if the app is worth using.

If you find out that an app might be tracking you and you want to stop it, you have several options. The best solution is to delete the app. If it’s not on your phone, it can’t track you.

If you want to keep an app but limit its tracking, go to app settings and see if you can change the default browser to your favorite app, like Safari, Firefox or even Chrome. Safari is a particularly good option because recent versions block many JavaScript behaviors that InAppBrowser warns against.

In addition, disable app tracking in ios Where Android settings menus. This is more effective for iOS users, but it can also hamper ad tracking on Android. Turn off location tracking, as well. Frankly, we recommend changing these settings anyway, even if every application you use passes the Javascript inspection test.



Comments are closed.