New Open Source Tool Shows Code Injected Into Websites by In-App Browsers

Source
Advertisement


Some mobile applications use built-in browsers to allow users to quickly access third-party websites. Other apps include a browser to load their own resources, which may be needed to perform various activities. However, these internal browsers could also pose security and privacy risks.

Researcher Felix Krause published a blog post earlier this month claiming that the iOS apps of Instagram and Facebook could monitor everything a user does on an external website opened through the application’s internal browser. This claim was based on the JavaScript code the applications inject into the website displayed by the in-app browser.

Advertisement