Home » News » Inappbrowser – Tool To Check If In-app Browsers Are Tracking You

Inappbrowser – Tool To Check If In-app Browsers Are Tracking You

fb twitter pinterest linkedin
Inappbrowser – Tool To Check If In-app Browsers Are Tracking You-GadgetAny

In-app browsers pose a significant privacy and security risk. For instance, many apps slip data trackers onto websites users visit via their in-app browser with Javascript injection. Javascript injection adds an extra code to a page as it loads. Additionally, these trackers can pick up sensitive details like browsing history, login data, keyboard presses, and text entry. Furthermore, although Javascript injection is not always used maliciously, it is still a potential security threat. However, until now, it wasn’t easy to check for it inside in-app browsers. But, Flix Krause, a security researcher, developed a tool – InAppBrowser, to check if in-app browsers use dangerous Javascript injections to track data. 

The InAppBrowser tool

The tool generally works in apps with built-in web browsers like TikTok, Instagram, etc. But it also works on the desktop to check for Javascript injections from browser extensions. Here’s how to use the InAppBrowser tool –

  • For phones (iOS/Android) – First, users must open the app they want to test. Then, load inappbrowser.com in the app’s built-in web browser. (Note: Users can easily do this by sending the link to themselves in a message, post, or comment.) In addition, users can open a link to a website in the app and then go to inappbrowser.com.
  • On desktop – To test websites and browser extensions, users can open their preferred browser and go to inappbrowser.com

Furthermore, InAppBrowser will intercept and show a message to users detailing any potentially shady Javascript behavior once the site loads. In addition, it will provide explanations of ways the apps might use the code. Thus, enabling users to discover any possible malicious behavior. 

Drawbacks of the InAppBrowser tool

There are a few drawbacks to using this tool. Here they are –

  • The InAppBrowser alerts users to the existence of Javascript injection. But, it cannot determine if an app or browser extension is dangerous or malicious. Thus, it even flags apps and browser extensions with Javascript injection that do not track users. That includes private browsing extensions that block a website’s trackers and apps collecting browsing data for advertising or troubleshooting reasons. Hence, Krause warns users against jumping to conclusions if an app uses Javascript injection.
  • InAppBrowser does not alert users to other tracking forms used by apps, browsers, and websites. Thus, an app might pass the test by InAppBrowser but still collect user data by other methods. Therefore, users shouldn’t rely solely on this tool to test an app’s safety. 

What to do if an app is using Javascript injections maliciously?

If users find out that an app might be tracking them via Javascript injections, they can employ a few ways to stop it. Here they are –

  • Deleting the app is the best solution since if the app isn’t on one’s phone, it can’t track.
  • Users can go to Settings and change the default browser to their preferred app, like Safari, Firefox, and Chrome, if they don’t want to delete the app. (Note: Safari is a good bet since the latest version blocks many Javascript behaviors InAppBrowser warns against.)
  • Disable app tracking in the iOS or Android Settings menu and turn off location tracking too. (Note: It is best to change these settings even if every app on one’s phone passes the test by InAppBrowser.)
Raulf Hernes

By Raulf Hernes

If you ask me raulf means ALL ABOUT TECH!!

Leave a Reply

Related news