nAppBrowser Privacy Risk

The recent discovery of JavaScript injection into websites that are visited using popular mobile applications that include integrated browsers has raised serious concerns.

Code injection techniques are commonly used on popular social media platforms such as Facebook, Instagram, and TikTok. They do this mainly in order to track all the actions that users make on any website that is displayed in the web browser that is included within the app itself.

A website called InAppBrowser was created by Felix Krause as a way to reveal to the user which browsers are injecting code into their applications.

While the built-in web browser on the mobile phone does track the activities of a user, it does not monitor everything a user does. 

Only the pages that are accessed from within the social media apps are monitored by the app; no other sites are monitored. The solution to avoiding tracking is to use a browser that offers more security.

On most mobile phones, once the hyperlink is clicked, the app that was used to open the hyperlink on the phone will ask the phone user which browser they would like to use to browse the web. In spite of this, no such request is made by popular social network applications.

How to use InAppBrowser?

Here below, we have mentioned the guide to using InAppBrowser:-

  • You should open the application that you wish to analyze.
  • In order to obtain the link in the app, please use the share functionality within the application.
  • Open the link that you just shared with someone or that has just been posted on social media.
  • Take a look at the report that is displayed on the screen.
  • That’s it.

In accordance with the website, the following information is revealed:-

  • By adding CSS code to the app, the appearance of the website can be customized according to your preferences.
  • This web application monitors all taps that take place on websites.
  • Ensures that every keyboard input on the website is being monitored.
  • Obtains the title of the website.
  • It is possible to track which elements the user clicks on by using information about each element that is based on coordinates.

Despite Krause’s assurances, all JavaScript commands are not detected on the site, and not all code injections are detected. Furthermore, it is not capable of detecting native code, which may also be used by apps.

Rise of Remote Workers: A Checklist for Securing Your Network – Download Free White paper

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.