This tool checks if in-app browsers are tracking you

The in-app browser is a bunk bed It is also a significant privacy and security risk compared to full-featured browsing apps. Many apps use a method called Javascript injection to sneak data trackers into websites accessed through an in-app browser. These trackers can collect browsing history, login data, and even keyboard presses and text inputs.

Javascript injection is not always used as a malicious means, but it is a potential security threat that has historically been difficult to check within an in-app browser. Luckily, security researcher Flix Krause’s new aptly named tool is InAppBrowserto see if your app’s built-in browser uses potentially dangerous Javascript injections to track data.

InAppBrowser only works with apps that have built-in web browser tools like TikTok, Instagram, Messenger, etc., but you can also use it on desktop to see Javascript injections from browser extensions.

If you suspect an app or browser extension, try InAppBrowser to see if it’s doing anything suspicious. Method is as follows.

1. on mobile [iOS/Android]: Open the app you want to test and load inappbrowser.com In the app’s built-in web browser. An easy way to do this is to send yourself the link in a message, comment, or post. Alternatively, open the link to the website in your app (any web link will work) and navigate to: https://inappbrowser.com.

1. On desktop: To test your website and browser extensions on your desktop, open your favorite browser and click inappbrowser.com.
2. When the site loads, you’ll see a message describing the high-level Javascript behavior that InApBrowser might intercept (if any) and what that code is used for.

While this information can help identify potential malicious behavior, there are a few things to be aware of.

Most importantly, InAppBrowser only warns of the presence of Javascript injections and cannot determine if an app or browser extension is actually malicious. It also flags apps and browser extensions that use Javascript injection, please do not Track you down at all. In other words, private browsing extensions that block website trackers, apps that collect browsing data for advertising or troubleshooting purposes (such as TikTok), and malicious apps that spy on you outright all issue the same warning. increase.even Krause warn against jumping to conclusions If your app uses Javascript injection.

Similarly, InAppBrowser cannot alert you to other forms of tracking that apps, browsers, and websites use. In other words, he shouldn’t rely on InAppBrowser as the only way to test the safety of an app, because even if the app passes her InAppBrowser’s tests, it may be able to collect data in other ways. Still, it’s important to know if your app is maliciously using Javascript injection.So you can decide for yourself if the app is worth using.

If an app may be tracking you and you want to stop it, you have a few options. The best solution is to remove the app. If it’s not on your phone, it can’t track you.

If you want to keep your app but suppress its tracking, Go to your app settings and see if you can change your default browser to your preferred app (such as Safari, Firefox, or Chrome). Safari is a particularly good option, since recent versions block many of the Javascript behaviors that InAppBrowser warns about.

moreover, Disable app tracking on iOS Also Android settings menuWhile this works better for iOS users, it can also interfere with ad tracking on Android. turn off location tracking, in the same wayFrankly, even if all the apps you use pass the Javascript inspection tests, it’s a good idea to tweak these settings.

[BleepingComputer]