Felix Krause published a tool to review how in-app browsers are hijacking user’s actions in the web. Tools follows report made by the same developer.

TikTok’s browser even captures every key stroke (including passwords) and reports those back to app owner.

Tool provides report on injected JavaScript code that could intercept user’s data.

Tool: InAppBrowser

References:

Recommendations

Developer:

Use SFSafariViewController whenever is possible.

QA engineer:

Verify that web views are protecting user data.

PM/DM:

Add security related tasks to backlog when needed.

Leave a comment

Leave a Reply