Felix Krause published a tool to review how in-app browsers are hijacking user’s actions in the web. Tools follows report made by the same developer.
TikTok’s browser even captures every key stroke (including passwords) and reports those back to app owner.
- In-app browsers like those in Facebook and Instagram are a big privacy risk, developer shows
- TikTok’s In-App Browser Reportedly Capable of Monitoring Anything You Type
Developer:Use SFSafariViewController whenever is possible.
QA engineer:Verify that web views are protecting user data.
PM/DM:Add security related tasks to backlog when needed.