Researcher Launches InAppBrowser Tool to Detect Online Tracking Activity

After revealing how different apps can (and do) track users’ online activities via in-app browsing, a researcher has now launched “Inappbrowser” – a dedicated tool to help users know apps potentially breaching their privacy.

InApp Browser Tool To Detect App Privacy Risks

Recently, security researcher Felix Krause elaborated on how some apps possibly track users’ in-app browsing activities without consent.

As explained, apps like TikTok, Facebook, and Instagram inject JavaScript codes into third-party websites for this purpose. As a result, those apps may access details about a user’s activities, such as the site visited, the content they’re interested in, their engagement patterns with the site, and more.

The researcher initially reported this information with regard to iOS privacy and apps like TikTok and Instagram. However after further investigating the matter many other apps could potentially exhibit the same behavior.

Though not all apps implementing this practice may have malicious intent, users still deserve the right to know about such practices. Therefore, considering users’ interest and curiosity about this in-app browser tracking thing, the researcher decided to launch a dedicated “InAppBrowser” tool for the public.

As described in a separate post, this simple tool analyzes the in-app browser activity for most iOS apps. It then lists any JavaScript codes that the app renders during webview.

InAppBrowser.com is designed for everybody to verify for themselves what apps are doing inside their in-app browsers.

The researcher clarified that the tool may not detect all JavaScript commands, nor does it show the app tracking via its native code.

Using InAppBrowser

To use the tool, users need to let the tool interact with the app they want to analyze. For example, if they want to see how Instagram behaves during in-app browsing, users need to share the tool’s link https://inappbrowser.com/ within the app, such as by sending it to someone via personal message or posting it on their own profile. Then, tapping on the link to open it inside the app via webview will show a detailed report about the command sent during in-app browsing.

Let us know your thoughts in the comments

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil