Security implications of in-app browsers

The study found that popular iOS apps such as TikTok, Instagram, FB Messenger, and Facebook all allow users to open a browser within the app to visit a third-party website, during which a tracking code is implanted. In the case of TikTok, it records all of the user’s keyboard input, including sensitive data such as passwords, credit card information, and every click on the screen. This is technically the equivalent of having a keylogger installed. Following this report, TikTok issued a statement confirming that the feature existed, but that TikTok did not exploit the codes. TikTok said the in-app browser is designed to provide a better user experience, and it implants JS code on third-party websites for debugging, debugging and performance monitoring.

This article is reprinted from: https://www.solidot.org/story?sid=72526
This site is for inclusion only, and the copyright belongs to the original author.

Leave a Comment