January 29, 2023


Tools that can visualize the JavaScript commands injected by the in-app browser have been talked about, but it became clear that TikTok’s browser monitors every word the user types.

New web tool released

Developer Felix Krauss has announced a tool called “https://InAppBrowser.com” that allows you to see how mobile apps track user data in the in-app browser.
When he used ‘InAppBrowser’ to examine the behavior of the TikTok app, he found that the browser within the app monitors all keyboard inputs and taps.

Also monitors the input of personal user information

When you open a link in TikTok’s iOS app, it opens in the in-app browser. While navigating the website, TikTok monitors every keyboard input (including passwords, credit card information, etc.) and every tap on the screen, including which buttons and links you click. That’s it.
“From a technical standpoint, this is the same as installing a keylogger on a third-party website,” Krause said of the JavaScript code TikTok injects. However, he added, “Just because an app is injecting JavaScript into an external website doesn’t mean the app is doing something malicious.”

TikTok claims to ensure optimal user experience

In a statement shared with Forbes, a TikTok spokesperson said the JavaScript code is “used only for debugging, troubleshooting and performance monitoring to ensure an ‘optimal user experience’.” .
If you want to protect yourself from the potential malicious use of JavaScript code in in-app browsers, Krauss says, you can toggle settings to show certain links in your platform’s default browser, such as Safari on iPhones and iPads. I advise you should.
Source: Felix Krause via MacRumors, 9to5Mac, Forbes

See also  Xiaomi raises prices of tablets, smart watches, etc. from August 1st

Source: iPhone Mania