Pages

Developer Creates New Tool That Makes JavaScript Commands Added Via In-App Browsers Visible To All

Recently, we highlighted some information regarding a developer who proved to us through his detailed study that mobile apps could track user data via in-app browsing.

But now, Felix Krause is back again and his new tool is on spotlight. This creation is actually very interesting as it allows anyone and everyone to witness different JavaScript commands that have been put forward through in-app browsers.

Felix highlighted the platform as InAppBrowser by which anyone interested will be allowed to gain access and verify how web browsing that’s embedded inside an app works. Remember, with a simple click, Javascript codes have the capability to track down users.

In case you’re getting confused or might not be familiar with the concept, well, this has to do with in-app browsing experiences. It comes into play whenever you click on URLs located within apps.

The app puts the website on display without any redirection taking place, thanks to the external browsing application. Be it Safari, Google Chrome, or more.

Developers have the choice to modify the layout and interface of the in-app browsers so that they aren’t solely relying on web kits of iOS, for example. Instead, they’re now going to be having their own JavaScript codes by their side for easy functioning.

This way, the probability linked to more and more users getting tracked increases with time, and they’re not even aware of what’s going on. For example, some applications can now make use of in-app browsing experiences to get all the taps linked to a certain website, keyboard input, and also a title.

Did you know that this data is enough to make an entire person’s fingerprint too? As it is, a lot of the data collected online is for the purpose of targeted advertising. It’s true that the platform isn’t able to gain all commands linked to Javascript. However, it still ends up providing more insight into what these types of apps are doing and which data gets collected.

For those interested, this is how simple it is to utilize InApp Browsing tools.

Open up the application that you plan on analyzing and then share its URL at a certain place in the app.

Click on the link inside the application so it opens up and you end up getting a report regarding JavaScript commands.

Thankfully, Felix Krause has also revealed how he’s even experimented with the tool in a way that shows it working great with other apps. This includes the likes of TikTok where it can monitor users’ activity, after opening the URL.

On the other hand, he also showed how it works seamlessly with Instagram as well, where all text that’s selected is seen across a webpage too.

Remember, the developer does realize that not every single application that gets injected with the specific code into such browsers does so with malicious intent. After all, JavaScript is considered to be the platform for so many other features found across the web.


Read next: Facebook Struggles To Maintain Its Ranking On The List Of Top 10 Apps As Young Users Lose Interest

No comments: