For those unaware, Android and iOS allow apps to use their own in-app browsers powered by the default browser (Chrome and Safari’s Webkit). This is called WebView, and is usually implemented to allow users to open URLs without switching to another app. But, it’s not always safe to use these in-app browsers.
How to check if an in-app browser is tracking you?
1. Open the app that you want to check.
2. Send the following link in a message to someone (or yourself), or create a post on social media. https://inappbrowser.com/.
3. Tap on the URL, and let the app open it using its in-app browser.
4. It will load the website with a page that will display the details about how the app is tracking you.
What does the web-app check?
It detects whether an app allows links to be opened in the default browser (in this case, Safari). Interestingly, TikTok does not allow users to open links in a different browser.
The biggest offender seems to TikTok’s in-app browser, it tracks every tap (read keystroke) that the user makes in it, like a keylogger. So, it could gather any data, including your passwords, credit card details, etc.
Here are some screenshots that we took after running the tests.
Instagram in-app browser privacy check
Facebook in-app browser privacy tests
Images courtesy: Jay
I checked the Telegram app on my friend’s phone, and it seems to be fine.
What you can do to protect yourself?
It’s quite simple, stop using the in-app browser in apps. Whenever you come across a link, open it in the default web browser instead. If that doesn’t work, you can copy the URL to the clipboard, and paste it in the browser manually. This doesn’t work in all scenarios, for example, TikTok’s in-app browser does not allow you to copy and paste text from it.