This website tells you what private information apps can track – The Verge

Did you know that you can potentially be tracked when loading an in-app browser on iOS? A new tool reveals exactly how apps like TikTok and Instagram can use JavaScript to display sensitive data, including address, passwords and credit card information, without your consent.

The tool can be found in InAppBrowser.com. All you have to do is open the app you want to check and share the URL of InAppBrowser.com somewhere inside – like sending a direct link to a friend or posting it in a comment. From there, you can click on the link and get a report from the website about which scripts are running in the background.

Do not be afraid if you are not familiar with technical terms, such as the developer of the tool, Felix Krause, Provides some frequently asked questions Explain exactly what you see. In response to questions about how best to protect yourself, Krause says, “Whenever you open a link from any app, check if the app provides a way to open the currently displayed website in your default browser. During this analysis, each app besides TikTok provided a way to do so” .

Krause is a security researcher and former Google employee who was earlier this month Share a detailed report About how browsers within apps like Facebook, Instagram, and TikTok can pose a privacy risk for iOS users.

In-app browsers are used when you click on an in-app URL. While these browsers are based on Safari’s WebKit on iOS, developers can modify it to run their own JavaScript code, allowing them to track your activity without consent from you or third-party websites you visit.

Applications can inject their own JavaScript code into websites, which allows them to monitor how the user interacts with the application. This can include information about each button or link you click, keyboard entries and whether screenshots were taken, although each app will differ in the information it collects.

In response to Krause’s previous reportMeta has justified the use of these custom tracking scripts by claiming that users already consent to apps like Facebook and Instagram to have their data tracked. Meta also claims that the retrieved data is only used for targeted advertising or unspecified “measurement purposes.”

“We deliberately developed this blog to honor people [Ask to track] options on our platform,” a Meta spokesperson said. “The code allows us to collect user data before it is used for targeted advertising or measurement purposes.”

“For purchases made through the in-app browser, we seek user consent to save payment information for auto-fill purposes,” they added.

The tool developed by Krause is not foolproof. It admits that it cannot detect all possible JavaScript commands being executed, and states that JavaScript is also used in legitimate development and is not inherently malicious. He notes that “this tool cannot detect all executed JavaScript commands, nor does it show any tracking that the application might do with native code (such as custom gesture recognizers)”. However, this provides an easy-to-use way for iOS users to verify their digital fingerprint via their favorite apps.

Krause also made the tool open source, noting that “InAppBrowser.com is designed for everyone to check for themselves what apps within browsers are doing within an app. I’ve decided to open the source code used for this analysis, you can check it out at github. This allows the community to update and improve this script over time.” You can read more about it His website.

#website #tells #private #information #apps #track #Verge

Leave a Comment

Your email address will not be published.