Discover more from Lukewarm Security Info
Insecure In-App Browsing
Looking into what in-app browsers are, the security and privacy concerns around them, and how to protect yourself.
What are in-app browsers?
Mobile applications such as Facebook, Instagram, Snapchat, Facebook Messenger, Discord and (more recently in the news) TikTok have their own in-app browsers that allow users to open links in a browser from within the application.
In-app browser, put simply, are inbuilt browsers that are used to open links while inside a mobile app. For example, if you’ve ever clicked on a link inside Facebook Messenger, you’ll notice that there’s a small pop-up that comes up with the website - this is their inbuilt browser.
Facebook Messenger’s In-App Browser
Why are these insecure?
What this meant was that whenever a user clicked on a link from within the app, and the in-app browser was opened, anything that the user did to interact with the webpage, whether that be purchase a ticket (inputting credit card details), visiting a shopping site, reading a blog post etc. was all recorded and sent back to TikTok.
How do I protect myself?
The simplest way to protect against these possible privacy issues is to open the link in your browser, rather than within the app itself. This can be done by either copy and pasting the link into your browser, or (once opened within the in-app browser) there is typically an option to open the link in your default browser.
Opening the link in your default browser
While not all in-app browsers are there with malicious intent, it’s always better to take these small security measures to ensure that your data, credit card details and activity aren’t being tracked or recorded.
How can I detect if my activity is being recorded?
InAppBrowser.com analysis of common in-app browsers
For more information, view the original blog announcement of this tool by KrauseFx here.