This website reveals how TikTok, Instagram may track your data

According to the tool’s developer, Felix Krause, InAppBrowser.com has a simple tool to “list the JavaScript commands executed by the iOS app rendering the page”.

InAppBrowser.com is designed for everybody to verify for themselves what apps are doing inside their in-app browsers.

“To try this tool yourself, open an app you want to analyse, share the url, tap on the link inside the app to open it and then read the report on the screen,” he mentioned in a blog post. “I have decided to open source the code used for this analysis, you can check it out on GitHub. This allows the community to update and improve this script over time,” he added.

Earlier this week, he warned that Chinese short-form video app TikTok may be monitoring all keyboard inputs and taps via its in-app browser on iOS. 

TikTok said in a statement that Krause’s conclusions about the company are “incorrect and misleading”. 

“Contrary to its claims, we do not collect keystroke or text inputs through this code, which is solely used for debugging, troubleshooting and performance monitoring,” the company said.

Krause also conducted a study on the iOS app of Instagram and Facebook where he found that both these apps can track online activity using the in-app browser to open third-party links, instead of using Apple’s in-built safari browser.

These apps, the researcher says, inject “their JavaScript code into every website shown, including when clicking on ads. Even though pcm.js doesn’t do this, injecting custom scripts into third party websites allows them to monitor all user interactions, like every button & link tapped, text selections, screenshots, as well as any form inputs, like passwords, addresses and credit card numbers.”

(With inputs from IANS) 

First article