The iPhone has a real security problem: TikTok can read your passwords | TechBuzz

- Advertisement -


The controversy over in-app browsers on iOS swells. A developer has proven that apps can widely access your data, even your passwords.

Apple iPhone 12 Mini – Frandroid – 3
Source: Frandroid/Arnaud Gelineau

For a week, a controversy swells on the side of the iPhone. Apple is known for emphasizing the security and privacy of user data. But now, a fairly common function of connected applications includes a real hole in the racket on the security side.

- Advertisement -

We were able to discover that the browser integrated into the Instagram and Facebook applications, which opens by clicking on links, was able to track your actions, as long as you remain in this browser. All this without the user’s consent and outside of the rules put in place by Apple on data tracking.

A developer reveals the extent of the problem

Felix Krause, developer emeritus passed by Google and Twitter took the matter in hand to develop InAppBrowser. This is a website to open with your favorite application’s built-in browser to test what it injects into JavaScript commands. Just share the link to the InAppBrowser.com site on a social network like TikTok or Instagram, to open it with the relevant application.

Tik Tok inApp Browser iPhone probleme

- Advertisement -

We thus discover that the TikTok application injects code which makes it possible to follow absolutely all your actions in its browser. It can thus read everything you type on the keyboard, which includes your passwords, and all ” tapsi.e. the actions on the touch screen.

The social network has already responded to Forbes on the subject. The firm recognizes the integration of these functions, but promises not to use them.

Like other platforms, we use an in-app browser to provide an optimal user experience, but the JavaScript code in question is only used for debugging, troubleshooting and performance monitoring of this experience, for example to check the page loading speed or the absence of failure.

Felix Krause specifies that his tool is not perfect. It does not make it possible to detect everything and in particular not the native code used by these services for certain follow-ups. This means that some elements tracked by companies like Facebook and TikTok are not detected.

- Advertisement -

Moreover, we cannot know how the applications use the data collected. If they are used only for troubleshooting or if the data is collected for processing.

Applications that do not cause problems

To pose a problem for user privacy, apps use their own internal browser. Others choose to use an integrated version of the Safari browser called through the APISFSafariViewController. These applications are therefore out of the question, they cannot integrate JavaScript codes into Safari.

In the list we can mention Twitter, WhatsApp, Reddit, YouTube, Gmail, Twitch, Spotify, Microsoft Outlook, Teams and OneNote, Telegram, Slack and Signal.

Disable internal browser

Other applications that are challenged by Felix Krause’s tool allow the user to choose between the default iOS browser and the application’s internal browser.

Those who care about the security of their data are therefore advised to deactivate the application’s internal browser. This is possible on Instagram, Facebook Messenger, Facebook, Amazon and Snapchat in particular.

Apple must react

As Felix Krause points out, app developers who have a problem with privacy can easily update their apps to hide these discoveries. In particular, they can hijack the use of an API named WKContentWorld to no longer detect the JavaScript commands integrated into their applications.

It would therefore require new regulations from Apple around internal browsers to correct these privacy problems. The firm could allow the use of an internal browser as long as the application sends internal links to its service (TikTok.com in the case of TikTok for example), but require the use of the Safari view for external links.

Apple positions itself as a champion of privacy. It is clear that this situation cannot continue.


To follow us, we invite you to download our Android and iOS application. You can read our articles, files, and watch our latest YouTube videos.



Source link

- Advertisement -
Admin
Adminhttp://techbuzz.asia
I am admin of techbuzz.asia blog & I provide tech-related news. As a part of my hobby, I make content related to technology and gadgets reviews too. I love to be a content creator apart from it, I am a full-time employee in an MNC company and manage blogs systematically. You can mail me at [email protected]

More from author

Related posts

Advertisment

Latest posts

Elon Musk has changed his mind: he finally wants to buy Twitter | TechBuzz

A few days before the trial, Elon Musk makes his mea culpa. According to Bloomberg, the boss of Tesla...
[tdn_block_newsletter_subscribe title_text="Want to stay up to date with the latest news? " description="V2UlMjB3b3VsZCUyMGxvdmUlMjB0byUyMGhlYXIlMjBmcm9tJTIweW91ISUyMFBsZWFzZSUyMGZpbGwlMjBpbiUyMHlvdXIlMjBkZXRhaWxzJTIwYW5kJTIwd2UlMjB3aWxsJTIwc3RheSUyMGluJTIwdG91Y2guJTIwSXQncyUyMHRoYXQlMjBzaW1wbGUh" input_placeholder="Email address" btn_text="Subscribe" tds_newsletter2-image="8" tds_newsletter2-image_bg_color="#c3ecff" tds_newsletter3-input_bar_display="row" tds_newsletter4-image="9" tds_newsletter4-image_bg_color="#fffbcf" tds_newsletter4-btn_bg_color="#f3b700" tds_newsletter4-check_accent="#f3b700" tds_newsletter5-tdicon="tdc-font-fa tdc-font-fa-envelope-o" tds_newsletter5-btn_bg_color="#000000" tds_newsletter5-btn_bg_color_hover="#4db2ec" tds_newsletter5-check_accent="#000000" tds_newsletter6-input_bar_display="row" tds_newsletter6-btn_bg_color="#da1414" tds_newsletter6-check_accent="#da1414" tds_newsletter7-image="10" tds_newsletter7-btn_bg_color="#1c69ad" tds_newsletter7-check_accent="#1c69ad" tds_newsletter7-f_title_font_size="20" tds_newsletter7-f_title_font_line_height="28px" tds_newsletter8-input_bar_display="row" tds_newsletter8-btn_bg_color="#00649e" tds_newsletter8-btn_bg_color_hover="#21709e" tds_newsletter8-check_accent="#00649e" tds_newsletter="tds_newsletter1" tds_newsletter1-input_bar_display="" tds_newsletter1-input_border_size="0" tds_newsletter1-title_color="#172842" tds_newsletter1-description_color="#90a0af" tds_newsletter1-disclaimer_color="#90a0af" tds_newsletter1-disclaimer2_color="#90a0af" tds_newsletter1-input_text_color="#90a0af" tds_newsletter1-input_placeholder_color="#bcccd6" tds_newsletter1-input_bg_color="#ffffff" tds_newsletter1-input_border_color="rgba(255,255,255,0)" tds_newsletter1-input_border_color_active="rgba(255,255,255,0)" tds_newsletter1-f_title_font_family="394" tds_newsletter1-f_title_font_size="eyJhbGwiOiI0MiIsImxhbmRzY2FwZSI6IjM2IiwicG9ydHJhaXQiOiIzMCIsInBob25lIjoiMzAifQ==" tds_newsletter1-f_title_font_line_height="1.2" tds_newsletter1-f_title_font_spacing="-1" tds_newsletter1-f_descr_font_family="638" tds_newsletter1-f_descr_font_size="eyJhbGwiOiIxOCIsImxhbmRzY2FwZSI6IjE1IiwicG9ydHJhaXQiOiIxNCIsInBob25lIjoiMTQifQ==" tds_newsletter1-f_descr_font_line_height="1.6" tds_newsletter1-f_descr_font_weight="700" content_align_horizontal="content-horiz-center" tdc_css="eyJhbGwiOnsibWFyZ2luLXJpZ2h0IjoiYXV0byIsIm1hcmdpbi1ib3R0b20iOiIxMDAiLCJtYXJnaW4tbGVmdCI6ImF1dG8iLCJwYWRkaW5nLXRvcCI6IjkwIiwid2lkdGgiOiI0MCUiLCJkaXNwbGF5IjoiIn0sInBvcnRyYWl0Ijp7Im1hcmdpbi1ib3R0b20iOiI3MCIsInBhZGRpbmctdG9wIjoiNjAiLCJ3aWR0aCI6IjcwJSIsImRpc3BsYXkiOiIifSwicG9ydHJhaXRfbWF4X3dpZHRoIjoxMDE4LCJwb3J0cmFpdF9taW5fd2lkdGgiOjc2OCwicGhvbmUiOnsibWFyZ2luLWJvdHRvbSI6IjcwIiwicGFkZGluZy10b3AiOiI2MCIsIndpZHRoIjoiMTAwJSIsImRpc3BsYXkiOiIifSwicGhvbmVfbWF4X3dpZHRoIjo3NjcsImxhbmRzY2FwZSI6eyJtYXJnaW4tYm90dG9tIjoiOTAiLCJwYWRkaW5nLXRvcCI6IjgwIiwid2lkdGgiOiI2NSUiLCJkaXNwbGF5IjoiIn0sImxhbmRzY2FwZV9tYXhfd2lkdGgiOjExNDAsImxhbmRzY2FwZV9taW5fd2lkdGgiOjEwMTl9" tds_newsletter1-f_disclaimer_font_family="394" tds_newsletter1-f_disclaimer2_font_family="394" tds_newsletter1-f_input_font_family="394" tds_newsletter1-f_input_font_line_height="3" tds_newsletter1-f_input_font_size="eyJhbGwiOiIxNiIsInBvcnRyYWl0IjoiMTQiLCJwaG9uZSI6IjE0In0=" tds_newsletter1-f_btn_font_family="394" tds_newsletter1-f_btn_font_transform="uppercase" tds_newsletter1-f_btn_font_weight="700" tds_newsletter1-btn_bg_color="#e2687e" tds_newsletter1-btn_bg_color_hover="#172842" tds_newsletter1-f_input_font_weight="" tds_newsletter1-f_title_font_weight="800" embedded_form_code="JTNDIS0tJTIwQmVnaW4lMjBNYWlsY2hpbXAlMjBTaWdudXAlMjBGb3JtJTIwLS0lM0UlMEElM0NsaW5rJTIwaHJlZiUzRCUyMiUyRiUyRmNkbi1pbWFnZXMubWFpbGNoaW1wLmNvbSUyRmVtYmVkY29kZSUyRnNsaW0tMTBfN19kdHAuY3NzJTIyJTIwcmVsJTNEJTIyc3R5bGVzaGVldCUyMiUyMHR5cGUlM0QlMjJ0ZXh0JTJGY3NzJTIyJTNFJTBBJTNDc3R5bGUlMjB0eXBlJTNEJTIydGV4dCUyRmNzcyUyMiUzRSUwQSUwOSUyM21jX2VtYmVkX3NpZ251cCU3QmJhY2tncm91bmQlM0ElMjNmZmYlM0IlMjBjbGVhciUzQWxlZnQlM0IlMjBmb250JTNBMTRweCUyMEhlbHZldGljYSUyQ0FyaWFsJTJDc2Fucy1zZXJpZiUzQiUyMCU3RCUwQSUwOSUyRiolMjBBZGQlMjB5b3VyJTIwb3duJTIwTWFpbGNoaW1wJTIwZm9ybSUyMHN0eWxlJTIwb3ZlcnJpZGVzJTIwaW4lMjB5b3VyJTIwc2l0ZSUyMHN0eWxlc2hlZXQlMjBvciUyMGluJTIwdGhpcyUyMHN0eWxlJTIwYmxvY2suJTBBJTA5JTIwJTIwJTIwV2UlMjByZWNvbW1lbmQlMjBtb3ZpbmclMjB0aGlzJTIwYmxvY2slMjBhbmQlMjB0aGUlMjBwcmVjZWRpbmclMjBDU1MlMjBsaW5rJTIwdG8lMjB0aGUlMjBIRUFEJTIwb2YlMjB5b3VyJTIwSFRNTCUyMGZpbGUuJTIwKiUyRiUwQSUzQyUyRnN0eWxlJTNFJTBBJTNDZGl2JTIwaWQlM0QlMjJtY19lbWJlZF9zaWdudXAlMjIlM0UlMEElM0Nmb3JtJTIwYWN0aW9uJTNEJTIyaHR0cHMlM0ElMkYlMkZ5b3VpbmZpbml0eS51czExLmxpc3QtbWFuYWdlLmNvbSUyRnN1YnNjcmliZSUyRnBvc3QlM0Z1JTNENjI4YWQ0NDQ3ODk1ZWE4NTE3MmIyM2ZmYiUyNmFtcCUzQmlkJTNEMzMxMzJmNWRlOCUyMiUyMG1ldGhvZCUzRCUyMnBvc3QlMjIlMjBpZCUzRCUyMm1jLWVtYmVkZGVkLXN1YnNjcmliZS1mb3JtJTIyJTIwbmFtZSUzRCUyMm1jLWVtYmVkZGVkLXN1YnNjcmliZS1mb3JtJTIyJTIwY2xhc3MlM0QlMjJ2YWxpZGF0ZSUyMiUyMHRhcmdldCUzRCUyMl9ibGFuayUyMiUyMG5vdmFsaWRhdGUlM0UlMEElMjAlMjAlMjAlMjAlM0NkaXYlMjBpZCUzRCUyMm1jX2VtYmVkX3NpZ251cF9zY3JvbGwlMjIlM0UlMEElMDklM0NsYWJlbCUyMGZvciUzRCUyMm1jZS1FTUFJTCUyMiUzRVN1YnNjcmliZSUzQyUyRmxhYmVsJTNFJTBBJTA5JTNDaW5wdXQlMjB0eXBlJTNEJTIyZW1haWwlMjIlMjB2YWx1ZSUzRCUyMiUyMiUyMG5hbWUlM0QlMjJFTUFJTCUyMiUyMGNsYXNzJTNEJTIyZW1haWwlMjIlMjBpZCUzRCUyMm1jZS1FTUFJTCUyMiUyMHBsYWNlaG9sZGVyJTNEJTIyZW1haWwlMjBhZGRyZXNzJTIyJTIwcmVxdWlyZWQlM0UlMEElMjAlMjAlMjAlMjAlM0MhLS0lMjByZWFsJTIwcGVvcGxlJTIwc2hvdWxkJTIwbm90JTIwZmlsbCUyMHRoaXMlMjBpbiUyMGFuZCUyMGV4cGVjdCUyMGdvb2QlMjB0aGluZ3MlMjAtJTIwZG8lMjBub3QlMjByZW1vdmUlMjB0aGlzJTIwb3IlMjByaXNrJTIwZm9ybSUyMGJvdCUyMHNpZ251cHMtLSUzRSUwQSUyMCUyMCUyMCUyMCUzQ2RpdiUyMHN0eWxlJTNEJTIycG9zaXRpb24lM0ElMjBhYnNvbHV0ZSUzQiUyMGxlZnQlM0ElMjAtNTAwMHB4JTNCJTIyJTIwYXJpYS1oaWRkZW4lM0QlMjJ0cnVlJTIyJTNFJTNDaW5wdXQlMjB0eXBlJTNEJTIydGV4dCUyMiUyMG5hbWUlM0QlMjJiXzYyOGFkNDQ0Nzg5NWVhODUxNzJiMjNmZmJfMzMxMzJmNWRlOCUyMiUyMHRhYmluZGV4JTNEJTIyLTElMjIlMjB2YWx1ZSUzRCUyMiUyMiUzRSUzQyUyRmRpdiUzRSUwQSUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUzQ2RpdiUyMGNsYXNzJTNEJTIyb3B0aW9uYWxQYXJlbnQlMjIlM0UlMEElMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlM0NkaXYlMjBjbGFzcyUzRCUyMmNsZWFyJTIwZm9vdCUyMiUzRSUwQSUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUzQ2lucHV0JTIwdHlwZSUzRCUyMnN1Ym1pdCUyMiUyMHZhbHVlJTNEJTIyU3Vic2NyaWJlJTIyJTIwbmFtZSUzRCUyMnN1YnNjcmliZSUyMiUyMGlkJTNEJTIybWMtZW1iZWRkZWQtc3Vic2NyaWJlJTIyJTIwY2xhc3MlM0QlMjJidXR0b24lMjIlM0UlMEElMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlM0NwJTIwY2xhc3MlM0QlMjJicmFuZGluZ0xvZ28lMjIlM0UlM0NhJTIwaHJlZiUzRCUyMmh0dHAlM0ElMkYlMkZlZXB1cmwuY29tJTJGaFNDMFhMJTIyJTIwdGl0bGUlM0QlMjJNYWlsY2hpbXAlMjAtJTIwZW1haWwlMjBtYXJrZXRpbmclMjBtYWRlJTIwZWFzeSUyMGFuZCUyMGZ1biUyMiUzRSUzQ2ltZyUyMHNyYyUzRCUyMmh0dHBzJTNBJTJGJTJGZWVwLmlvJTJGbWMtY2RuLWltYWdlcyUyRnRlbXBsYXRlX2ltYWdlcyUyRmJyYW5kaW5nX2xvZ29fdGV4dF9kYXJrX2R0cC5zdmclMjIlM0UlM0MlMkZhJTNFJTNDJTJGcCUzRSUwQSUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUzQyUyRmRpdiUzRSUwQSUyMCUyMCUyMCUyMCUyMCUyMCUyMCUyMCUzQyUyRmRpdiUzRSUwQSUyMCUyMCUyMCUyMCUzQyUyRmRpdiUzRSUwQSUzQyUyRmZvcm0lM0UlMEElM0MlMkZkaXYlM0UlMEElMEElM0MhLS1FbmQlMjBtY19lbWJlZF9zaWdudXAtLSUzRQ=="]