The controversy over in-app browsers on iOS swells. A developer has proven that apps can widely access your data, even your passwords.
For a week, a controversy swells on the side of the iPhone. Apple is known for emphasizing the security and privacy of user data. But now, a fairly common function of connected applications includes a real hole in the racket on the security side.
We were able to discover that the browser integrated into the Instagram and Facebook applications, which opens by clicking on links, was able to track your actions, as long as you remain in this browser. All this without the user’s consent and outside of the rules put in place by Apple on data tracking.
A developer reveals the extent of the problem
We thus discover that the TikTok application injects code which makes it possible to follow absolutely all your actions in its browser. It can thus read everything you type on the keyboard, which includes your passwords, and all ” tapsi.e. the actions on the touch screen.
The social network has already responded to Forbes on the subject. The firm recognizes the integration of these functions, but promises not to use them.
Felix Krause specifies that his tool is not perfect. It does not make it possible to detect everything and in particular not the native code used by these services for certain follow-ups. This means that some elements tracked by companies like Facebook and TikTok are not detected.
Moreover, we cannot know how the applications use the data collected. If they are used only for troubleshooting or if the data is collected for processing.
Applications that do not cause problems
In the list we can mention Twitter, WhatsApp, Reddit, YouTube, Gmail, Twitch, Spotify, Microsoft Outlook, Teams and OneNote, Telegram, Slack and Signal.
Disable internal browser
Other applications that are challenged by Felix Krause’s tool allow the user to choose between the default iOS browser and the application’s internal browser.
Those who care about the security of their data are therefore advised to deactivate the application’s internal browser. This is possible on Instagram, Facebook Messenger, Facebook, Amazon and Snapchat in particular.
Apple must react
It would therefore require new regulations from Apple around internal browsers to correct these privacy problems. The firm could allow the use of an internal browser as long as the application sends internal links to its service (TikTok.com in the case of TikTok for example), but require the use of the Safari view for external links.
Apple positions itself as a champion of privacy. It is clear that this situation cannot continue.
To follow us, we invite you to download our Android and iOS application. You can read our articles, files, and watch our latest YouTube videos.