Home LATEST NEWS HIGH TECH TikTok, Instagram and Facebook browsers are stalking you more than you think

TikTok, Instagram and Facebook browsers are stalking you more than you think


Developer and cybersecurity researcher Felix Krause recently launched the open-access site (open-source) InAppBrowser.com (New window). With this tool, you can check whether browsers that open inside mobile apps, like Instagram or TikTok, are tracking your online activity.

Some iOS and Android apps use a custom browser within the app. This entails risks for the security and privacy of the user. »

A quote from Felix Krause

The tool notably made it possible to reveal that the Chinese application TikTok does indeed inject JavaScript codes to track data on its home browser, without the consent of the Internet user or the sites that are consulted.

Concretely, this means that when you click on a URL to buy a product on TikTok, for example, the application opens an internal window. And as with any online purchase, you enter sensitive data such as mailing address, credit card information and sometimes a password.

JavaScript codes can monitor things like keystrokes, screenshots, and simple button interactions.

A TikTok spokesperson confirmed the practice to the magazine. Forbesstating that the JavaScript code in question is used only for debugging, troubleshooting and performance monitoring of the experiment.

How to protect yourself

You can first check if the internal browser of the application you are using uses JavaScript codes with the InAppBrowser.com tool. The goal is to be able to open the URL from the app you want to test. So, just post it in comment or send it to anyone in direct message (direct message Where DMin English) on Instagram, for example, and tap on it to have the site analyze the scripts running in the background and provide a report.

If it is positive, remember to check if the application you are using offers the possibility of opening an external browser such as Safari or Google, for example.

Felix Krause also notes that TikTok is the only application among those he tested that does not offer the possibility of using the device’s default browser.

The developer also insists that his tool is not infallible: [Il] cannot detect all executed JavaScript commands. […] Starting with iOS 14.3, Apple introduced a new way to run JavaScript code in an “isolated world”, which makes it impossible for a website to check what code is running.

The giants are stalking us

In mid-August, Felix Krause alerted internet users in a detailed report (New window) on how application browsers could pose a risk to the privacy of users of Apple devices, in particular.

Meta told the developer that Facebook and Instagram users already consent to having their data tracked. According to the web giant, this information is only used for targeted advertising or measurement purposes.

For purchases made through the in-app browser, we require user consent to save payment information for auto-fill purposessaid a spokesperson.

Krause’s report also revealed that the Snapchat and Robinhood apps have better practices for tracking users: they don’t modify web pages or retrieve metadata from sites you open in their browsers.

Previous articleTrudeau touts future energy partnership with Germany | War in Ukraine
Next articleHigh-ranking Republican calls for Ottawa to drop ArriveCAN app