Apr 01, 2024 06:00:00

``TikTok is a de facto keylogger,'' experts say, and what is the threat of ``in-app browsers'' that compromise users without their knowledge?

Open Web Advocacy (OWA), a non-profit organization organized by software engineers aiming for an open Internet, has proposed

an in-app browser that puts security and privacy at great risk in places where users cannot see.

In-App Browsers: The worst erosion of user choice you haven't heard of - Open Web Advocacy
https://open-web-advocacy.org/blog/in-app-browsers-the-worst-erosion-of-user-choice-you-havent-heard-of/

In the movie below, the problems with in-app browsers that OWA is concerned about are explained in an easy-to-understand manner with animation.

Open Web Advocacy - In-App Browser Primer - YouTube


Browsers are the most common way to use the Internet. Browsers give you detailed control over privacy and security settings, saving login passwords and payment information for transactions, and more.

Users have the right to choose which browser they entrust with their sensitive personal information.

Once a user decides which browser they trust, that browser becomes their 'default browser.'

On the other hand, there are two main ways to access the Internet from a smartphone. The first method is to use your browser normally.

Second, when you tap a link while using an app, the link opens within the app instead of in your browser of choice. This is the 'in-app browser' that OWA considers problematic.

While you may not think there's much of a difference between the two, this in-app browser prevents users from viewing in their default browser of choice, along with that browser's security features and privacy settings.

Therefore, OWA refers to this disregard of user choice as 'Browserjacking.'

There is also a technology called ``Remote Tab'' that uses the default browser as an in-app browser, but a common type of in-app browser such as ``

WebView '' is an app-specific browser that is not selected or controlled by the user. This is a browser.

The reason why some apps don't want to use the default browser is that in-app browsers can spy on the user's browsing history, or force users back to the original app if they try to leave the in-app browser. Because you can control it however you want.

This practice is harmful both to users who are forced to use inconvenient browsers and to businesses whose sites are accessed by buggy browsers that they don't support.

According to OWA, popular apps such as Facebook, Instagram, and Messenger provided by Meta have all been found to be violating user privacy through JavaScript injection via in-app browsers.

Since TikTok's in-app browser monitored all user input and operations, OWA accused ``TikTok of effectively running a keylogger .''

The problems with these popular apps are explained in detail in the following article, which features a check site createdby former Google engineer Felix Krauss , one of OWA's collaborators.

'InAppBrowser.com' allows you to check whether you are being tracked when you step on a link in the app - GIGAZINE

As a solution to the evils of in-app browsers, OWA is appealing to major tech companies to respect users' choice of default browser. Specifically, these include mandating the use of a default browser for non-browser apps and providing a feature to opt out of in-app browsers all at once on the OS side.

OWA also attended a meeting of experts in the EU and UK that are considering legal and regulatory frameworks, and made recommendations regarding the issue of in-app browsers.

OWA said: 'We will continue to pursue this issue until it is resolved globally. User choices only really matter if they are truly respected.' I did.