InAppBrowser: Shows which JavaScript commands are injected by an in-app browser

We reported about it recently: Developer Felix Krause discovered that apps like Facebook and Instagram change your interactions with websites could record when the in-app browser is used. The trick here is that the Instagram app, for example, inserts its tracking code into every website viewed, even if ads are clicked, so that all user interactions can be monitored.

Now Krause has continued did research and created a project called, which checks which JavaScript commands are executed when the page is accessed in the iOS in-app browser.

And: The custom According to Krause, TikTok’s in-app browser on iOS injects JavaScript code into external websites that allows TikTok to monitor “every input” while a user interacts with a particular website. “Technically, this is the equivalent of installing a keylogger on third-party websites,” said Krause in reference to TikTok’s JavaScript code.

He added that “just because an app injects JavaScript into external websites, it doesn’t mean the app is doing anything malicious“. In a statement obtained by Forbes, a TikTok spokesperson confirmed the JavaScript code in question, but said it’s only used for troubleshooting, troubleshooting, and performance monitoring.

This article contains affiliate links, so we mark it as advertising. Clicking on it takes you directly to the provider. If you decide to make a purchase there, we will receive a small commission. Nothing changes in the price for you. Thank you for your support!

Related Articles

Back to top button