Some popular apps don't let you out of the app when you click on a link, opening it in their own little in-app browser.
This allows these apps to keep an eye on what you do. TikTok seems to be the worst app for this.
Felix Krause, a security researcher, announced the launch of InAppBrowser, a tool that lists all the Javascript commands executed by an app as its in-app browser renders a website.
The results of an analysis of some popular apps that have in-app browsers are disturbing. The data shows that apps like TikTok and Facebook modify websites when they are opened in the app browser. Adding tracking code (like inputs, text selections, taps, etc.), injecting external Javascript files, as well as creating new HTML elements are some of the things that can be done. This is not harmful, according to Krause.
TikTok does a lot of bad things, including monitoring all of the users' keyboard inputs and taps. If you open a web page in the TikTok app, you will be able to enter your credit card details, which will allow TikTok to access all of them. TikTok is the only app that does not allow you to open the link in the device's default browser.
A TikTok spokesman told Forbes that the Javascript code in question is only used for performance monitoring of the experience.
She said it was necessary to provide an optimal user experience.
None of the other apps that he looked at went as far as TikTok. They don't modify websites or fetch the site's data in their in-app browsers.
There is a way for apps to hide their JavaScript activity from the InAppBrowser tool. The only way to make sure they can't do anything is to open websites in the device's default browser.