iOS: In-app browsers like you find on Twitter or Facebook on iOS are great when you just want to browse content. But Twitterrific developer Craig Hockenberry shows off an exploit that allows any app to grab sensitive data that you type into it.
Essentially, when you use an in-app browser, the app can easily record your key inputs and log them without you knowing a thing. This works in both iOS 7 and iOS 8. It’s not necessarily Apple’s fault either — it’s just the way the coding works for in-app browsers. The solution? Don’t type sensitive content in those browsers. Hockenberry explains:
An in-app browser is a great tool for quickly viewing web content, especially for things like links in Twitterrific’s timeline. But you should always open a link in Safari if you have any concern that your information might be collected. Safari is the only app on iOS that comes with Apple’s guarantee of security.
Just because it’s possible doesn’t mean any apps actually do this, but it’s better to be safe than sorry. Head over to Hockenberry’s blog for all the technical details.
Leave a Reply
You must be logged in to post a comment.