Regulators reminded that longstanding concerns haven't been addressed

In-app browsers are like standalone web browsers without the interface – they rely on the native app for the interface. They can be embedded in native platform apps to load and render web content within the app, instead of outside the app in the designated default browser.

in-app browsers, without notice or consent, “ignore your choice of default browser and instead automatically and silently replace your default browser with their own in-app browser.”

In August 2022, developer Felix Krause published a blog post titled “Instagram and Facebook can track anything you do on any website in their in-app browser.” A week later, he expanded his analysis of in-app browsers to note how TikTok’s iOS app injects JavaScript to subscribe to “every keystroke (text inputs) happening on third party websites rendered inside the TikTok app” but, according to the company, never uses that keylogging code.

“If someone is interested in some content an app has linked to and displays in an embedded browser, I’d recommend copying the link and pasting it into a dedicated browser, which has more granular privacy settings that can be toggled.”

Switch to a secure browser. The process varies by app, but if you find yourself on a website while using an app, try to find three dots or a Settings button. Tap that button to open a Settings menu. One of the options may be “Open in Browser.” If you don’t see any Settings menu options, simply copy and paste the URL from the browser’s address bar into your chosen browser.

Use the web version of a service. You can also stop using the app altogether, which may be a good idea if you want to reduce the amount of personal information you share on social media.

  • AutoTL;DR@lemmings.worldBEnglish
    0·
    7 months ago

    This is the best summary I could come up with:

    Competition cops in Europe and the United Kingdom have started paying attention to in-app browsers, a controversial mechanism for presenting web content within native apps.

    Steiner observed: “WebViews can also be used for effectively conducting intended man-in-the-middle attacks, since the IAB [in-app browser] developer can arbitrarily inject JavaScript code and also intercept network traffic.”

    Nonetheless, the possibility that in-app browsers might enable code injection and traffic interception for illegitimate purposes struck a nerve among those worried about privacy and security.

    Bill Budington, senior staff technologist for the Electronic Frontier Foundation, told The Register that the EFF hasn’t taken a position on in-app browsers.

    Jon von Tetzchner, CEO of browser maker Vivaldi, told The Register in a phone interview about an article written perhaps a decade ago by Tim Berners-Lee on closed systems.

    If you look at how they’ve implemented their choice screen and how they’re dealing with allowing browsers that are not based on WebKit and how they introduced the Core Technology fee – they kind of make everyone else look pretty good.

    The original article contains 1,500 words, the summary contains 173 words. Saved 88%. I’m a bot and I’m open source!