How to Avoid Tracking on Social Media’s In-App Browsers
InAppBrowser was created by Felix Krause as a way to show the user which browsers are writing code to their applications. The app only checks pages that can be accessed from social media apps. No other sites are monitored or monitored by InAppBrowser for security reasons.
2024-01-18
'%3e%3cpath%20d='M4%204L15.733%2020H20L8.267%204H4Z'%20stroke='%230671C0'%20stroke-width='2'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3cpath%20d='M4%2020L10.768%2013.232M13.228%2010.772L20%204'%20stroke='%230671C0'%20stroke-width='2'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_8149_16006'%3e%3crect%20width='24'%20height='24'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
'%3e%3cpath%20d='M5.37214%2023.8745H0.396429V8.10162H5.37214V23.8745ZM2.88161%205.95006C1.29054%205.95006%200%204.65279%200%203.08658C1.13882e-08%202.33427%200.303597%201.61278%200.844003%201.08082C1.38441%200.548853%202.11736%200.25%202.88161%200.25C3.64586%200.25%204.3788%200.548853%204.91921%201.08082C5.45962%201.61278%205.76321%202.33427%205.76321%203.08658C5.76321%204.65279%204.47214%205.95006%202.88161%205.95006ZM23.9946%2023.8745H19.0296V16.1963C19.0296%2014.3665%2018.9921%2012.0198%2016.4427%2012.0198C13.8557%2012.0198%2013.4593%2014.0079%2013.4593%2016.0645V23.8745H8.48893V8.10162H13.2611V10.2532H13.3307C13.995%209.01393%2015.6177%207.70611%2018.0386%207.70611C23.0743%207.70611%2024%2010.9704%2024%2015.2102V23.8745H23.9946Z'%20fill='%230671C0'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_3867_24588'%3e%3crect%20width='24'%20height='27'%20fill='%234A4D53'%20transform='translate(0%200.25)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
'%3e%3cpath%20d='M13.957%2014.75L14.668%2010.0848H10.2225V7.05745C10.2225%205.78115%2010.8435%204.53707%2012.8345%204.53707H14.8555V0.565174C14.8555%200.565174%2013.0215%200.25%2011.268%200.25C7.60703%200.25%205.21403%202.48441%205.21403%206.52931V10.0848H1.14453V14.75H5.21403V26.0278H10.2225V14.75H13.957Z'%20fill='%230671C0'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_3867_24590'%3e%3crect%20width='16'%20height='25.7778'%20fill='%234A4D53'%20transform='translate(0%200.25)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
Understanding the Privacy Risks of Social Media’s Embedded Browsers
In 2024, tracking by in-app browsers on platforms like Facebook, Instagram, and TikTok has raised serious concerns. When users click on a website link in these apps, it opens within the app’s own browser—not in a standalone browser like Safari or Chrome. This setup allows these platforms to track every move users make on external websites, from clicks and scrolls to sensitive details like passwords and credit card entries.
This article explores how in-app browsers work, how you can see what data they track, and what you can do to protect your privacy.
How In-App Browsers Track User Activity
When you open a link within a social media app, the embedded browser can insert JavaScript code into the webpage to monitor user interactions. This tracking, known as JavaScript injection, can potentially capture:
- Keystrokes (including passwords and sensitive data)
- Clicks on the page
- Scroll and swipe behaviors
- Time spent on the page
These methods provide app developers with detailed information about your online behavior without notifying you. While Facebook and Instagram have been known to use these methods, TikTok is also under scrutiny for employing similar practices.
Felix Krause’s Discovery and InAppBrowser Tool
In 2022, developer Felix Krause created InAppBrowser, a tool that allows users to detect which apps inject tracking scripts into in-app browser sessions. This tool made headlines by shining a light on how JavaScript commands are being used to track actions within social media apps.
Announcement: 🔥 Protect your privacy with InAppBrowser—use it to see what scripts are being executed within embedded browsers on your favorite apps! 👀
Testing Embedded Browsers with InAppBrowser
Using InAppBrowser is straightforward. Follow these steps to see which commands are running within an in-app browser:
- Open the App You Want to Analyze: Use the app that has an embedded browser, such as TikTok or Instagram.
- Copy and Paste the Link: Go to InAppBrowser.com and copy the link provided on the site.
- Use the Share Feature: Share the link within the app as if you’re sharing it with a friend or posting it on your profile.
- Review the Report: After opening the link in the embedded browser, the InAppBrowser tool will display a report on any tracking JavaScript commands detected.
The Risks: What’s Being Tracked in In-App Browsers?
The JavaScript injected into in-app browsers has several potentially intrusive functions:
- Keystroke Tracking: Capturing keystrokes lets the app track everything typed, including passwords, usernames, and search queries.
- Form Data Collection: When filling out forms, apps can access any information you input, from personal data to payment details.
- Click Tracking: Every click can be recorded to analyze user interests and behavior patterns on websites.
- Scroll and Zoom Data: Tracking user scrolls and zooms provides insights into what information the user is focusing on within a page.
Steps to Protect Your Privacy from In-App Browser Tracking
Given the broad range of information that in-app browsers can capture, here are some simple ways to protect your privacy:
1. Open Links in a Secure Browser
One of the most effective ways to prevent tracking is to open links outside of the social media app. When possible, copy the link and paste it into a trusted browser like Chrome, Safari, or Firefox. These independent browsers do not inject tracking codes and typically offer more robust privacy features.
2. Choose Your Browser When Clicking Links
Some mobile devices allow you to choose a browser when opening links. If your device has this option, make sure to select your preferred browser instead of the app’s default in-app browser.
3. Use Privacy-Focused Browsers
For sensitive transactions, consider using privacy-focused browsers that emphasize data security, such as Brave or DuckDuckGo. These browsers minimize tracking and prevent sites from collecting excessive user data.
4. Regularly Review Permissions
Adjust app permissions regularly to restrict what each app can access. Disable permissions for access to data that the app doesn’t need to function. This can help prevent excessive data tracking.
5. Leverage Tools Like InAppBrowser to Stay Informed
Tools like InAppBrowser provide transparency by showing exactly what each app is tracking. This tool empowers users to assess which apps respect their privacy and which require extra caution.
Why Transparency Matters in Social Media Privacy
While social media apps argue that tracking allows them to create a more personalized experience, the privacy risks are significant. Tools like InAppBrowser reveal just how much information is accessible without user consent.
Implementing proactive privacy measures, such as using secure browsers and monitoring apps with InAppBrowser, can significantly enhance privacy in a landscape where data security is critical. Security Awareness Training can also help you and your team understand how to maintain privacy when using social media.
By staying informed and protecting your browsing habits, you can better control the amount of data social media apps collect.
For more ways to safeguard your data, explore our resources on Security Awareness Training, Human Risk Management, and how tools like Keepnet Labs’ Phishing Simulator empower users to spot and avoid threats online.
Editor's Note: This blog was updated on November 15, 2024.
SHARE ON