In-app browsers for iOS may be sniping your data

Nate Swanner - Sep 24, 2014
5
In-app browsers for iOS may be sniping your data

The hits keep coming for iOS today, don’t they? A new report suggest in-app browsers for iOS can log you keystrokes, right down to your username and/or password. Via a video, which you can see below, Developer Craig Hockenberry shows just how vulnerable you are outside of Chrome or Safari.


An in-app browser is one that an app defaults to when you click a link. This is usually found in third-party Twitter or email clients, but isn’t limited to those types of apps. The vulnerability isn’t limited to the newest version of iOS, either; it affects both iOS 7 and iOS 8.

As you can see in the video, Hockenberry uses a pretty straightforward client browser. The username and password are displayed across the top of the screen, showing it’s picking up what is typed in real-time. According to Hockenberry, he’s accessing the mobile Twitter website which could open him up to more issues.

Hockenberry also notes “The app is stealing your username and password by watching what you type on the site. There’s nothing the site owner can do about this, since the web view has control over JavaScript that runs in the browser.”

If you encounter a browser in an app, just go ahead and redirect to Safari or Chrome. Better safe than sorry.

Via: Mac Rumors


Must Read Bits & Bytes