Is Your In-App Browser Tracking You?

Sometimes it seems like the big social media companies have an infinite number of ways to track you. Some of these ways are so sneaky that they scarcely seem possible. Remember when we found out that Facebook could track us even when we didn’t have the app open? The latest security concern is something called “in-app tracking,” and it has already been spotted within the TikTok app.

Is your in-app browser tracking you?

There are two types of browsers: regular, full-featured browsers and in-app browsers. The regular, full-featured browsers include Safari, Chrome and Firefox. They have plenty of built-in security and privacy safeguards. And then there are the in-app browsers. These can be found in apps like TikTok, Instagram, and Facebook Messenger. Anytime you see a link in one of these apps, the in-app browser will appear. Unfortunately, these have all kinds of security and safety flaws involved with using them.

As security researchers have found out, the easiest way to scoop up all of your personal information – including your browsing history, your login data, your keyboard presses and your text entry – is by inserting what is known as a Javascript injection right into the browser. In layman’s terms, this is just a quick snippet of code that works in the background, without you even knowing it exists.

In a worst-case scenario, this bit of Javascript code can be used for a lot of very nefarious purposes. For example, some security researchers now surmise that TikTok might be using this code to track your every move, and then relay all this data and information back to Chinese Communist headquarters. Or something like that. It sounds a bit preposterous, but this code has been found and isolated, so it definitely exists. The only question is whether this code is being used for good or for evil. TikTok, for example, says that this code is used to help debug the app and make internal improvements to the entire app experience.

How to stop them from tracking you

The good news is that there are new tools to help you determine if someone, indeed, is spying on you. The most popular tool is something called (surprise, surprise) InAppBrowser, and it was developed by a high-profile security researcher. If you have your in-app browser open, you can head over to the website InAppBrowser.com. From there, you can see first-hand if the Javascript injection is present, and what it might be doing in the background without your consent.

However, don’t immediately start jumping to conclusions. Just because the code exists is no guarantee that it has been “activated.” And, conversely, just because this one particular snippet of code has not been detected doesn’t mean that some other method is not being used to track you.

Is there an easier fix?

Of course, there are other things you could be doing to stop them from tracking you. You could, for example, delete the app entirely. If you’re a TikTok fan, though, this might not be plausible. Or, you could keep the app on your phone, but check out the various settings you have designated. Even if the app does not allow you to alter the settings directly, you might be able to do so indirectly within the settings for iOS or Android.

At the end of the day, it’s probably best to turn off as many of the default settings as possible. Certainly, if the default setting is to track your geolocation, you’ll want to turn that off. There’s no such thing as being 100% safe and secure these days, but you can certainly put the odds in your favor.