Some apps make it easy to get to other sites by allowing links to be embedded into posts. But that was just found to cause some serious privacy issues. Read on to find out how some apps use code to track your every movement and a clever way to get around it.

Here’s the backstory

It’s convenient when an app opens a link through its built-in browser. When you tap on it, it takes you to the website, where you can browse around and maybe buy something. After you checkout, you simply close the browser and pick up exactly where you left off. You don’t have to switch between applications, and it guarantees that you’ll stay within the app’s ecosystem. But a security researcher says you should rethink how you browse through apps. Felix Krause found that some of the world’s most popular apps have a critical flaw in their design. “Some apps, like Instagram and Facebook, inject JavaScript code into third-party websites that cause potential security and privacy risks to the user,” he explains in a blog post. This means every time you follow a link through the in-app browser, the app can monitor what you type and what you’re doing online. Krause explains that the video creation and sharing app TikTok is the biggest offender. Where apps like Facebook and Instagram give you an option to open links with the default browser (instead of the in-app browser), TikTok doesn’t.

What you can do about it

The best way to keep your information private and avoid apps from tracking your every move is to never click on links inside an app that you’re using. Instead, copy the URL from the link and paste it into your browser of choice. But Krause only checked the behavior of seven mobile apps. So what about all the others that have similar functionality? Well, that’s why he developed InAppBrowser.com so that you can check if an app injects JavaScript code when opening a link. It’s relatively simple to use as you don’t need to download anything.

Open an app that you want to check.Create a post that allows links. For example, make an Instagram post and put the https://InAppBrowser.com link in it. Then, click the link to see what information Instagram tracks.

The report on the screen shows if the app you are viewing it through injects code into the browser that can track your actions. You can do this for any app that has a way for you to post a link. Check your apps to see if they are using JavaScript to track you.

Keep reading

Check your phone! Dozens of dangerous apps spotted Warning: All your Apple devices are at risk