Developer: iOS In-App Browsers Might Be Stealing Your Information

More (slightly) bad security news for Apple, on what's already been a pretty bad day for iOS: Craig Hockenberry, one of the devs behind Twitterific, has revealed in a blog post that in-app browsers are capable of logging your keyboard.

The point is that anything you enter into an in-app browser — even your password, into a 'secure' field — can be intercepted by the app, putting your information at risk, because in-app browsers typically don't use Safari's OAuth security feature, in order to comply with Apple's app guidelines.

Slightly scaremongering though this problem sounds, it isn't a completely outlandish problem: if you click a link on Twitter that, let's say, takes you through to a review of a product, and then to an Amazon page where you buy said product, you've entrusted that browser with (probably) your email address, Amazon password, address, and credit-card password — everything the aspiring identity thief would need. [Furbo via MacRumors]

Share This Story

Get our `newsletter`

DISCUSSION

pisswizard69
pisswizard69

if only apple had a way of checking apps before they went onto the store hmm if only #hmm