In-app browsers are like standalone web browsers without the interface – they rely on the native app for the interface. They can be embedded in native platform apps to load and render web content within the app, instead of outside the app in the designated default browser.

in-app browsers, without notice or consent, “ignore your choice of default browser and instead automatically and silently replace your default browser with their own in-app browser.”

In August 2022, developer Felix Krause published a blog post titled “Instagram and Facebook can track anything you do on any website in their in-app browser.” A week later, he expanded his analysis of in-app browsers to note how TikTok’s iOS app injects JavaScript to subscribe to “every keystroke (text inputs) happening on third party websites rendered inside the TikTok app” but, according to the company, never uses that keylogging code.

“If someone is interested in some content an app has linked to and displays in an embedded browser, I’d recommend copying the link and pasting it into a dedicated browser, which has more granular privacy settings that can be toggled.”

Switch to a secure browser. The process varies by app, but if you find yourself on a website while using an app, try to find three dots or a Settings button. Tap that button to open a Settings menu. One of the options may be “Open in Browser.” If you don’t see any Settings menu options, simply copy and paste the URL from the browser’s address bar into your chosen browser.

Use the web version of a service. You can also stop using the app altogether, which may be a good idea if you want to reduce the amount of personal information you share on social media.

    • aeharding@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      edit-2
      8 months ago

      Mlem in app browser is using an in app browser API that is secure by design. It doesn’t allow snooping or injecting anything. This article is talking about abusive apps like Facebook that roll their own in app browser.

      Edit: although on iOS, the secure iOS in app browser api is always using safari engine, so the user choice argument is still valid.

      • jqubed@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        8 months ago

        Yeah, I’m not actually too concerned about the Mlem built-in on iOS. I do try to avoid the one in Facebook/Instagram and move anything I actually want to do to my real browser. I just mainly thought it was funny in the moment.

  • foggy@lemmy.world
    link
    fedilink
    English
    arrow-up
    7
    arrow-down
    1
    ·
    8 months ago

    Just yesterday I followed my email to Amazon, and Amazon to share a product via text.

    Idk who had eyes on my sms message at that point, my sms app was opened IN Amazon, which was opened IN Gmail. I e. There was no process running to close JUST Amazon.I could close Gmail to close it all. That was it.

  • Gondolaaaa@lemmy.world
    link
    fedilink
    English
    arrow-up
    5
    ·
    8 months ago

    There’s two in-app browsers experiences in Android. Developers can either make a pretty facade to a WebView like Facebook or Instagram, that one you have the capabilities to inject JS or CSS as needed, like here. The other one is Chrome Custom Tabs, which browsers like Firefox and Chrome support, developers don’t have access to your data in here

  • Sanctus@lemmy.world
    link
    fedilink
    English
    arrow-up
    4
    ·
    8 months ago

    I mean the jerboa in-app browser looks suspiciously just like my firefox. This is only the case with Jerboa, I don’t use any other social media.

  • fluckx@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    8 months ago

    Boost for Lemmy has an option to auto open in your default browser. I just wish that it was a system setting. :(

  • danielfgom@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    arrow-down
    1
    ·
    8 months ago

    In my experience my default browser is always used, Firefox. And I disabled Chrome.

    For anything secure I’d always open it in Firefox and never use the in app browser just in case.