The tool can be found at InAppBrowser.com. All you need to do is open the app you want to check and share the InAppBrowser.com URL somewhere within it — such as DMing the link to a friend or posting it in a comment. From there, you can tap the link and get a report from the website on what scripts are running in the background.
Don’t be intimidated if you’re unfamiliar with tech jargon, as the tool’s developer, Felix Krause, provides some FAQs that explain exactly what you’re seeing. In response to questions on how best to protect yourself, Krause states, “Whenever you open a link from any app, see if the app offers a way to open the currently shown website in your default browser. During this analysis, every app besides TikTok offered a way to do this.”
Krause is a security researcher and former Google employee who earlier this month shared a detailed report on how browsers within apps like Facebook, Instagram and TikTok can be a privacy risk for iOS users.
In response to Krause’s earlier report, Meta justified the use of these custom tracking scripts by claiming that users already consent to apps like Facebook and Instagram tracking their data. Meta also claims that the data retrieved is only used for targeted advertising or unspecified “measurement purposes.”
“We intentionally developed this code to honour people’s [Ask to track] choices on our platforms,” a Meta spokesperson said. “The code allows us to aggregate user data before using it for targeted advertising or measurement purposes.”
They added: “For purchases made through the in-app browser, we seek user consent to save payment information for the purposes of autofill.”
Krause has also made the tool open source, stating “InAppBrowser.com is designed for everybody to verify for themselves what apps are doing inside their in-app browsers. I have decided to open source the code used for this analysis, you can check it out on GitHub. This allows the community to update and improve this script over time.” You can read more about it on his website.