Security News > 2022 > August > New tool checks if in-app mobile browsers inject risky code on sites
A new online tool named 'InAppBrowser' lets you analyze the behavior of in-app browsers embedded within mobile apps and determine if they inject privacy-threatening JavaScript into websites you visit.
The revelations shook the communities of popular apps that feature embedded browsers, so to help users determine the behavior of their app's activity, Krause released the 'InAppBrowser' online tool and open-sourced its source code.
Reports of code injection don't necessarily mean that the app is performing tracking activities but merely that the potential for abuse is present.
"Just because an app injects JavaScript into external websites doesn't mean the app is doing anything malicious." clarifies the report.
Further tests by BleepingComputer also showed that you could use the tool to find risky code injections created by extensions in desktop browsers.
The researcher specifically says the JavaScript code does not mean our app is doing anything malicious, and admits they have no way to know what kind of data our in-app browser collects.