Privacy tracking within in-app browsers


Developer Felix Krause noted some research into activity tracking when using in-app browsers. When using an app, links within the app often will open using an embedded version of Safari rather than the stand-alone Safari app. Doing so may expose activity to tracking that the user may otherwise opt-out of allowing.

The iOS Instagram and Facebook app render all third party links and ads within their app using a custom in-app browser. This causes various risks for the user, with the host app being able to track every single interaction with external websites, from all form inputs like passwords and addresses, to every single tap.

This shouldn't be very surprising. Apple's tracking controls limit information shared across app. It should be assumed that anything done in an app is trackable by that developer, including using the embedded web browser.