Developer: iOS In-App Browsers Might be Stealing Your Information

By Chris Mills on at

More (slightly) bad security news for Apple, on what's already been a pretty bad day for iOS: Craig Hockenberry, one of the devs behind Twitterific, has revealed in a blog post that in-app browsers are capable of logging your keyboard.

The point is that anything you enter into an in-app browser — even your password, into a 'secure' field — can be intercepted by the app, putting your information at risk, because in-app browsers typically don't use Safari's OAuth security feature, in order to comply with Apple's app guidelines.

Slightly scaremongering though this problem sounds, it isn't a completely outlandish problem: if you click a link on Twitter that, let's say, takes you through to a review of a product, and then to an Amazon page where you buy said product, you've entrusted that browser with (probably) your email address, Amazon password, address, and credit-card password — everything the aspiring identity thief would need. [Furbo via MacRumors]