As the online world shifts increasingly to mobile devices, new and unexpected threats to your company’s proprietary information emerge. Many apps on your smartphone contain in-app internet browsers. For example, when you open the twitter app, you can click on links within tweets, which you will then view in twitter’s in-app browser.
This blog post by web developer Craig Hockenberry shows that in-app browsers on iPhones and iPads have a serious security flaw: the app can record your keystrokes. Thus, any sensitive information entered in the in-app browser can be recorded by the app. So, for example, if one of your employees uses an in-app browser to send an email containing your proprietary information, that information could be at risk.
Hockenberry has a simple recommendation for avoiding this problem:
You should never enter any private information while you’re using an app that’s not Safari. An in-app browser is a great tool for quickly viewing web content, especially for things like links in Twitterrific’s timeline. But if you should always open a link in Safari if you have any concern that your information might be collected. Safari is the only app on iOS that comes with Apple’s guarantee of security.
Problems like this are hard to predict, since technology is changing so rapidly. The best way to avoid unexpected security risks is to implement a trade-secrets policy that restricts the manner in which your proprietary information can be circulated.
Thank you for sharing this. I had seen the ‘challenge’ the other way round, as a user these in-app browsers were not remembering think like sites I had login’s on. Presumably because the do not share the same cookie store. As a user I saw this as frustrating as I have to login on every browser. This article gives a good reason not to do this. Perhaps we need to lobby Apple to make the “Open in Safari” button more prominent.