Spying on the user through the In-App on iOS
This week was very hot in Cupertino. Today kerosene was added to the fire.
Craig Hockenbury, one of the developers of the Twitter client for iOS, has published the concept of a simple application with the possibility of opening an in-app browser and tracking data entry in any fields.
')
Explanation of the video from Craig:
- The upper part of the screen is not a web page, but part of the application. The received information can be safely sent to a remote server.
- This is not phishing, the user sees the site that requested. In our case, this is Twitter.
- The owner of the site can not do anything to protect. All javascript is subordinate to the web view in which the site is opened.
- Buttons on the site are renamed from “Sign in” to “SUCK IT UP”. I think this is appropriate in this situation.
- Tested on iOS 7 - 8. Possibly on earlier versions.
Craig Hockenbury, one of the developers of the Twitter client for iOS, has published the concept of a simple application with the possibility of opening an in-app browser and tracking data entry in any fields.
')
Explanation of the video from Craig:
- The upper part of the screen is not a web page, but part of the application. The received information can be safely sent to a remote server.
- This is not phishing, the user sees the site that requested. In our case, this is Twitter.
- The owner of the site can not do anything to protect. All javascript is subordinate to the web view in which the site is opened.
- Buttons on the site are renamed from “Sign in” to “SUCK IT UP”. I think this is appropriate in this situation.
- Tested on iOS 7 - 8. Possibly on earlier versions.
Source: https://habr.com/ru/post/238155/
All Articles