Spying on the user through the In-App on iOS

This week was very hot in Cupertino. Today, kerosene was added to the fire.

One of the developers of the Twitter client for iOS - Craig Hockenbury - published a concept of a simple application with the ability to open an in-app browser and track data entry in any field.



Explanation of the video from Craig:

- The upper part of the screen is not a web page, but part of the application. The received information can be safely sent to a remote server.
- This is not phishing, the user sees the site that he requested. In our case, this is twitter.
- The owner of the site can take nothing to protect. All javascript is subordinate to the web view in which the site is open.
- Buttons on the site are renamed from “Sign in” to “SUCK IT UP”. I think this is suitable in this situation.
- Tested on iOS 7 - 8. Perhaps on earlier versions.

Also popular now: