How vulnerable is 1Browser to the in app browser bug?

wkleem
wkleem
Community Member
edited October 2014 in iOS

Someone has demonstrated that an in app browser can be vulnerable to logins and passwords being captured.

9to5mac.com/2014/09/24/app-developer-warns-not-to-enter-personal-info-using-in-app-browsers-due-to-security-issue/

"App developer Craig Hockenberry has published an article today titled “in-app browsers considered harmful” warning both devs and users of security issues related to apps that take advantage of the feature. “Would it surprise you to know that every one of those apps could eavesdrop on your typing? Even when it’s in a secure login screen with a password field?”"

"For now, Hockenberry suggests users avoid typing sensitive username or password information in an in-app browser view. "

Comments

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    If I followed the article the concern is from the enclosing app, which in this case would be 1Password. What the developers seems to be saying is the enclosing app can read what you're doing so if you have some third party app that logs into the likes of Facebook or Twitter etc. then that third party app can see your username and password.

    Why I don't see this as an issue with 1Password is you're already trusting them with all your passwords so they don't need to spy on you to see what you're doing.

This discussion has been closed.