In-app browsers can be trouble. Here's why and how to avoid them

In-app browsers are ubiquitous and carry their fair share of risks. Here's what you need to know about them.
Written by Don Reisinger, Contributing Writer
iPhone - Apple App Store
Maria Diaz/ZDNET

The mobile industry has changed how the average user interacts with the internet. At least one organization wants some of these changes reversed.

Open Web Advocacy (OWA), a not-for-profit group made up of software engineers from around the globe who are advocating for an open internet, recently met with regulators in the European Union about the dangerous proliferation of in-app browsers, or applications that are not full-fledged browsers but have basic browsers baked into them. During those conversations, OWA argued against in-app browsers and the risks they present to users.

Also: How to use Tor browser (and why you should)

"In-App Browsers subvert user choice, stifle innovation, trap users into apps, break websites and enable applications to severely undermine user privacy," OWA wrote in a blog post this week. "In-App Browsers hurt consumers, developers and damage the entire web ecosystem."

The organization specifically pointed to some of the largest social media companies in the world, saying that some of their alleged in-app browser activity makes for a less safe mobile environment for users.

"Popular apps such as Instagram, Facebook Messenger, and Facebook have all been caught injecting JavaScript via their in-app browsers into third-party websites," OWA wrote. "TikTok was running commands that were essentially a keylogger. While we have no proof that this data was used or exfiltrated from the device the mere presence of JavaScript code collecting this data combined with no plausible explanation is extremely concerning."

Also: The best browsers for privacy

OWA thus wants Apple and Google to ban in-app browsers from iOS and Android, respectively. They also want apps to use whichever browser a user has chosen as their default.

In-app browsers have been in iOS and Android for more than a decade. While OWA has legitimate concerns about in-app browsers, they get very little attention, and for many users, they work quite well. Let's take a deeper dive into in-app browsers and why you should avoid them whenever you find an app using one.

What is an in-app browser?

An in-app browser is a browser baked directly into an app. Whenever a user opens a link inside an app, the page opens not in their default browser, but inside the app itself.

While that may sound convenient (and in some cases, it is), that in-app browser isn't subject to the security and tracking modifications users might have made to their default browser. Indeed, the in-app browser is a completely different browser with its own settings. Maybe the user doesn't like being tracked or having companies see what links they're clicking, and yet the app they're using to browse a website may be doing just that.

Also: Your guide to the dark web and how to safely access .onion websites

Not all in-app browsers are necessarily nefarious. Some in-app browsers facilitate a better app experience: users don't need to leave the app and can accomplish whatever they're doing more quickly. As long as users don't care about having full control over their browsing experience, in-app browsers can work quite well.

Not all apps have browsers baked into them. Some apps use a browser and others automatically open a link in the user's default browser. Other apps give users the option to open a link in-app or in the default browser, which is arguably the best solution.

How to stop using in-app browsers

If you're concerned about the security and privacy of in-app browsers, there are a few ways to avoid them. As OWA notes, however, there's no simple way to force all your apps to open webpages in the default browser.

Instead, most apps with in-app browsers give users the option to open a link in the default browser. In many cases though, users first need to open the link in the app before they can tap the three-dot menu and find the "open in browser" option. This task is not just a pain, but it also defeats the purpose -- any security and privacy issues still occur if the link is first opened in the app.

Also: The easiest thing you can do to keep your phone secure

Perhaps a more surefire way to avoid in-app browsing is to not click on links in apps at all. Instead, consider logging into the app of choice in a browser and clicking links from there. Using a browser-based version of an app means all links open in the default browser, avoiding apps altogether.

This approach also has a downside: apps often deliver better experiences.

In-app browsers pose security and privacy concerns, and there's no easy way to avoid them. But with a little effort (perhaps, too much effort) some of their risks can be avoided.

Editorial standards