The Dangers of Mobile Apps with Built-In Browsers

Posted on by

This hadn’t occurred to me until today when a friend of mine (with a ‘hacked’ Twitter account) sent me a message telling me to check out a ‘bad blog’.

Naturally, my inquisitive instincts kicked in and I had to see where this link would take me – even though I knew from the way the Tweet was written that it was spam.

I observed a website in Twitter’s built-in browser that looked a lot like the Twitter homepage, which I subsequently opened in Safari to reveal the address.

Twittelr - ensnaring the unwitting Twitter user

As you can see, it’s a very accurate copy of the Twitter website, and someone who isn’t paying attention (not least to the fact that it didn’t load the mobile Twitter site) could be forgiven for entering their username and password. And the most obvious and trustworthy giveaway – the URL – is hidden when viewing the site in Twitter’s built-in browser.

So folks, the lesson I learned is to be on even higher alert than usual when using an app’s built-in browser to enter my credentials into a website. Perhaps don’t even enter them at all. Always try to check the URL to make sure that you’re on the right site, and double check that the app you’re using is trustworthy (if in doubt, open in Safari – or whatever your mobile device’s browser is).

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>