There have never been more different types of vegan milk to choose from, which is great news for people who don’t (or can’t) drink cow’s milk, and it’s a double-edged sword for vegan cooks and bakers. Variety is great, but it means every new alt milk is a gamble; I’ve had oat milk with the texture of half and half,…

Read more...

Felix Krause, back in September:

Last week I published a report on the risks of mobile apps using in-app browsers. Some apps, like Instagram and Facebook, inject JavaScript code into third party websites that cause potential security and privacy risks to the user.

I was so happy to see the article featured by major media outlets across the globe, like TheGuardian and The Register, generated a over a million impressions on Twitter, and was ranked #1 on HackerNews for more than 12 hours. After reading through the replies and DMs, I saw a common question across the community:

“How can I verify what apps do in their webviews?”

Introducing InAppBrowser.com, a simple tool to list the JavaScript commands executed by the iOS app rendering the page.

It’s pretty creepy that TikTok both injects a JavaScript keylogger and does not have a button to open the current page in Safari.

I understand why in-app browsers are a thing on iOS (and iPadOS) but not on MacOS, but when you really think about it, it’s quite strange, and a vestige of the past when multitasking on iOS was so much more limited. Whenever possible, open links in Safari (or whatever your default browser is).