The best way is to avoid using an in-app browser — thankfully, most apps include an option to use the default browser instead, which means whatever link you click will open in your actual browser, not ...

Fastlane founder Felix Krause has revealed that Facebook and Instagram's in-app browsers inject JavaScript into third-party websites. Krause originally said the in-app browsers were injecting the ...

1. Open the URL directly on the browser A quick way to be sure of escaping JavaScript injection via in-app browser links is not clicking on these.

A new online tool named 'InAppBrowser' lets you analyze the behavior of in-app browsers embedded within mobile apps and determine if they inject privacy-threatening JavaScript into websites you visit.

The researcher specifically says the JavaScript code does not mean our app is doing anything malicious, and admits they have no way to know what kind of data our in-app browser collects.

However, Krause’s tool detected JavaScript injection when opened in the custom web browsers built into the Facebook, Instagram, and Messenger mobile apps.