iOS apps can intercept information entered in a web view within an app, a US developer warns. As a result, a website could intercept Twitter or Facebook login data, for example.
Apps have a lot of control over what happens in the web view, warns Craig Hockenberry, the developer of Twitterrific. For example, parts of the HTML source code can be changed, but it also appears possible to intercept the text that a user enters. The web view, for which parts of Safari are used, is used within apps for logging in to services such as Facebook and Twitter; in that case, an app could intercept login data from that site.
Hockenberry warns that users should never enter sensitive personal data in the web view; according to him, it is only suitable for displaying web pages quickly, for example from a Twitter app. If personal data has to be entered, it is better to open Safari, Hockenberry emphasizes.
According to him, it would also be safer if logging in to, for example, Twitter or Facebook from another app would not take place within the web view, but via Safari. However, Apple disapproves of apps that do that, because it is “too complicated” in the eyes of the company. Incidentally, an app that intercepts user login data would still have to slip past Apple’s control.