Cross domain policies are enforced by the browser. If you’re using a third party app, guess what you’re using as a browser.
Want an easy example of this? Userscrips on Firefox. Install GreaseMonkey, and you can run whatever the hell you want on any webpage. Keylogging, mouse movements, clicks and navigations. Not hard, and impossible to really stop from the site itself, because no matter what you tell the browser to do, you essentially have to just hope the browser follows through.
Cross domain policies are enforced by the browser. If you’re using a third party app, guess what you’re using as a browser.
Want an easy example of this? Userscrips on Firefox. Install GreaseMonkey, and you can run whatever the hell you want on any webpage. Keylogging, mouse movements, clicks and navigations. Not hard, and impossible to really stop from the site itself, because no matter what you tell the browser to do, you essentially have to just hope the browser follows through.
Yes if you are inside Facebook and while inside Facebook click a link to go somewhere else you are still in Facebook and they will keylog everything.
This is presented as if Facebook/Toktok can keylog everything.
“Don’t use in-app web browsers”
Somebody else is already pointed out that it’s already been debunked so no it wasn’t happening
And somebody else pointed out that that was debunked so yes it’s happening
Edit: the point I’m hopefully making is that you’re just kinda saying stuff and not even bothering to post a source.
I was responding to your claim of “not happening, impossible” with proof of it being possible, and actually fairly easy to implement.