The researcher specifically says the JavaScript code does not mean our app is doing anything malicious, and admits they have no way to know what kind of data our in-app browser collects.

Cross-Site Scripting (XSS) attacks are often misunderstood as harmless glitches that display alerts in the browser, while in actuality they are one of the most powerful and malicious vulnerabilities ...

An Ethereum wallet known as “Shitcoin Wallet” is reportedly injecting malicious javascript code from open browser windows to steal data from its users.

A new online tool named 'InAppBrowser' lets you analyze the behavior of in-app browsers embedded within mobile apps and determine if they inject privacy-threatening JavaScript into websites you visit.