Hi @KrauseFx you published some good articles and useful knowledges around privacy & security, great stuff! 👍

I want to ask questions, because you seems to be expert in this area, (I don't use Twitter, so) I think i'm gonna ask here.

Background:

• We knew that using in-app (embedded webview) browser within mobile app, the mobile app can inject malicious JS and read all data inputted. TLDR: using in-app browser to input/read sensitve data == NOT SAFE.

Question:

• But on a mobile device, does in-app (embedded webview) browser can read the cookies from my device’s regular browser?
  • e.g. if on mobile (Android in this example) I login to GMail on my Chrome Browser, does in-app browser within let’s say Instagram app can read that GMail cookie/session if I accidentally open GMail url using their in-app browser?
• Do multiple different apps that use in-app browser have their cookies shared?
  • e.g. If I login to GMail within Instagram in-app browser, then let’s say I open GMail url on Slack app in-app browser, does Slack in-app browser can read the GMail cookies previously logged-in from Instagram app?

Did some search, but haven’t found satisfying answer unfortunately. Any insight is appreciated, thanks 🙏

I did some (non extensive & non scientific) test, here's what I found:

• I found that within a Slack android app's in-app browser, I was able to read cookies set on my regular Chrome Browser, which is pretty concerning. But I am not sure whether Slack android app use a variant of webview that is capable to inject malicious JS or not.
• Some other app that I tested like Line messenger app's in-app browser does not seems to be able to read my Chrome Browser cookie.

So it kinda inconclusive.

https://github.com/KrauseFx/krausefx.com/blob/master/_posts/2015-06-18-run-xcode-7-ui-tests-from-the-command-line.md

Hi Felix, I read your article and thought it was great. However, I am having some issues making it work when using multiple configurations. It asks me to select a provisioning profile for each configuration, but none of the existing provisioning profiles I am using are listed.

I was following some of the guidelines listed in the articles below to use multiple configurations for different environments (App Store, Beta, and Debug), which has worked great for me. Using fastlane is a breeze with multiple configurations as well.

• https://medium.com/@danielgalasko/run-multiple-versions-of-your-app-on-the-same-device-using-xcode-configurations-1fd3a220c608
• https://medium.com/@danielgalasko/change-your-api-endpoint-environment-using-xcode-configurations-in-swift-c1ad2722200e

This is my first time working with Cocoa Touch UI Testing Bundle, which I plan to use for some UI tests as well for using snapshot and frameit to automate screenshots. Since documentation for UI Testing Bundle with multiple configurations is scarce, I would appreciate if you have any resources you can point me towards to get this going.

Thanks