Specifically, I'm trying to make a purchase inside a certain iPhone app using Paypal. Instead of the app opening for me a paypal url in the Safari, it seems to be loading the paypal url in a browser window inside the app. I can't see the url of the page and in general can't be sure that the app isn't intercepting my paypal credentials.
Is there a way to see what the url is of a browser window opened inside an app? Is there to verify that it is a genuine browser window and that the app can't eavesdrop on what I'm typing/submitting inside the window?
Best Answer
Two Questions:
Verify URL
Connect through laptop. Use packet sniffing tools to check what requests go out.
Perhaps: Disable 3G. Wrap with WiFi in Faraday cage, make sure no other covert incoming or outgoing communication.
Eavesdrop
Cat and mouse. Basic tools and basic skills will detect basic phishing/eavesdropping. But the above URL verification would not catch other simple methods like the website re-broadcasting it elsewhere, or the app recording and transmitting at other times.
Still, you could read the EULA.
Given what is currently known about Apple and Google, Verizon and AT&T, Paypal and credit card companies, your ISP, business focii, data breaches, government agreements, other gov't interactions, etc. it is probably safest to assume that everything is tracked and recorded, whether you are using the phone or not.