Report: in-app browsers in iOS can easily keylog you11
Hockenberry also released a brief video in which he showcases an in-app browser keylogging some login credentials, i.e. a username and a corresponding password. He also claimed that it will be pretty hard for Apple to cope with this problem and circumvent malicious apps from making use of the exploit, as each and every iOS version until now will have to have their WebKit and UIWebView packages updated. He advises Cupertino to be fully implementing the OAuth protocol so as to protect its users from misbehaving apps with built-in browsers and malicious wrongdoers.
Users, on the other hand, are advised to think twice and thrice before keying in their login credentials and sensitive personal information in any other app different from Apple's Safari itself.
You can check out Craig Hockenberry's video right below.
source: Furbo via MacRumors