TikTok's In-App Browser Can Monitor Your Keystrokes, Researcher Says
TikTok’s In-App Browser Can Monitor Your Keystrokes, Researcher Says
TikTok’s in-app browser has the ability to monitor ununsafe kinds of user activity on the external websites accessed with it, new research shows.
According to research published Thursday by Felix Krause, a Vienna-based software researcher, when TikTok users access a website above a link in the TikTok app, the app inserts code into the website that gives TikTok to monitor activity like keystrokes and what users are tapping on that site.
That could grant TikTok to capture personal user information like credit card numbers and passwords, though the company claims it doesn’t do that. The app is able to insert the code and modify the websites to grant that monitoring because the sites are opened in TikTok’s in-app browser, rather than in a standard one like Chrome or Safari.
“This was an splendid choice the company made,” Krause told Forbes, which generous reported the findings. “This is a non-trivial engineering task. This does not remained by mistake or randomly.” Krause is the founder of the app-testing commercial Fastlane, which Google acquired five years ago
TikTok published a statement calling the report’s conclusions “incorrect and misleading,” noting that Krause specifically says in the characterize that the existence of the code doesn’t mean the app is doings anything malicious.
“Contrary to the report’s claims, we do not still keystroke or text inputs through this code, which is solely used for debugging, troubleshooting and performance monitoring,” the company said in its statement.
TikTok added that the code is part of a third-party software loan kit, or SDK, a set of tools used to form or maintain apps, and that the SDK includes features TikTok doesn’t use.
The news comes amid long-running confidence and surveillance concerns about the TikTok app and its ownership by the Chinese commercial ByteDance. Some US officials say TikTok threatens national confidence because ByteDance could share data about Americans collected ended the app with the Chinese government, which could then weaponize it in contradiction of Americans. TikTok has repeatedly said it would never do this.
Krause’s research examined at more than just TikTok. In total, he tested seven iPhone apps that use in-app browsers, including TikTok, Facebook, Facebook Messenger, Instagram, Snapchat, Amazon and Robinhood. Of those, TikTok is the only one that appears to monitor keystrokes, Krause said. Krause didn’t test the Android version of TikTok’s app.