TikTok has become embroiled in yet another controversy, one that places it in the same infamous lane as rival platforms like Instagram and Facebook in terms of secretly tracking users across the web. According to security researcher Felix Krause’s analysis, the TikTok app’s web browser is capable of logging all keyboard inputs, potentially giving it access to sensitive information such as log-in credentials, as well as a record of what websites users visit and what they do on those web pages.
When you click a link while browsing the TikTok app, it opens a native web view that acts as TikTok’s basic web browser. That is not something that every app does. Take, for instance, WhatsApp. When you click on a URL shared in the messaging app, it opens it in your phone’s default web browser, which could be anything from Chrome to Safari.
TikTok is not the only app that provides a native browser experience, but there is something potentially malicious in the code. TikTok’s in-app browser, according to Krause, has JavaScript command lines that allow it to log every keystroke when users browse a website. That means that every keystroke, from messages to log-in credentials, can be recorded.
A hollow clarification
When you click a link while browsing the TikTok app, it opens a native web view that acts as TikTok’s basic web browser. That is not something that every app does. Take, for instance, WhatsApp. When you click on a URL shared in the messaging app, it opens it in your phone’s default web browser, which could be anything from Chrome to Safari.
TikTok is not the only app that provides a native browser experience, but there is something potentially malicious in the code. TikTok’s in-app browser, according to Krause, has JavaScript command lines that allow it to log every keystroke when users browse a website. That means that every keystroke, from messages to log-in credentials, can be recorded.
A TikTok spokesperson told Forbes in an official statement that the controversial JavaScript code is there for “debugging, troubleshooting, and performance monitoring” of the web experience provided by the in-app browser.
It’s worth noting that Krause doesn’t claim to have discovered evidence that TikTok is abusing the feature to track users, nor does he claim to have discovered proof that that valuable data is shared with third parties. At the same time, Krause told Forbes, “this does not happen by chance.”
Shaky history of privacy
Interestingly, TikTok was discovered to be the only app capable of logging keystrokes out of the seven apps tested as part of Krause’s research project. TikTok has also emerged as the app that tracks the most user activities — more than Facebook, Instagram, Amazon, and Snapchat combined.
It’s also difficult to believe TikTok’s claims at face value. A shocking revelation An investigation by BuzzFeed recently revealed that data from US users was accessed in China, despite the company’s repeated claims to the contrary. Following the BuzzFeed report, which cited leaked internal audio recordings, TikTok announced that, thanks to a partnership with Oracle, it was moving all American user data to servers located in the United States. TikTok has already been banned in India due to national security concerns, and it narrowly avoided a ban in the United States due to similar concerns not long ago.
Read more; MAJOR WINDOWS 11 22H2 UPDATE DETAILS SURFACE
In June 2022, FCC Commissioner Brendan Carr requested that TikTok be removed from the Play Store and App Store due to alleged ties with the Chinese government. In an open letter, Carr stated that sensitive user data is being accessed in China. In a CNN interview, Michael Beckerman, TikTok’s head of public policy for the US market, denied those claims.
