An independent cybersecurity researcher reports that TikTok, a Chinese short-form video app, monitors all keystrokes and clicks through its in-app browser on iOS. When a user opens a link in the TikTok iOS app, it opens in their in-app browser, according to Felix Krause, founder of Fastlane, which was acquired by Google. “TikTok subscribes to all keystrokes (including passwords, credit card information, etc.) and all screen clicks as you interact with the site, such as B. Which buttons and links you click,” Krause said in a blog post on Thursday claimed in. TikTok iOS subscribes to every keystroke (text input) on a third-party website presented in the TikTok app and says it may contain passwords, credit card information and other sensitive user data,” Krause added.
From a technical point of view, this is equivalent to installing a keylogger on a third-party website.
The company confirmed the features are in the code, but said it won’t use them in the iOS app’s in-app browser
According to the researchers, this proves that “TikTok injects code into third-party websites through its in-app browser, behaving like a keylogger. However, he claims it is not being used”.
This is a decision made by the company on its own initiative. This is a non-trivial engineering task. It didn’t happen by accident or chance,” he said.