An independent cybersecurity researcher reports that TikTok, a Chinese short-form video app, monitors all keystrokes and clicks through its in-app browser on iOS. When a user opens a link in the TikTok iOS app, it opens in their in-app browser, according to Felix Krause, founder of Fastlane, which was acquired by Google. “TikTok subscribes to all keystrokes (including passwords, credit card information, etc.) and all screen clicks as you interact with the site, such as B. Which buttons and links you click,” Krause said in a blog post on Thursday claimed in. TikTok iOS subscribes to every keystroke (text input) on a third-party website presented in the TikTok app and says it may contain passwords, credit card information and other sensitive user data,” Krause added.
From a technical point of view, this is equivalent to installing a keylogger on a third-party website.
The company confirmed the features are in the code, but said it won’t use them in the iOS app’s in-app browser
Like other platforms, we use an in-app browser to provide the best user experience, but the associated Javascript code is only used to debug, troubleshoot and monitor the performance of this experience – for example, to check page load speed or if she crashes Forbes The report quoted a company spokesman as saying.
According to the researchers, this proves that “TikTok injects code into third-party websites through its in-app browser, behaving like a keylogger. However, he claims it is not being used”.
This is a decision made by the company on its own initiative. This is a non-trivial engineering task. It didn’t happen by accident or chance,” he said.