Amber Neely
TikTok's in-app browser injects JavaScript into external websites, allowing the app to monitor all input, including passwords and credit card numbers.
In 2020, it was discovered that TikTok had been accessing users' clipboards. Now, TikTok has been found snooping on its users once again.
According to security researcher Felix Krause, whenever users open a link in TikTok, the app is then allowed to monitor everything a user does on that external website. This includes anything typed, as well as taps on buttons and links.
"This was an active choice the company made," Krause told Forbes. "This is a non-trivial engineering task. This does not happen by mistake or randomly."
A TikTok spokesperson told Forbes that the code isn't malicious but instead is used for "debugging, troubleshooting, and performance monitoring."
Additionally, TikTok claimed that the JavaScript is part of a third-party software development kit but did not disclose who made it.
Krause could not say whether or not TikTok has been collecting data from users, merely that it can.
To avoid being monitored, Krause suggests opening links shared in TikTok — and nearly every other service with an in-app browser — with Safari.
Update
TikTok reached out to AppleInsider to provide the following statement.
"The report's conclusions about TikTok are incorrect and misleading. The researcher specifically says the JavaScript code does not mean our app is doing anything malicious, and admits they have no way to know what kind of data our in-app browser collects. Contrary to the report's claims, we do not collect keystroke or text inputs through this code, which is solely used for debugging, troubleshooting, and performance monitoring."
William Gallagher
Christine McKee
AppleInsider Staff
Chip Loder
Malcolm Owen
28 Comments
I am SO surprised....NOT.
Remember this when you hear developers complain about not having their own App Store and full control. Things will get worse.
Yeah, let's open up the phone so any app can do anything they want. If they can still pull this BS with the current safeguards in place, surely things would be better with no safeguards. /s
And IMO, TikTok is an absolute scourge on humanity. I refuse to use it. There are so many negatives with that app. People are addicted, it creates an echo chamber, wastes time, shortens attention spans shorter than they already are, instant satisfaction machine, and propagates DANGEROUS fads. I know I sound like a boomer, but I'm a millennial and I see nothing but severe badness and societal detriment in TikTok. Not even to mention the absurd amount of data harvesting it is obviously doing, as demonstrated here.
Anyone stupid enough to use Tik Tok gets what they deserve.
Those of you who use 49 percent communist China owned Epic games, same situation!!