TikTok could be monitoring every tap on your keyboard when you use the in-app browser, according to a security researcher.
Felix Krause, a software engineer, recently discovered that TikTok’s in-app browser injected JavaScript code into external websites, allowing it to monitor everything you search for and type in, including sensitive information like passwords and bank details.
TikTok is one of the many apps that use in-app browsers that let you access external links to third-party websites without leaving the app.
‘When opening a website from within the TikTok iOS app, they inject code that can observe every keyboard input (which may include credit card details, passwords or other sensitive information),’ said Krause in a Twitter thread.
‘TikTok also has code to observe all taps, like clicking on any buttons or links,’
Krause clarified that it was unclear what TikTok would do by collecting this information but from a technical perspective, equated it to ‘installing a keylogger on third-party websites’.
A keylogger isn’t something you want on your device as it’s a type of monitoring software typically used by hackers to collect keystrokes that you type for sensitive information.
The company has since taken to social media to respond saying that the report was ‘misleading’ and ‘incorrect’.
‘Contrary to its claims, we do not collect keystroke or text inputs through this code, which is solely used for debugging, troubleshooting and performance monitoring,’ said a tweet from TikTok official account.
Some iOS developers pointed out that ‘TikTok doesn’t need to “debug,” “troubleshoot,” or “monitor” 3rd party web sites’ as Apple is the one that can make any improvements to the web view component on iOS.
Source: Read Full Article