According to a new study, the web browser used by the TikTok app for smartphones can monitor every keystroke made by its users.
The research by Felix Krause, a privacy researcher and former Google engineer, did not demonstrate how TikTok utilizes the feature, which is included in the in-app browser that appears when an outside link is clicked. However, Krause argued the discovery was alarming since it demonstrated TikTok had the capability to track users' online behavior if it so desired.
"When you open any link on the TikTok iOS app, it’s opened inside their in-app browser. While you are interacting with the website, TikTok subscribes to all keyboard inputs (including passwords, credit card information, etc.) and every tap on the screen, like which buttons and links you click," Krause wrote in the study.
The finding emerged amid ongoing concerns from American politicians regarding the Chinese-owned video app's data practices. It is said to be uncommon for major technology companies to deploy a major commercial app with this functionality, whether it is enabled or not. However, they may utilize such trackers when they test new software.
Krause stated he only used iOS, Apple's operating system, to conduct his research on the TikTok version and only used the in-app browser to track keystrokes.
Like many other apps, TikTok does not give users many options for leaving the platform. When users click on adverts or links placed within the profiles of other users, an in-app browser rather than a switch to mobile web browsers like Safari or Chrome emerges. People frequently enter important details like passwords or credit card information when going through the links.
Krause, however, claimed he could not really tell if keystrokes were being actively recorded or if TikTok was collecting the data.
Indeed, in-app browsers are occasionally used by apps to block access to harmful websites or to simplify online browsing through text auto-filling.
Nevertheless, Krause pointed out that while Facebook and Instagram can use in-app browsers to track information such as what websites a person visited, what they highlighted, and which buttons they pressed on a website, TikTok goes a step further by using code that can track every character entered by users.
According to a statement by TikTok, cited by the New York Times, Krause's claim was "incorrect and misleading," noting the feature was used for "debugging, troubleshooting and performance monitoring."
“Contrary to the report’s claims, we do not collect keystroke or text inputs through this code,” the firm, owned by the Chinese tech giant, said.
In turn, Krause expressed concern to the outlet that these tools, which have "very similar architectures," might be used to track keystroke content.
“The problem is they have infrastructure set up to do this stuff,” he said.
Earlier this week, the American corporation Apple acknowledged the existence of vulnerabilities in its own operating systems that could potentially lead to intruders gaining full access to a phone, tablet or computer.
Apple Reveals Security Flaw That Potentially Gives Hackers Complete Control of iPhones, iPads & Macs
19 August 2022, 00:31 GMT
The repercussions of the study may create concerns for TikTok in the US, where officials are investigating whether the popular app might compromise American national security by disclosing personal data to China.
Although discussion of the app in Washington had initially subsided under the Biden administration, new worries have surfaced in recent months as a result of BuzzFeed News and other news organizations' disclosures regarding TikTok's data practices and ties to its Chinese parent company.