The browser built into the TikTok app has a tracking code that it adds to every page you view. This code allows you to track character input on the virtual keyboard. And send the results of your work to the service resources. The problem was the discovery by independent cybersecurity researcher Felix Krause, who previously reported on the existence of such tools in the Facebook and Instagram apps.
Mr. Krause says that the iOS version of TikTok monitors text input on all sites that users view in the application. This can be passwords, bank card details and other sensitive data. The expert does not undertake to judge how the TikTok administration disposes of this tool,. However, he claims with confidence that this is a real keylogger. A spy tool commonly used by malware developers and operators.
According to privacy experts, TikTok’s in-app browser may be keylogging
The situation is more serious due to the fact that in the application settings there is no possibility to assign the opening of pages via external links through the device’s default browser. This means that the users of the application are hostages of the will of the developer. As an alternative, it remains only to copy these links and open them separately in the browser.
So, the TikTok administration reacted predictably negatively to the publication of an independent study. Calling the expert’s conclusions “incorrect and misleading”. Also, representatives of the service emphasized that the author himself does not undertake to talk about the malicious activity of the application, based on the mere presence of this code, and there are no reliable ways to confirm what kind of data are with its help. Finally, TikTok said the code is being used solely for debugging, bug tracking, and performance monitoring, TechCrunch reported. However, we will for sure discover more details in this regard in the upcoming few days.