- by theguardian
- 21 Sep 2023
TikTok has the ability to track every tap of your screen while you browse in its iOS app, including typed passwords and clicked links, according to new research by software engineer Felix Krause.
In-app browsing refers to any activity on third-party sites that open in the app, rather than in an external window.
On Thursday, Krause released a report examining the JavaScript code social media platforms inject into third-party sites that allow it to track the activity of users.
Krause's security tool, InAppBrowser.com, revealed the TikTok iOS app has the ability to monitor all keystrokes, text inputs and screen taps, which could include sensitive personal data like credit card information and passwords.
Krause noted, though, that "just because an app injects JavaScript into external websites, doesn't mean the app is doing anything malicious".
"There is no way for us to know the full details on what kind of data each in-app browser collects, or how - or if - the data is being transferred or used," he said.
Priyadarsi Nanda of the University of Technology Sydney's School of Electrical and Data Engineering said collecting information about keystrokes closely resembles the behaviour of keyloggers, a type of malware.
Premier announces changes to long-delayed project
read more