TikTok’s iOS app’s in-app browser was found to be injecting code that could allow the app to monitor all keyboard input and taps, also known as keylogging.
Krause also published a report last week highlighting how Facebook and Instagram’s in-app browsers have the potential to track users. The findings about TikTok came later as the developer was testing his new tool to compare seven major iOS apps’ in-app browsers. TikTok seems to have taken the crown when it comes to concerning behaviour.
According to Krause’s tool, TikTok’s iOS app subscribes to every keystroke or text input that takes place on third-party websites that are rendered inside the app. This can include passwords, credit card information and other sensitive user data the user types.
The company claims that this code is solely being used for debugging, troubleshooting and performance monitoring.
While we don’t know what TikTok does with this data, this is similar to installing a keylogger for third-party websites. Krause also pointed out that just because TikTok is subscribing to every keystroke, that doesn’t necessarily mean it’s doing something malicious with its access. That said, there’s no way for outsiders to know for sure what kind of data is being collected, how the data collection works and how it’s being transferred and used.
Other apps included in the research were Facebook. Messenger, Instagram, Amazon, Snapchat and Robinhood. Out of these seven apps, only TikTok doesn’t give the user an option to open an external link in the phone’s default browser.
In the News: VPN apps don’t work well on iOS
Someone who writes/edits/shoots/hosts all things tech and when he’s not, streams himself racing virtual cars.
You can contact him here: [email protected]