Web browsers used within the TikTok app can track every keystroke a user makes, according to a new study emerging as the Chinese-owned video app addresses US lawmakers’ concerns about data practices. When.
of research Privacy researcher and former Google engineer Felix Krause did not show how TikTok used the feature. This functionality is built into an in-app browser that pops up when someone clicks on an external link. However, Krause said he was concerned about the development because TikTok showed built-in functionality to track users’ online habits.
Malware and other hacking tools are often characterized by collecting information about what people type on their phones while visiting external websites. This can reveal credit card numbers and passwords. Major technology companies may use such trackers when testing new software, but are unlikely to release major commercial apps with this feature enabled or not. Researchers say it’s not common.
“Based on Krause’s findings, the way TikTok’s custom in-app browser monitors keystrokes is problematic because users may enter sensitive data, such as login credentials, on external websites. It’s a new feature app.
She said TikTok’s in-app browser “can extract information from a user’s external browsing session, but some users find that to be overkill.”
TikTok, which is owned by Chinese internet company ByteDance, said in a statement that Krause’s report was “inaccurate and misleading” and that the feature was used for “debugging, troubleshooting and performance monitoring.” rice field.
“Contrary to what the report claims, we do not collect any keystrokes or text input through this code,” TikTok said.
Krause, 28, said he was unable to confirm whether his keystrokes were being actively tracked and whether that data was being sent to TikTok.
The investigation could cast doubt on TikTok in the US. Government officials are scrutinizing whether the popular app could endanger US national security by sharing information about Americans with China. Although the debate in Washington on the app has receded under the Biden administration, buzzfeed news Other news outlets about TikTok’s data practices and relationship with its Chinese parent company.
Apps may use in-app browsers to prevent users from visiting malicious sites or to make online browsing easier with text autofill. But while Facebook and Instagram use in-app browsers to track data such as sites you visit, what you highlight, and which buttons you press on websites, TikTok tracks each letter you type. I’m going further with code that can. Klaus said.
A spokeswoman for Meta, the parent company of Facebook and Instagram, declined to comment.
Krause said he’s only researched TikTok on Apple’s iOS operating system, and said keystroke tracking only occurs within the in-app browser.
Like many apps, TikTok offers little opportunity for people to click away from the service. When a user clicks on an ad or link embedded in another user’s profile, the in-app browser is displayed instead of redirecting to a mobile web browser such as Safari or Chrome. These are often the moments when you enter important information such as credit card details and passwords.
of CNN interview In July, TikTok policy executive Michael Beckerman denied the company was recording users’ keystrokes, but admitted that it monitors patterns such as typing frequency to prevent fraud. .
Klaus said he fears the tools have a “very similar architecture” and could be repurposed to track the content of keystrokes.
“The problem is they have the infrastructure set up to do this,” he said.