New research shows TikTok can track keystrokes, According to a newly published study, the in-app browser that is included with the TikTok app has the capability to track some sorts of user behavior on the external websites that are browsed using it.
When users access a website through a link in the TikTok app, the app inserts code into the website that allows TikTok to monitor activity such as keystrokes and what users are tapping on that site, according to research that was published on Thursday by Felix Krause, a software researcher based in Vienna.
This could make it possible for TikTok to obtain sensitive information about its users, such as credit card numbers and passwords. Because the websites are opened in TikTok’s in-app browser, rather than in a regular one like Chrome or Safari, the app is able to insert the code and modify the websites to allow for that monitoring. This makes it possible for the app to track the user’s activity.
According to Forbes, which was the publication that originally revealed the findings, Krause stated that “this was an active choice that the company made.” “This is not a simple engineering assignment at all. This is not something that occurs by accident or at random.” Krause is the business’s founder and was instrumental in Google’s decision to acquire the app-testing company Fastlane five years ago.
CNET emailed TikTok requesting a comment, but the company did not respond. Maureen Shanahan, a representative for TikTok, confirmed to Forbes that those features are there in the app’s code. However, she stated that TikTok does not make use of those tools to track users.
She told the publication in a statement that “Like other platforms, we use an in-app browser to provide an optimal user experience.” However, the Javascript code in question is used only for debugging, troubleshooting, and performance monitoring of that experience; for example, checking how quickly page loads or whether it crashes.
TikTok stated that the code was obtained from a third-party software development kit, often known as an SDK, which is a collection of tools used to develop or manage mobile applications. The company also stated that the SDK contains functionality that TikTok does not make use of.
The announcement comes at a time when there have been lingering concerns regarding the monitoring capabilities of the TikTok app and the fact that it is owned by the Chinese business ByteDance. Some US government officials believe that the software TikTok poses a threat to national security because ByteDance may share information about Americans that it has obtained through the app with the Chinese government, which may subsequently use that information in an offensive manner against Americans. TikTok has frequently stated that it has no intention of ever doing something like this.
Krause’s research focused on a wider range of platforms besides simply TikTok. He examined a total of seven iPhone applications, including TikTok, Facebook, Facebook Messenger, Instagram, Snapchat, Amazon, and Robinhood. All of these applications employ in-app browsers. Krause believes that only TikTok appears to track users’ keystrokes when compared to the other apps. Krause did not verify that the TikTok app worked properly on Android.