TikTok, a video app controlled by the Chinese government, is receiving scrutiny from US politicians over its data practices.
Can TikTok really log your keystrokes?
A new study suggests that the program’s built-in web browser can record every key pressed by users. Fastlane’s founder and software researcher Felix Krause published reports on the popular social media app TikTok on August 18.
According to Krause, when TikTok users click a link to access a website from the iOS app, code that can track a lot of their activity on these external websites is installed. The JavaScript code in TikTok allows it to track all keystrokes.
In addition, the company can monitor every screen tap, text input such as passwords and credit card numbers, and keyboard press.
Let’s learn more about the TikTok keylogger and why it exists.
Key Takeaways:
- TikTok’s built-in web browser can log keystrokes, including sensitive information like passwords and credit card numbers, raising significant security concerns.
- Despite TikTok’s claim that the tracking code is for troubleshooting only, the app’s unique ability to monitor user interactions without external browser support highlights privacy risks.
- Users concerned about privacy can attempt to use external browsers for links, but TikTok’s design limits such protective measures, underscoring the need for awareness and caution.
TikTok and Security Issues
TikTok is among the most popular mobile apps today, especially for young people; the platform claims up to one billion active users worldwide, and the 2.6 billion downloads since its launch in 2016 back up this claim.
This social software was previously the source of several security concerns, with FCC Commissioner Brendan Carr urging Apple and Google to remove it from their respective app stores.
The recent publication of a study by Felix Krause has brought these issues to the forefront of public debate.
New Post: Announcing InAppBrowser – see what JavaScript commands get injected through an in-app browser
TikTok, when opening any website in their app, injects tracking code that can monitor all keystrokes, including passwords, and all taps.https://t.co/TxN1ezZX71 pic.twitter.com/pQcX5vrEXc
— Felix Krause (@KrauseFx) August 18, 2022
The TikTok logs, according to Krause, have JavaScript code hidden in its in-app browser, which is used when users tap on links while scrolling through the app. He claims that almost all applications, including Facebook, Instagram, and Snapchat, have built-in browsers.
Furthermore, those apps also contain this type of code, which is not a problem in the browser. The problem is determining what the JavaScript code intends to do when the user interacts with the browser. Krause considers this a serious security issue. TikTok, on the other hand, claims that this code is only used for troubleshooting and is never used to monitor or record user data.
TikTok – Riskier Than Other Apps?
TikTok is the only software out of the seven examined that can monitor users’ keystrokes without letting them visit links in their computer’s default browser (Safari or Chrome), so it raises special privacy concerns.
For instance, allowing TikTok people to access in-app links on their favorite browsers is a simple way to address security concerns.
Seven Apps Assed for User Data Tracking – Source: Felix Krause
Because of this, plugins like ad blockers and password managers can be used throughout Safari and Chrome while still maintaining the user’s privacy.
TikTok Reply to Security Issues
TikTok quickly refuted Krause’s claim. TikTok representative Maureen Shanahan addressed the problematic JavaScript code in a statement provided to Forbes on August 18.
She has publicly denied that TikTok tracks users through its in-app browser.
According to her, the company confirmed that certain functions are in the code, but TikTok does not use them. She also claims that the JavaScript code that logs user-copied URLs, keystrokes, and screen taps is only used for troubleshooting.
She claimed that TikTok does not use or monitor the security flaws in the code. Instead, it was part of a third-party SDK or software development kit.
She did not, however, respond when questioned about this issue, particularly about the SDK or its developers.
Protecting Users from Malicious Web Apps
The options available to users of mobile apps are limited.
The use of DNS-based content filters may not be as practical. However, it is ineffective at protecting against potential keystroke monitoring or other activity unrelated to displaying advertisements or tracking.
Most app browsers allow you to copy and paste the URL into your default browser or a third-party browser to access the external website.
TikTok does not come equipped with a browser’s open button.
Instead, a representative for TikTok claimed that the app’s users would have a less satisfying experience if they were forced to leave the app to click on external links.
Aside from the obvious, such as uninstalling the app, they may be able to redirect connections to the device’s other browsers. However, not every app provides this feature.
Final Thoughts on TikTok Logs
The scrutiny surrounding TikTok’s data practices, particularly the concerns raised by Felix Krause’s study about the app’s ability to log keystrokes, taps, and text inputs, has brought to light a significant issue in the realm of digital privacy and security.
While TikTok has responded to these allegations, asserting that the JavaScript code in question is solely for troubleshooting purposes and not for monitoring users, the debate over user privacy in digital applications continues.
This situation underscores the importance of being aware of the potential risks associated with app usage, especially for apps like TikTok that have access to a vast amount of user data.
As users navigate the digital landscape, it’s crucial to stay informed about these issues and consider the implications of TikTok logs and similar tracking mechanisms in other applications.
The conversation about digital privacy and security is ongoing, and both users and developers need to remain vigilant in protecting user data and maintaining transparent practices.
Related
- Using an Effective Video Marketing Strategy on TikTok
- Is TikTok Marketing Right for You?
- How to Buy Apple Stock in 2022
Tamadoge - The Play to Earn Dogecoin
- '10x - 50x Potential' - CNBC Report
- Deflationary, Low Supply - 2 Billion
- Listed on Bybit, OKX, Bitmart, LBank, MEXC, Uniswap
- Move to Earn, Metaverse Integration on Roadmap
- NFT Doge Pets - Potential for Mass Adoption