- TikTok may be monitoring all keyboard inputs and taps via its in-app browser, researcher claims.
- TikTok’s in-app browser poses vulnerabilities to sensitive information such as passwords, and credit card information.
- The research was conducted by an independent cyber-security researcher.
Chinese short-form video app TikTok may be monitoring all keyboard inputs and taps via its in-app browser on iOS, an independent cyber-security researcher has warned.
Felix Krause, Founder of Fastlane which was acquired by Google, said that when the user opens any link on the TikTok iOS app, it's opened inside their in-app browser.
"While you are interacting with the website, TikTok subscribes to all keyboard inputs (including passwords, credit card information, etc.) and every tap on the screen, like which buttons and links you click," Krause claimed in a blog post on Thursday.
TikTok iOS subscribes to every keystroke (text inputs) happening on third-party websites rendered inside the
TikTok app, he said.
"This can include passwords, credit card information and other sensitive user data," Krause added.
From a technical perspective, this is the equivalent of installing a keylogger on third-party websites.
Transform talent with learning that worksCapability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More The company confirmed those features exist in the code but said it is not using them on its in-app browser on iOS app.
"Like other platforms, we use an in-app browser to provide an optimal user experience, but the Javascript code in question is used only for debugging, troubleshooting and performance monitoring of that experience - like checking how quickly a page loads or whether it crashes," a company spokesperson was quoted as saying in a Forbes report.
According to the researcher, it proves that "TikTok injects code into third party websites through their in-app browsers that behaves like a keylogger. However, claims it's not being used".
"This was an active choice the company made. This is a non-trivial engineering task. This does not happen by mistake or randomly," he mentioned.
SEE ALSO:
BeReal is a photo-sharing app that wants you to be who you are as it only allows posting unfiltered photos
Mahindra Scorpio Classic vs Mahindra Scorpio-N: Price, variants, and features compared
Next Story
Colon cancer rates are rising in young people. If you have two symptoms you should get a colonoscopy, a GI oncologist says.
I spent $2,000 for 7 nights in a 179-square-foot room on one of the world's largest cruise ships. Take a look inside my cabin.
An Ambani disruption in OTT: At just ₹1 per day, you can now enjoy ad-free content on JioCinema
SC rejects pleas seeking cross-verification of votes cast using EVMs with VVPAT
Ultraviolette F77 Mach 2 electric sports bike launched in India starting at ₹2.99 lakh
Deloitte projects India's FY25 GDP growth at 6.6%
Italian PM Meloni invites PM Modi to G7 Summit Outreach Session in June
Markets rally for 6th day running on firm Asian peers; Tech Mahindra jumps over 12%
