TikTok could be monitoring every tap on your keyboard when you use the in-app browser, according to a security researcher.
TikTok is one of the many apps that use in-app browsers that let you access external links to third-party websites without leaving the app.
‘When opening a website from within the TikTok iOS app, they inject code that can observe every keyboard input (which may include credit card details, passwords or other sensitive information),’ said Krause in a Twitter thread.
‘TikTok also has code to observe all taps, like clicking on any buttons or links,’
Krause clarified that it was unclear what TikTok would do by collecting this information but from a technical perspective, equated it to ‘installing a keylogger on third-party websites’.
A keylogger isn’t something you want on your device as it’s a type of monitoring software typically used by hackers to collect keystrokes that you type for sensitive information.
The company has since taken to social media to respond saying that the report was ‘misleading’ and ‘incorrect’.
‘Contrary to its claims, we do not collect keystroke or text inputs through this code, which is solely used for debugging, troubleshooting and performance monitoring,’ said a tweet from TikTok official account.
Some iOS developers pointed out that ‘TikTok doesn’t need to “debug,” “troubleshoot,” or “monitor” 3rd party web sites’ as Apple is the one that can make any improvements to the web view component on iOS.
Source: Read Full Article