TikTok in-app browser on iOS may monitor your keystrokes, taps


New Delhi, Aug 19 (IANS): Chinese short-form video app TikTok may be monitoring all keyboard inputs and taps via its in-app browser on iOS, an independent cyber-security researcher has warned.

Felix Krause, Founder of Fastlane that was acquired by Google, said that when the user opens any link on the TikTok iOS app, it's opened inside their in-app browser.

"While you are interacting with the website, TikTok subscribes to all keyboard inputs (including passwords, credit card information, etc.) and every tap on the screen, like which buttons and links you click," Krause claimed in a blog post on Thursday.

TikTok iOS subscribes to every keystroke (text inputs) happening on third-party websites rendered inside the TikTok app, he said.

"This can include passwords, credit card information and other sensitive user data," Krause added.

From a technical perspective, this is the equivalent of installing a keylogger on third-party websites.

The company confirmed those features exist in the code but said it is not using them on its in-app browser on iOS app.

"Like other platforms, we use an in-app browser to provide an optimal user experience, but the Javascript code in question is used only for debugging, troubleshooting and performance monitoring of that experience - like checking how quickly a page loads or whether it crashes," a company spokesperson was quoted as saying in a Forbes report.

According to the researcher, it proves that "TikTok injects code into third party websites through their in-app browsers that behaves like a keylogger. However, claims it's not being used".

"This was an active choice the company made. This is a non-trivial engineering task. This does not happen by mistake or randomly," he mentioned.

 

  

Top Stories


Leave a Comment

Title: TikTok in-app browser on iOS may monitor your keystrokes, taps



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.