Google Engineer and privacy researcher, Felix Krause (Vienna-based software researcher) published a report on Thursday which revealed that when TikTok users enter a website through a link on the app, TikTok inserts code that allow TikTok to monitor activity like keystrokes and what users are tapping on that site. The tracking would make it possible for TikTok to capture a user’s credit card information or password.
TikTok modify the websites to allow monitoring because the sites are opened in TikTok’s in-app browser
TikTok has the ability to monitor that activity because of modifications it makes to websites using the company’s in-app browser, which is part of the app itself. When people tap on TikTok ads or visit links on a creator’s profile, the app doesn’t open the page with normal browsers like Safari or Chrome. Instead it defaults to a TikTok-made in-app browser that can rewrite parts of web pages.
Tiktok strongly pushed back at the idea that it is tracking users in its in-app browser. The company confirmed those features exist in the code, but said TikTok is not using them.
TikTok does it to provide an optimal user experience
While Krause’s research reveals the code companies including TikTok and Facebook parent Meta are injecting into websites from their in-app browsers, the research does not show that these companies are actually using that code to collect data, send it to their servers or share it with third parties. Nor does the tool reveal if any of the activity is tied to a user’s identity or profile. Even though Krause was able to identify a few specific examples of what the apps can track (like TikTok’s ability to monitor keystrokes), he said his list isn’t exhaustive and the companies could be monitoring more.
TikTok is the only app that can access user’s all details
Krause tested seven iPhone apps that use in-app browsers: TikTok, Facebook, Facebook Messenger, Instagram, Snapchat, Amazon and Robinhood. (He did not test the versions for Android, Google’s mobile operating system.)
Of the seven apps Krause tested, TikTok is the only one that appears to monitor keystrokes, he said, and seemed to be monitoring more activity than the rest. Like TikTok, Instagram and Facebook both track every tap on a website. Those two apps also monitor when people highlight text on websites.