The web browser used within TikTok app It can track every keystroke made by its users, according to new research emerging as the Chinese-owned video app grapples with US lawmakers’ concerns about its data practices.
The Research From Felix Krause, a privacy researcher and former Google engineer, it didn’t explain how TikTok used the ability, which is built into the in-app browser that pops up when someone clicks on an external link. But Mr Krause said the development was worrisome because it showed TikTok had built in functionality to track users’ online habits if they chose to do so.
Gathering information about what people type on their phones while visiting external websites, which can reveal credit card numbers and passwords, is often a feature of malware and other hacking tools. While major tech companies may use such trackers as they test new software, it’s not uncommon for them to launch a large commercial app with this feature, whether it’s enabled or not, the researchers said.
said Jane Manchun Wong, an independent software engineer and security researcher who studies implementations of the new features.
It said the in-app TikTok browser can “extract information from a user’s external browsing sessions, which some users find bypassing”.
In a statement, TikTok, which is owned by Chinese internet company ByteDance, said Mr Krause’s report was “incorrect and misleading” and that the feature was used “for debugging, troubleshooting and performance monitoring”.
“Contrary to the report’s claims, we do not collect keystrokes or text inputs through this code,” TikTok said.
Mr Krause, 28, said he was unable to ascertain whether keystrokes were actively being tracked, and whether such data was being sent to TikTok.
Research can raise questions For TikTok in the United Stateswhere government officials have checked whether the popular app can do this Endangering US national security By exchanging information about Americans with China. Although the debate in Washington over the implementation has subsided under the Biden administration, there are new concerns may boil In recent months after the disclosure of BuzzFeed News and other news outlets about TikTok’s data practices and its relationships with the Chinese parent company.
Sometimes apps use in-app browsers to prevent people from visiting malicious websites or to facilitate online browsing with text autofill. But while Facebook and Instagram can use in-app browsers to track data like which sites a person has visited, what they highlighted and which buttons they pressed on a website, TikTok goes even further with code that can track every character users enter. Krause said.
A spokesperson for Meta, the parent company of Facebook and Instagram, declined to comment.
Mr. Krause said he only did the research on TikTok on Apple’s iOS and noted that tracking keystrokes will only happen within the in-app browser.
As with many apps, TikTok provides few opportunities for people to click away from its service. Instead of being redirected to mobile web browsers like Safari or Chrome, an in-app browser appears when users click on ads or links embedded in other users’ profiles. These are often the moments when people enter basic information such as credit card details or passwords.
in CNN Interview In July, Michael Beckerman, chief policy officer of TikTok, denied that the company logs users’ keystrokes, but acknowledged that it monitors their patterns, such as typing frequency, to protect against fraud.
Mr. Krause said he feared those tools had “very similar structures” and could be reused to track the content of keystrokes.
“The problem is that they have the infrastructure set up to do these things,” he said.
“Travel aficionado. Infuriatingly humble reader. Incurable internet specialist.”