Retail Logo

TikTok’s in-app browser is said to be able to monitor anything you type – Mac Rumors

TikTok’s dedicated in-app browser on iOS is said to inject JavaScript code into external websites that allows TikTok to monitor “all keyboard inputs and taps” while a user interacts with a particular website, according to Security researcher Felix KrauseHowever, TikTok denied using the code for malicious reasons.

Retail Logo
Krause said the in-app TikTok browser “engages” in all keyboard input as the user interacts with an external website, including any sensitive details like passwords and credit card information, along with every screen tap.

“From a technical perspective, this is equivalent to installing a keylogger on third-party sites,” Krause wrote, regarding the JavaScript code that TikTok injects. However, the researcher added that “just because an application injects JavaScript into external websites, does not mean that the application is doing anything malicious.”

in the current situation shared with ForbesA TikTok spokesperson acknowledged the JavaScript code in question, but said it is only used for debugging, troubleshooting and performance monitoring to ensure an “optimal user experience”.

“Like other platforms, we use an in-app browser to provide an optimal user experience, but the Javascript code in question is only used for debugging, troubleshooting, and performance monitoring for that experience — such as checking page load speed or whether it crashes,” the statement said. Forbes.

Krause said that users who want to protect themselves from any potentially malicious use of JavaScript code in in-app browsers should switch to viewing a specific link in the platform’s default browser if possible, such as Safari on iPhone and iPad.

“When you open a link from any app, check if the app provides a way to open the currently displayed website in your default browser,” Krause wrote. “During this analysis, every app besides TikTok provided a way to do this.”

Facebook and Instagram Two other apps insert JavaScript code into external websites that load into in-app browsers, giving apps the ability to track user activity, according to Krause. in tweetA spokesperson for Meta, the parent company of Facebook and Instagram, said the company “intentionally developed this code to honor the App Tracking Transparency (ATT) options for people on our platform.”

Krause said he created a simple tool that allows anyone to check if an in-app browser is injecting JavaScript code when viewing a website. The researcher said that users simply need to open an app they want to analyze, share the address InAppBrowser.com somewhere within the app (eg in a direct message to someone else), click the in-app link to open it in the app’s browser, and read the details of the report described.

Apple did not immediately respond to a request for comment.


#TikToks #inapp #browser #monitor #type #Mac #Rumors

Leave a Comment

Your email address will not be published.