According to a new study by software engineer Felix Krause, TikTok can monitor every tap of your screen while you surf in its iOS app, including sensitive information such as typed passwords and clicked links.
On Thursday, Krause published a paper looking at the JavaScript code social media platforms inject into external websites to track user activity.
Tracking Every Tap
The TikTok iOS app can track all keystrokes, text inputs, and screen taps, which may include private information like passwords and credit card numbers, according to Krause's findings using his security tool, InAppBrowser.com.
However, Krause emphasized that an app is not necessarily acting maliciously just because it injects JavaScript into external websites.
"There is no way for us to know the full details on what kind of data each in-app browser collects, or how - or if - the data is being transferred or used," he added.
https://t.co/KwZ3dtKyQf - a new tool I used to investigate the in-app browsers of apps (that use them) to look for any external JavaScript code being injected. pic.twitter.com/XSdXOpXYlq
— Felix Krause (@KrauseFx) August 18, 2022
But keystroke data collection, according to Priyadarsi Nanda of the University of Technology Sydney's School of Electrical and Data Engineering, closely matches the actions of keyloggers, a category of malware.
A TikTok spokesperson denied the study's claims to The Guardian Australia, saying that its conclusions about the short-form video app are "incorrect and misleading."
"The researcher specifically says the JavaScript code does not mean our app is doing anything malicious and admits they have no way to know what kind of data our in-app browser collects," the spokesperson said in a statement.
Contrary to what the report indicates, TikTok denies recording keystrokes or text inputs using. The spokesperson that such code is only employed for performance monitoring, debugging, and troubleshooting.
Krause also evaluated the iOS apps for Instagram, Facebook, Facebook Messenger, Amazon, Snapchat, and Robinhood beside from TikTok.
Only TikTok was discovered not to give users the ability to visit third-party websites using an external browser instead of using the app's built-in browser.
According to Krause's research, Instagram may also monitor screen touches, especially when users click on an image.
TikTok's National Interest?
According to Uri Gal, a professor of business information systems at the University of Sydney, apps like Facebook and Instagram are primarily driven by commercial and financial interests, whereas TikTok has a national security component that is not explicitly evident in other apps.
Due to TikTok's parent company ByteDance's alleged connections to the Chinese Communist party, TikTok presents a "different kind of risk," according to Gal.
He claimed that the surveillance features might be employed to "collect as much information as possible for industrial espionage purposes" and shape public opinion.
But in the past, ByteDance has refuted claims that it is affiliated with the Chinese government and labeled the allegations "misinformation."
Related Article : TikTok: 'Nearby' Feed Under Tests as Social Media Aims to Display Local Content for All
This article is owned by Tech Times
Written by Joaquin Victor Tacla
