According to a recent study shared with Forbes, when TikTok users access a website through a link on the app, TikTok instals code that can track most of their activities on those external websites, including their keystrokes and anything they tap on the page. TikTok could obtain a user’s password or payment card information thanks to the tracking.
Due to changes, it makes to websites using the company’s in-app browser, which is a feature of the app itself, TikTok is able to keep an eye on that behaviour. TikTok does not launch pages with standard browsers like Safari or Chrome when users touch on adverts or links on a creator’s profile. Instead, it uses an in-app browser created by TikTok that can rewrite portions of online sites by default.
Felix Krause, a software researcher based in Vienna, who published a paper on his findings on Thursday, claimed that “the firm took an active choice to do this.” “This is a challenging engineering project. This does not occur accidentally or at random. Fastlane, a platform for testing and delivering apps, was founded by Krause and was purchased by Google five years ago.
Tiktok vigorously refuted the claim that it tracks users using its in-app browser. The company stated that TikTok is not utilising those functionalities, despite the fact that they are present in the code.
Krause’s research exposes the code that businesses like TikTok and Facebook parent Meta put into websites through their in-app browsers, but it does not demonstrate how these businesses are actually using that code to gather data and transport it to their servers or share it with third parties. Also hidden by the technology is any connection between the action and a user’s identity or profile. Krause was able to name a few concrete instances of what the applications can collect (such as TikTok’s capability to capture keystrokes), but he said that his list isn’t thorough and the firms may be tracking additional data.
7) p.s. some people call me a “CCP spy” or a “sleeper Chinese communist shill”. I find all that laughable. Nothing could be further from the truth. I’ve been trying to warn people about TikTok’s data problems and China. If you want to know more about me… read 👇 https://t.co/AC0WrjAyLn
— Eric Feigl-Ding (@DrEricDing) August 19, 2022
The new study comes in the wake of a paper last week by Krause on in-app browsers that specifically examined apps owned by Meta, including Facebook, Instagram, and Facebook Messenger. Because it doesn’t employ an in-app browser, WhatsApp, which the firm also owns, seems to be safe.
On Thursday, Krause also made available a tool that allows users to see what activities the company might be keeping an eye on and whether the browser they are using injects any additional code into webpages. Send a buddy the URL InAppBrowser.com in a direct message to check the browser on Instagram, for instance (or have a friend DM you the link). The tool will provide you a summary of what the app may be tracking if you click the link in the DM, albeit it employs a number of development lingo and may be challenging to understand for non-coders.
Krause investigated seven in-app browser-enabled iPhone apps for his latest study: TikTok, Facebook, Facebook Messenger, Instagram, Snapchat, Amazon, and Robinhood. (He did not test the Android versions for Google’s mobile platform.)
TikTok is the only programme Krause evaluated that seems to track keystrokes, and it appears to be tracking more activity than the other six. Instagram and Facebook track each website click, just like TikTok does. These two applications keep track of when website visitors highlight text.