According to security researcher Krause, when TikTok users access an external website via the in-app browser, all keyboard strokes are recorded, including every touch on the screen, along with sensitive data such as passwords and credit card information.
Apple threatens employee over TikTok video
Javascript code is abused
TikTok performs tracking thanks to the JavaScript code it places on external websites. Technically speaking, it is stated that this is no different from placing keyloggers on third-party websites. A TikTok spokesperson states that the JavaScript code is only used for debugging, troubleshooting and performance monitoring (how fast the page loads, whether it crashes) to provide an optimal user experience.
Use the default browser
Users are advised to open external links via the default browser to avoid possible malicious use of Javascript code. It is stated that it is safer to use the phone’s default browser, not only in TikTok, but also in other applications, instead of the application’s own browser. Every app, except Tiktok, offers a way to do this.
Meta is also tracking users
Tiktok is not the only social media platform that tracks user activities in this way. Facebook and Instagram also follow users by embedding Javascript code on external websites loaded from the in-app browser. Meta states that it has this right through application tracking transparency (ATT).
11722
