TikTok’s in-app browser is reportedly capable of monitoring anything you type

by admin
0 comment
TikTok's in-app browser is reportedly capable of monitoring anything you type
Listen to this article

TikTok’s custom in-app browser on iOS reportedly injects JavaScript code into external websites that allows TikTok to monitor “all keyboard inputs and taps” while a user is interacting with a given website. Is. security researcher Felix KrauseBut TikTok has reportedly denied that the code is used for malicious reasons.

tiktok logo
Cross said TikTok’s in-app browser “subscribes” to all keyboard input while a user interacts with an external website, including any sensitive details such as passwords and credit card information, on the screen. Every tap is also included.

“From a technical standpoint, this is equivalent to setting up a keylogger on third-party websites,” Krauss wrote, with regards to the JavaScript code that TikTok injects. However, the researcher said that “just because an app injects JavaScript into external websites, it does not mean that the app is doing anything malicious.”

in a statement shared with ForbesA TikTok spokesperson acknowledged the JavaScript code in question, but said it is only used for debugging, troubleshooting and performance monitoring to ensure an “optimal user experience.”

“Like other platforms, we use an in-app browser to provide an optimal user experience, but the JavaScript code in question is only used for debugging, troubleshooting and monitoring performance of that experience – e.g. whether to check how quickly a page loads or crashes. ,” the statement said, according to Forbes,

Cross said users who wish to protect themselves from any potentially malicious use of JavaScript code in an in-app browser should switch to viewing the link in the platform’s default browser, such as the iPhone and iPad. On safari.

“Whenever you open a link from an app, see if the app provides a way to open the website currently shown in your default browser,” Krauss wrote. “During this analysis, every app other than TikTok offered a way to do this.”

According to Cross, Facebook and Instagram are two other apps that insert JavaScript code into external websites loaded into their in-app browsers, giving the app the ability to track user activity. one in TweetA spokesperson for Facebook and Instagram parent company Meta said the company “deliberately developed this code to respect people’s App Tracking Transparency (ATT) options on our platform.”

Krause said they have created a simple tool that allows anyone to check whether an in-app browser is injecting JavaScript code when rendering a website. The researcher said users simply needed to open an app they want to analyze, share the InAppBrowser.com address anywhere inside the app (such as in a direct message to another person), tap on the link inside the app. Do it by opening it. -App Browser, and read the details of the report shown.

Apple did not immediately respond to a request for comment.


Related Posts

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Themynews.com Would you like to receive notifications on latest updates? Later Yes