It is a good rule of thumb for any privacy conscious mobile app user to beware in-app browsers, given the chance for an app to leverage its hold on user attention to snoop on what you are looking at. But eyebrows are being raised over the behavior of TikTok's in-app browser after independent privacy research found the social network's app injecting code that could enable it to monitor all keyboard inputs and taps Keylogging is a thing.
Third party websites rendered inside the TikTok app are subscribed to by the TikTok app. Passwords, credit card information and other sensitive user data can be included in this report. We don't know what TikTok uses the subscription for, but from a technical perspective, it's like installing a keylogger on third party websites.
After publishing a report last week that focused on the potential for Meta to track users of their in-app browsers, Krause launched a tool called InAppBrowser.com that lets mobile app users get details of code that is being The tool doesn't necessarily list all JavaScript commands executed nor can it pick up tracking an app using native code, so at best it's offering a glimpse of potentially shady activities.
A brief comparative analysis of a number of major apps which appears to put TikTok at the top for concerning behaviors vis-a-vis in-app browsers on account of the scope of inputs it has been identified subscribing to. The only way to avoid TikTok's tracking code being loaded if you use its app to view links is to cut out its app altogether and use a mobile browser.
Even though he has found that TikTok is giving access to third party sites through its in-app browser, it doesn't mean that it's doing anything malicious with the access. Privacy risks for TikTok users are raised by the behavior.
We reached out to TikTok and will update this report with a response.
We have approached the tech giant for a response to the findings that they were modifying third party websites loaded with their in-app browsers with potentially dangerous commands.
Privacy and data protection in the European Union are regulated by laws that include the General Data Protection Regulation and the ePrivacy Directive, so any tracking of users in the region that lacks a proper legal base could lead to regulatory sanction.
In the past few years, both social media giants have been subject to a variety of EU procedures, investigations and enforcements around privacy, data and consumer protection concerns.
TikTok ‘pauses’ privacy policy switch in Europe after regulatory scrutiny
The public scrutiny of in-app browser JavaScript tracking code injections on iOS is likely to encourage bad actors to upgrade their software to make such code undetectable to external researchers.
Despite some concerning behaviors being identified in mobile apps running on iOS, Apple's platform is typically promoted as more privacy safe than the other mobile OS alternatives.
Instagram faces big EU privacy decision on kids’ data within weeks
After EU child safety complaints, TikTok tweaks ad disclosures but profiling concerns remain
Facebook avoids a service shutdown in Europe for now
All Rights Reserved © 2024
