• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

everthing

  • Home
  • About
  • Animals
  • Lastes-posts
  • Medicine
  • NBA All-Star Game
  • Pharmacy
  • Software
  • Contact

TikTok can track users’ every tap as they visit other sites through its iOS app, new research shows | TikTok

August 24, 2022 by admin

TikTok has the ability to track every tap on your screen as you browse the iOS app, including passwords typed and links clicked, according to new research from software engineer Felix Krause.

In-app browsing refers to any activity on third-party sites that opens in the app rather than in an external window.

On Thursday, Krause released a report examining the JavaScript code that social media platforms inject into third-party sites that allow it to track users’ activity.

Krause’s security tool, InAppBrowser.com, revealed that the TikTok iOS app has the ability to monitor all keystrokes, text input, and screen taps, including sensitive personal information such as credit card information and passwords.

Krause noted, however, that “just because an app injects JavaScript into external websites doesn’t mean the app is doing anything malicious.”

“There’s no way we can know the full details about what kind of data each in-app browser collects, or how — or if — the data is transferred or used,” he said.

When they open a website from the TikTok iOS app, they inject code that can observe any keyboard input (including credit card details, passwords, or other sensitive information)

TikTok also has code to observe all taps, such as clicking buttons or links. pic.twitter.com/Dcv0N4ccKD

— Felix Krause (@KrauseFx) August 18, 2022

Priyadarsi Nanda of the University of Technology Sydney’s School of Electrical and Data Engineering said that collecting information about keystrokes is very similar to the behavior of keyloggers, a type of malware.

“Whatever website you visit, it requires your input,” he said. “This is definitely a concern for any app you don’t trust.”

A TikTok spokesperson told Guardian Australia that the report’s “conclusions on TikTok are incorrect and misleading”.

“The researcher specifically says that the JavaScript code doesn’t mean our app is doing anything malicious, and admits they have no way of knowing what kind of data our in-app browser collects,” the spokesperson said.

“Contrary to what the report claims, we do not collect keystrokes or text input via this code, which is used solely for debugging, troubleshooting, and performance monitoring.”

In addition to TikTok, Krause reviewed the iOS apps from Instagram, Facebook, Facebook Messenger, Amazon, Snapchat, and Robinhood. TikTok was the only app that did not allow users to switch from in-app browsing to an external browser when accessing third-party sites.

“TikTok had the most comprehensive surveillance capabilities,” said Uri Gal, a professor of business information systems at the University of Sydney.

“Many people using the app are not aware of the surveillance being carried out on them within [it]. TikTok’s user base is much younger than Facebook and Instagram…which makes them much more vulnerable.”

Gal said TikTok poses “a different kind of risk” because of parent company ByteDance’s suspected ties to the Chinese Communist Party.

The surveillance functionality can be used to “gather as much information as possible for industrial espionage purposes and to shape public opinion more toward their interests,” he said.

A report released in July by Australian-American cybersecurity firm Internet 2.0 warned that the Chinese government could use the app to collect personal information, from in-app messages to device locations.

Register for Guardian Australia’s Morning Mail

Our Australian morning briefing email features the top national and international stories of the day and why they matter

Privacy declaration: Newsletters may contain information about charities, online advertisements and content funded by third parties. For more information see our Privacy Policy. We use Google reCaptcha to update our website and the Google . to protect Privacy Policy and Terms of Service apply.

ByteDance has denied any affiliation with the Chinese government in the past, calling the claim “misinformation” after several leaks suggested it is censoring material that is inconsistent with China’s foreign policy objectives or mentions the country’s human rights record.

Krause’s research found that Instagram also has the ability to track screen taps, such as when users click on an image.

“There are data privacy and integrity issues when using in-app browsers…like how Instagram and TikTok show all external websites in their app,” Krause wrote in the report.

Gal said Instagram and Facebook’s practices are almost as extensive as TikTok’s.

“Their primary motivation is almost purely commercial and financial, while there is a national security element to TikTok that I don’t think is directly present with the others.”

A spokesperson for Instagram’s parent company, Meta, said “in-app web browsers are common across the industry.”

“At Meta, we use in-app browsers to enable safe, convenient and reliable experiences, such as ensuring that autocomplete is completed correctly or preventing people from being redirected to malicious sites,” the spokesperson said.

“Adding any of these functions requires additional code. We carefully designed these experiences to respect users’ privacy choices, including how data might be used for advertising.”

In a statement from TikTok included in Krause’s report, spokesperson Maureen Shanahan said, “Like other platforms, we use an in-app browser to provide an optimal user experience. … like checking how fast a page loads or if it crashes.”

Nanda said the social media platforms do not disclose how much personal data stays with the company and whether it is shared with third parties.

“They can pass that information on to third-party service providers, which is essential for launching sophisticated attacks of any kind,” Nanda said, pointing to hacks that steal data, such as credit card information, and malware attacks that freeze computers or lock files. “That’s the real risk.”

Related

Filed Under: Software

Primary Sidebar

Recent Posts

  • Man Sent To Jail For Role In Cheltenham Pharmacy Robbery – The Mercury
  • Judge Orders Nevada Pharmacy Board To Remove Cannabis From Schedule 1
  • Angela D’Alessandro case: Family says Plymouth Meeting pharmacist preyed on teenage girl
  • Eating disorders are notoriously difficult to treat
  • mPharma acquires majority stake in HealthPlus in Nigeria

Recent Comments

No comments to show.

Archives

  • September 2022
  • August 2022
  • July 2022
  • June 2022

Categories

  • Animals
  • Lastes-posts
  • Medicine
  • NBA All-Star Game
  • Pharmacy
  • Software

Footer

Design

With an emphasis on typography, white space, and mobile-optimized design, your website will look absolutely breathtaking.

Learn more about design.

Pages

  • About
  • Affiliate Disclosure
  • CCPA / GPDR privacy policy
  • Contact
  • Privacy Policy
  • Terms And Conditions

Content

Our team will teach you the art of writing audience-focused content that will help you achieve the success you truly deserve.

Learn more about content.

Strategy

We help creative entrepreneurs build their digital business by focusing on three key elements of a successful online platform.

Learn more about strategy.

Copyright © 2023 · Genesis Sample on Genesis Framework · WordPress · Log in