TikTok can read everything - even passwords
News + Trends

TikTok can read everything - even passwords

Samuel Buchmann
19/8/2022
Translation: machine translated

TikTok can apparently record every click and every keystroke in its in-app browser, including passwords and credit card information. The company itself says that the technical possibility exists, but is not used.

Whoever opens links or enters text in TikTok's in-app browser must reckon with the fact that every touch on the screen can be recorded. This is shown by an analysis of the privacy researcher Felix Krause, who examined the code of the iPhone app. Apparently, the browser does not simply open the website, but injects its own Javascript code in addition, which allows TikTok to see what exactly users are doing. Whether the same is true for the Android version of the app is still unclear.

"We don't know what TikTok uses this feature for. Technically, it is nothing more than a keylogger on third-party websites," Krause writes. This means that the Chinese company can theoretically record any input, including passwords or credit card information. Additionally explosive: Unlike in the apps of Facebook or Instagram, users of TikTok have no direct option to open links in the standard browser of the mobile phone instead. Furthermore, the in-app browsers of the meta-apps also record every click on links, but at least no keystrokes.

TikTok: "We don't collect passwords"

Implementing this code must have been a conscious decision by TikTok, according to Krause: "It's a significant development effort that doesn't happen by accident or by chance."

Whether TikTok actually uses the code to collect data, whether data is sent to the company's servers or to third-party providers, Krause does not know.

TikTok itself vehemently denies the accusations of recording passwords to the business magazine Forbes: "Like other platforms, we use an in-app browser to give users the best experience. The Javascript code is only used for fixing bugs and to check the performance of the browser." The company says the code is part of a third-party software development kit - queries about who that third-party is went unanswered.

Header image: Image: Shutterstock

82 people like this article


User Avatar
User Avatar

My fingerprint often changes so drastically that my MacBook doesn't recognise it anymore. The reason? If I'm not clinging to a monitor or camera, I'm probably clinging to a rockface by the tips of my fingers.


These articles might also interest you

Comments

Avatar