Sign Up
..... Connect Australia with the world.
Categories

Google

TikTok's iOS In-App Browser Monitors All Keyboard Input and Screen Taps - PCMag AU
Posted: 2022-08-19 10:30:00
Original link: https://news.google.com/__i/rss/rd/articles/CBMibWh0dHBzOi8vYXUucGNtYWcuY29tL21vYmlsZS1hcHBzLzk1NzQ1L3Rpa3Rva3MtaW9zLWluLWFwcC1icm93c2VyLW1vbml0b3JzLWFsbC1rZXlib2FyZC1pbnB1dC1hbmQtc2NyZWVuLXRhcHPSAQA?oc=5

A security researcher has discovered TikTok's in-app browser monitors all keyboard input and screen taps every time it's used to open a link.

As MacRumors reports, the discovery was made by researcher Felix Krause who summarized the functionality as being "the equivalent of installing a keylogger." Any external link opened from within the iOS app will trigger TikTok to monitor all keyboard entries and taps on the screen as you browse.

In response to this revelation, a TikTok spokesperson denied the claims being made:

"The report's conclusions about TikTok are incorrect and misleading. The researcher specifically says the JavaScript code does not mean our app is doing anything malicious, and admits they have no way to know what kind of data our in-app browser collects. Contrary to the report's claims, we do not collect keystroke or text inputs through this code, which is solely used for debugging, troubleshooting, and performance monitoring."

TikTok also points to a CNN interview from July with Michael Beckerman, VP, Head of Public Policy, Americas at TikTok denying keylogging is used by TikTok.

Krause readily admits that "just because an app injects JavaScript into external websites, doesn’t mean the app is doing anything malicious." In other words, only TikTok knows what data is being collected, transferred, and used, and based on what TikTok is saying, it's limited to ensuring the app is running bug-free.

If this all sounds very familiar, it's because Krause recently discovered that the Facebook and Instagram apps are doing the same thing. In response, Krause created InAppBrowser.com which can be launched from within an app you want to analyze. It produces a report explaining which JavaScript commands get executed. It's open source and Krause hopes the community will continue to improve it over time.

Interestingly, of all the apps analyzed by Krause so far, TikTok is the only one that doesn't have an option to open links using a device's default browser. However, according to a TikTok spokesperson, to use a browser outside the app would be a "suboptimal / clunky experience" and wouldn't allow the company to ensure a secure user experience.

Editors' Note: This story was upated with comment from TikTok.

View More
  • Share
  • 0 Comment(s)
  • Favorite

Read On:

The Plucky Squire is an adorable adventure that mixes 2D and 3D - The Verge - 2024-09-21 14:00:00
Ancient Hunters Strategically Targeted Reindeer-rich Territory - Ancient Origins - 2024-09-21 13:31:51
Divorced famous couple’s 23yo stuns - news.com.au - 2024-09-21 13:13:24
Scientists say melting Antarctic iceberg poses major sea level threat - Associated Press - 2024-09-21 12:05:06
'Need to go up another level': James Tedesco double leads wounded Roosters into blockbuster prelim final - Nine - 2024-09-21 12:01:13
Australian opens first dark matter lab in Southern Hemisphere | 9 News Australia - 9 News Australia - 2022-08-19 10:11:11
Crime and Corruption Commission to appeal decision to keep report into former Queensland public trustee secret - ABC News - 2022-08-19 03:50:02
Umar Patek was sentenced to 20 years in jail for his role in the 2002 Bali bombings but Indonesian authorities have reduced his jail term - ABC News - 2022-08-19 02:51:24
A Fair Work ruling aimed at delivering better conditions for home care workers means Maggie could lose her independence - ABC News - 2022-08-19 02:30:16
Kiama MP Gareth Ward committed to stand trial on historic sexual abuse charges - ABC News - 2022-08-19 02:28:39
Report this news
Captcha Challenge
Reload Image
Type in the verification code above