Notebookcheck Logo

TikTok found to be monitoring all keyboard inputs and taps on iOS

TikTok for iOS is monitoring user input (Source: Cybernews)
TikTok for iOS is monitoring user input (Source: Cybernews)
Recent research has shown that the TikTok iOS app opens any links inside an in-app browser and all interaction with the website is being recorded. This info can include passwords, credit card information, addresses, and so on. Although TikTok confirmed the existence of such features, the company also denied using them.

Back in mid-June, we heard that the private data of TikTok users allegedly ended up in China. The popular short-form video hosting service owned by Chinese company ByteDance is now back in the spotlight and this time a spokesperson confirmed the existence of spyware-like features in the iOS app. However, the TikTok representative also claims that these features are not being used for anything malicious.

Two days ago, fastlane.tools founder Felix Krause published a follow-up to his August 10 article on iOS privacy. One week after he unveiled that Instagram and Facebook can track all the user's actions that take place in their in-app browser, he discovered that the same thing happens with TikTok.

According to Krause, "TikTok iOS subscribes to every keystroke (text inputs) happening on third party websites rendered inside the TikTok app. This can include passwords, credit card information and other sensitive user data. (keypress and keydown). We can’t know what TikTok uses the subscription for, but from a technical perspective, this is the equivalent of installing a keylogger on third party websites."  

In addition to the above, he mentioned that TikTok iOS also detects every tap on-page elements such as buttons, links, images, sliders, and so on. The app uses a JavaScript function to get detailed information on the element clicked on by the user.

For now, TikTok does not offer an option to open links using the default system browser, something that Instagram and Facebook (including Meta's proprietary instant messaging app and platform Messenger) have been providing for a while to the users of their mobile apps. 

Obviously, dropping the dedicated TikTok app and using the entire platform in a Web browser might help avoid the security risks mentioned above. However, according to a statement by TikTok spokesperson Maureen Shanahan, the aforementioned spyware-like features exist in the code, but they are not used to spy on the users. "Like other platforms, we use an in-app browser to provide an optimal user experience, but the Javascript code in question is used only for debugging, troubleshooting and performance monitoring of that experience — like checking how quickly a page loads or whether it crashes," she was quoted saying by Forbes.com.

Buy Social Media Marketing for Small Business 2022: 6 books in 1 (by Kelly Lee) on Amazon

Source(s)

Read all 10 comments / answer
static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
.170
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2022 08 > TikTok is monitoring all keyboard inputs and taps on iOS
Codrut Nistor, 2022-08-20 (Update: 2022-08-20)