According to a recent study shared with Forbes, when TikTok users reach a website via a link on the app, TikTok installs code that can track most of their activities on those other websites, including their keystrokes and whatever they tap on the page. TikTok might utilize the tracking to obtain a user’s credit card information or password.
TikTok has the capacity to monitor such behavior due to changes it makes to websites using the company’s in-app browser, which is included with the app. When users click on TikTok adverts or view links on a creator’s profile, the app does not launch the website in a standard browser such as Safari or Chrome.
Instead, it uses a TikTok-created in-app browser that allows you to rewrite sections of web pages.
TikTok can track this behavior by inserting lines of the programming language JavaScript into the websites viewed within the app, resulting in the creation of new commands that notify TikTok to what users are doing on those websites.
“This was an active choice the company made,” said Felix Krause, a Vienna-based software researcher who released a paper on his findings. “This is a non-trivial engineering task. This does not happen by mistake or randomly.” Krause founded Fastlane, a service for testing and delivering apps that Google purchased five years ago.
TikTok firmly refuted the notion that it tracks users in its in-app browser. The company confirmed that certain functionalities are included in the code, but TikTok does not use them.
“Like other platforms, we use an in-app browser to provide an optimal user experience, spokesperson Maureen Shanahan said in a statement. “But the Javascript code in question is used only for debugging, troubleshooting and performance monitoring of that experience — like checking how quickly a page loads or whether it crashes.”
According to the company, the JavaScript code is part of a third-party software development kit, or SDK, which is a collection of tools used to create or manage apps. The SDK provides functionalities that the app does not use. TikTok did not respond to queries regarding the SDK or who created it.
While Krause’s study discloses the code that companies such as TikTok and Facebook parent Meta put into websites via their in-app browsers, it does not indicate that these companies are really collecting data, sending it to their servers, or sharing it with other parties. The tool also does not indicate if any of the activity is associated with a user’s identity or profile. Despite the fact that Krause was able to discover a few concrete examples of what the applications can track (such as TikTok’s capacity to record keystrokes), he stated that his list is not complete and that the companies might be monitoring more.
- Apple has Unveiled an Open-Source LLM Model - July 31, 2024
- Anthropic Has Released Claude 3.5 Sonnet to Rival GPT-4o and More - July 1, 2024
- China’s Text-to-Video AI Tool Emerges as a Competitor to Sora - June 24, 2024
