AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content.
TikTok’s in-app browser injects JavaScript into external websites, allowing the app to monitor all input, including passwords and credit card numbers.
In 2020, it was discovered that TikTok had been accessing users’ clipboards. Now, TikTok has been found snooping on its users once again.
According to security researcher Felix Krause, whenever users open a link in TikTok, the app is then allowed to monitor everything a user does on that external website. This includes anything typed, as well as taps on buttons and links.
“This was an active choice the company made,” Krause told Forbes. “This is a non-trivial engineering task. This does not happen by mistake or randomly.”
A TikTok spokesperson told Forbes that the code isn’t malicious but instead is used for “debugging, troubleshooting, and performance monitoring.”
Additionally, TikTok claimed that the JavaScript is part of a third-party software development kit but did not disclose who made it.
Krause could not say whether or not TikTok has been collecting data from users, merely that it can.
To avoid being monitored, Krause suggests opening links shared in TikTok — and nearly every other service with an in-app browser — with Safari.
