- TikTok denies claim of scrapping user’s data.
- The developer learned about past privacy and security issues.
TikTok, a well-known platform for short videos, refuted allegations that its in-app browser was used to “scrape” passwords, credentials, and other sensitive information from its users.
Developer Felix Krause claimed that a code in TikTok’s iOS app enabled the corporation to track “all keystrokes, including passwords, and all touches.”
The developer learned about past privacy and security issues after working with Twitter and Google in the past.
The developer said on Twitter and in a blog post that clicking a link within the TikTok iPhone app launches an in-app browser.
👀 TikTok, when opening any website in their app, injects tracking code that can monitor all keystrokes, including passwords, and all taps.https://t.co/TxN1ezZX71 pic.twitter.com/pQcX5vrEXc
— Felix Krause (@KrauseFx) August 18, 2022
His research was disturbing because it was reported on by numerous media websites. Krause added that it’s challenging to determine how the video-making app uses the subscription, which limited his own findings.
From a technical standpoint, he added, “This is the equivalent of installing a keylogger on third party websites.”
Krause said that his analysis “doesn’t say TikTok is actually recording and utilising this data” in an online chat.
During the session, he stressed that he was unable to discuss whether or how the system was actually being used.
However, TikTok has categorically denied the accusation. The representative for the video-sharing website described the report as “misleading and wrong.”
The code is only used for “debugging, troubleshooting, and performance monitoring,” according to TikTok.
The program does not log keystrokes and uses an in-app browser like other apps.
Zach Edwards, a freelance researcher in privacy and cybersecurity, has also examined the code used by the iOS version of the video-sharing service.
He claimed that the only method to determine whether an app genuinely scrapes forms, such as password form fields, is to watch the type of data the application transmits to its servers.
Edwards claimed that Felix was making TikTok appear worse than they actually were, which was terrible because they are not great.
Edwards, though, believes that users should be able to disable in-app browsers since he considers them to be “wildly dangerous” because they let apps scrape private information.