TikTok browser can track users’ keystrokes, according to new research
The web browser used within the TikTok app is capable of tracking every keystroke made by its users, according to new research emerging as the Chinese-owned video app grapples with US lawmakers’ concerns about its practices. of data.
Research by Felix Krause, a privacy researcher and former Google engineer, did not show how TikTok used the feature, which is built into the in-app browser that opens when someone clicks on an external link. But Krause said the development was troubling because it showed TikTok had built-in features to track users’ online habits if he chose to.
Collecting information about what people type on their phones while visiting external websites, which can reveal credit card numbers and passwords, is often a feature of malware and other hacking tools. While major tech companies can use such trackers when testing new software, it’s not common for them to release a major commercial app with the feature, whether it’s enabled or not, the researchers said.
In a statement, TikTok, which is owned by Chinese internet company ByteDance, said Krause’s report was “incorrect and misleading” and that the feature was used for “debugging, troubleshooting and performance monitoring.”
“Contrary to the report’s claims, we do not collect keystrokes or text input via this code,” said TikTok.
Krause said he was unable to ascertain whether the keystrokes were actively monitored and whether such data was being sent to TikTok.
The research could raise questions for TikTok in the United States, where government officials examined whether the popular app could endanger U.S. national security by sharing information about Americans with China. Although the debate in Washington over the app had retreated under the Biden administration, new concerns have emerged in recent months following revelations from BuzzFeed News and other media outlets about TikTok’s data practices and ties to its Chinese parent.
Krause said he conducted the research on TikTok only on Apple’s iOS operating system and noted that keystroke detection would only occur within the in-app browser.
In a CNN interview in July, Michael Beckerman, a political executive at TikTok, denied that the company logs users’ keystrokes, but acknowledged that it monitors their patterns, such as how often they type, to protect against fraud. .
This article originally appeared in the New York Times.