News

Software developer discovers TikTok can register every tap you make, including images and links you click on – so should you be concerned?

TikTok may be privy to every tap on the screen you make and every link you click on, a security and privacy researcher warns.

Using software he developed, Felix Krause – who has previously worked at Google and Twitter – found TikTok uses a code that monitors all keyboard inputs and taps, and says it is a potential privacy risk for users.

“When you open any link on the TikTok iOS app, it’s opened inside their in-app browser,” Krause wrote in a blog post on his website.

Watch the latest News on Channel 7 or stream for free on 7plus >>

A user may be prompted to click on a link multiple times while using TikTok, such as when clicking on an ad or opening a link in someone’s bio.

While using the browser inside the app, TikTok “subscribes to all keyboard inputs”, which includes passwords and credit card information.

Krause says while we cannot know what TikTok uses the subscription for, “from a technical perspective, this is the equivalent of installing a keylogger on third party websites”.

TikTok is also able to register every tap on the screen, which includes any tap on a button link, image or “other component on websites rendered inside the TikTok app”.

“TikTok iOS uses a JavaScript function to get details about the element the user clicked on, like an image,” he said.

In a statement provided to Forbes.com, TikTok said it does use the code which Krause found – but only for “debugging, troubleshooting and performance monitoring of that experience”.

TikTok said it does use the code which Krause found – but only for ‘debugging, troubleshooting and performance monitoring of that experience’. File image. Credit: Kiichiro Sato/AP

Krause does provide a solution to get around using an in-app browser, however it does not apply to TikTok.

“Most in-app browsers have a way to open the currently shown website in Safari. As soon as you land inside an in-app browser, use the Open in Browser feature to switch to a safer browser,” he said.

“If that button isn’t available, you will have to copy and paste the URL to open the link in the browser of your choice. If the app makes it difficult to even do that, you can tap and hold a link on the website and then use the Copy feature, which can be a little tricky to get right.

“TikTok doesn’t have a button to open websites in the default browser.”

The privacy researcher said there is “most likely” some motivation behind companies, such as TikTok, tracking users’ activities using an in-app browser, but assured users the app does not actually steal their passwords or personal addresses.

“I wanted to showcase that bad actors could get access to this data with this approach,” he said.

Source link
[the_ad id=”1767″]

Leave a Reply

Your email address will not be published.