Williamsport, Pa. — TikTok users concerned about their privacy might want to avoid the in-app browser after new research from Felix Krause indicates that the browser could be logging keystrokes or inputs.
Krause, a web developer, has claimed that TikTok tracks every input a user makes while using their in-app browser.
“TikTok iOS subscribes to every keystroke (text input) happening on third party websites rendered inside the TikTok app,” Krause’s blog states.
“This can include passwords, credit card information and other sensitive user data…. We can’t know what TikTok uses the subscription for, but from a technical perspective, this is the equivalent of installing a keylogger on third party websites,” he wrote.
TikTok provided a statement confirming that these procedures are indeed within the code, but that the application does not use them.
“The report’s conclusions about TikTok are incorrect and misleading,” a TikTok spokesperson said. “The researcher specifically says the JavaScript code does not mean our app is doing anything malicious, and admits they have no way to know what kind of data our in-app browser collects. Contrary to the report’s claims, we do not collect keystroke or text inputs through this code, which is solely used for debugging, troubleshooting, and performance monitoring.”
Brendon Egan, a tech expert, questions the validity of TikTok’s statement due to parent company ByteDance being partly owned by the Chinese government.
“The Chinese Communist Party actually has a large ownership stake in their parent company,” Egan said. “There’s obviously very wide-reaching security concerns.”
The Chinese government holds a one percent stake in the company. However, they do also have one of the company’s three board of director seats.
TikTok has routinely denied that they share user data with the Chinese government dating back to 2020 when then President Donald Trump attempted to ban the app back in 2020 via executive order. This was later rescinded by the Biden administration last year.
There’re also concerns about data collection through TikTok’s recently announced “election center,” according to Egan.
It’s possible they could collect individuals’ political beliefs and who they’re voting for through their “keystroke logging,” said Egan.
Egan said that users looking to limit their risk for data collection on TikTok don’t have many options.
“When it comes to your web browser on your computer or your phone…there are security measures you can take to mitigate risk of third-party websites collecting data from you,” said Egan. “When it comes to actually using and downloading a native mobile application…there really isn’t much you can do on your own to control what they collect.”
Egan also questioned why application storefronts like the GooglePlay and the Apple App Store, among others, aren’t doing anything despite “heavily scrutinizing everything” on their storefronts.
“My company builds apps for businesses,” Egan said. “If we build an app…for any business, we submit that to the app store, and it gets scrutinized. We’ve seen apps that get flagged for the most ridiculous things in the world. Like, if we don’t have our ‘Ts’ crossed and our ‘Is” dotted in our privacy policy or what we’re collecting, they just flat-out reject those applications…. Why aren’t these app stores doing something about this for the privacy of their users?”
Egan indicated that this could be due to the companies having certain financial incentives not to remove TikTok, which has surpassed 1 billion users this year. Egan said it was especially concerning to see Apple not take a stand after they cracked down on targeted ads, which saw Snapchat shares plummet by 90-percent in July.
Egan said that these “big tech companies” seem to be “turning a shoulder to TikTok” despite the app “doing something that’s clearly against app store policies.”
Despite being for “free enterprise,” Egan said he felt that it’s necessary for the government to get involved whether through the Federal Trade Commission, the Department of Justice, or other entity.
“We can’t have big tech companies picking and choosing who they let follow the rules and who they don’t,” Egan said.
In a response to NorthcentralPa.com’s request for comment, an FTC spokesperson said they can’t comment on specific companies’ actions.
