Tiktok can track every screen and keyboard tap of its users, an expert reveals

Tiktok can track every screen and keyboard tap of its

Tiktok denies that it uses code to spy on its users. The data security expert advises to use the phone’s default browser to open links.

When a Tiktok user follows a link displayed in the application to a website, it inevitably opens in Tiktok’s own browser – not, for example, Chrome or Safari, which the phone owner normally uses to visit websites.

In its own in-app browser, Tiktok can track its user’s activity, for example every tap on the screen or text entered on the keyboard. In theory, Tiktok would thus be able to obtain, for example, a user’s credit card information or passwords.

The tracking code used by Tiktok and other social media companies has been discovered by an information security expert Felix Krausewho has published the information in his new blog in the report (you switch to another service).

– This is a conscious decision made by the company. It is not a simple coding, and this kind of thing does not happen accidentally or by chance, Krause comments on the results of his report For Forbes (you will switch to another service).

Tiktok: We just want to provide an optimal user experience

Tiktok admitted to Forbes that its code allows users to track their browser activity in the way Krause described. However, Tiktok strongly denies that it actually uses the code to track users.

Spokesman Maureen Shanahan commented to Forbes that, like other platforms, Tiktok uses an in-app browser “to provide an optimal user experience”, and that the code is used only for troubleshooting and for activities that monitor the performance of sites.

Krause’s investigation also found no evidence that Tiktok or, for example, applications owned by Meta such as Facebook, Instagram and Messenger would collect data from their users in that way or connect it to individual users.

In the report, Krause emphasizes that the social media companies in question do not actually spy on people’s credit card or password information, but wants to show by example that it is possible. He warns of the consequences if that code is misused.

Krause advises to always open application links with the phone’s default browser, and not with the application’s own browser. For example, Meta company’s applications also offer this possibility.

Tiktok was the only one of the applications tested by Krause, whose links could not be opened with anything other than Tiktok’s own browser.

yl-01