Tik-Tok users have a new privacy threat looming in the background. Apparently, the popular app’s custom in-app browser specifically on iOS injects JavaScript codes into external websites. This is a cause of concern because it allows the app to monitor “all keyboard inputs and taps.” Even a small click could mean that you are under surveillance and that there is a threat to your security. TikTok hasn’t accepted the security reports and has denied that the code is harmful in any way to the users. Read along to know more.
The What and Why
TikTok is an app that enjoys its fair share of popularity. Given its large user base, a security threat pertaining to the app can be alarming. The allegations put forth by security researcher Felix Krause are thus a cause of concern for TikTok users.
According to Krause’s reports, users’ sensitive details like passwords and credit card information aren’t safe because of the In-App browser that “subscribes” to all keyboard inputs.
“From a technical perspective, this is the equivalent of installing a keylogger on third-party websites,” said Krause who also mentioned that injecting JavaScript doesn’t imply that the app is doing anything potentially malicious to the user.
While a TikTok spokesperson acknowledged the JavaScript code, they denied that it is being used for anything malicious. The code is apparently used for debugging, troubleshooting, and for monitoring the performance in order to ensure an “optimal user experience.”
If the assurance given by TikTok isn’t reassuring enough, users indeed have a way to make sure that their devices are protected from any potential breach of privacy and security. According to Krauser, users can protect themselves by switching to viewing a link in the platform’s default browser.
“Whenever you open a link from any app, see if the app offers a way to open the currently shown website in your default browser,” added Krauser. Apparently, the analysis revealed TikTok to be the only app that doesn’t offer this alternative. Apart from TikTok, the other two apps which inject JavaScript code are Instagram and Facebook which lets the app track user activity.
