A software researcher recently claimed that China-owned TikTok’s in-app browser is capable of monitoring and recording user keystrokes, which the company has since confirmed. Of course, the Chinese company is quick to state that the code in its app is only used for “debugging,” but this may be another lie from the company known for its mistruths.
Forbes reports that TikTok has confirmed that it has the ability to monitor the activity of users when browsing the web via the platform’s in-app browser. TikTok can monitor the keystrokes that users type and what they click on a web page inside the in-app browser, meaning TikTok could capture a user’s credit card information or passwords.
Photographer: Justin Chin/Bloomberg via Getty Images
TikTok Influencers film video (MIGUEL MEDINA /Getty)
The issue was first noticed by Felix Krause, a software researcher based in Vienna, who published a report on the issue this week. “This was an active choice the company made,” Krause said. “This is a non-trivial engineering task. This does not happen by mistake or randomly.”
Krause is the founder of the app testing and deploying company Fastlane, which was acquired by Google five years ago. When reached for comment, TikTok vehemently denied tracking users’ activity on the in-app browser, but did confirm that those features do exist in the code.
Krause noted via Twitter that TikTok’s statement confirms his findings:
Wow, what an honour to have my work featured on @forbes
Including statements by TikTok confirming the code I found exists and does what I expected.https://t.co/1p8hOwQBWN via @richardjnieva pic.twitter.com/13M78cHEEy
— Felix Krause (@KrauseFx) August 18, 2022
“Like other platforms, we use an in-app browser to provide an optimal user experience, but the Javascript code in question is used only for debugging, troubleshooting and performance monitoring of that experience — like checking how quickly a page loads or whether it crashes,” TikTok spokesperson Maureen Shanahan said in a statement.
The company claims that the JavaScript code is part of a third-party software development kit (SDK) which includes features that the app does not use. TikTok has not revealed details about the SDK or what third-party makes it.
TikTok recently admitted that employees in China can access the data of users from the United States, including children. The company had previously denied that access from China occurred.
Breitbart News reported:
Bloomberg reports that the Chinese-owned viral video app TikTok has revealed that certain company employees based in China have access to the personal information of American users. The company’s admission came in a letter to nine U.S. senators who accused TikTok and its parent company, ByteDance Ltd., of monitoring U.S. citizens.
The senators asked TikTok whether China-based employees have access to U.S. users’ data, what role those employees play in developing TikTok’s algorithm, and if any of that information was shared with the Chinese government.
The CEO of TikTok parent company ByteDance, Shou Zi Chew, said in a June 30 letter that China-based employees who clear a number of internal security protocols can access certain information on U.S.-based TikTok users including public videos and comments. Chew claims that none of this information is shared with the Chinese government and is subject to “robust cybersecurity controls.”
Read more at Forbes here.
Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan
COMMENTS
Please let us know if you're having issues with commenting.