According to a recent revelation, TikTok's in-app browser inserts JavaScript code into external websites, enabling it to monitor "all keyboard inputs" made by users when they engage with those websites.
One of the most widely used social media sites today is TikTok. Although iOS prohibits such tracking through features like App Tracking Transparency, security researcher Felix Krause alleges that TikTok employs atypical techniques to keep tabs on its users. The study asserts that the software can capture all keyboard inputs while a user interacts with an external website thanks to the JavaScript code injection.
Simply put, that implies that any private information you type into the TikTok app's in-app browser, including passwords and credit card numbers, may be recorded. The researcher, on the other hand, does not think that adding JavaScript to a website is hostile behaviour.
A TikTok representative acknowledged the app's peculiar behaviour in a statement to Forbes, but they also said that the company uses the information provided by the script to debug, troubleshoot, and monitor performance to maintain a "optimal user experience."
And TikTok isn't the only app. Krause discovered that other social networking apps, including Facebook and Instagram, use their in-app browsers in a manner that is similar to hers. The business "deliberately created this code to honour people's App Tracking Transparency (ATT) settings on our platforms," a Meta representative said.
To avoid potentially harmful JavaScript code, Krause urges users to switch to Safari whenever they open a link on their social media apps. If an app injects JavaScript code into external websites, he also provided a tool called InAppBrowser.com. More information on it is available right here.
