Businesses often don’t suspect that apps on employees’ phones could be a risk. However, both Facebook and Tiktok have been shown to track your activity in the app and beyond.
TikTok can also track your keystrokes through its in-app browser, research shows.
According to research by Felix Krause, founder of the app-testing company Fastlane, when users access a website through Tiktok’s app, the app inserts code that allows TikTok to monitor activity such as keystrokes. This could enable TikTok to obtain personal information like passwords and even credit card numbers, though the company claims it does not.
Krause told Forbes Magazine, “This was an active choice the company made. This does not happen by mistake or randomly.”
In response, TikTok issued a statement that described the report as “incorrect and misleading,” noting that the researcher says that the code’s existence does not mean the app has malicious activity. The company said, “Contrary to the report’s claims, we do not collect keystroke or text inputs through this code, which is solely used for debugging, troubleshooting and performance monitoring.”
This research adds to long-term security concerns about TikTok and its ownership by the Chinese company ByteDance. Some US officials say that ByteDance could share American data with the Chinese government, and is thus a threat to national security.
Krause tested several iPhone apps that use in-app broswers, including Facebook Messenger, Instagram, Snapchat, Amazon, and TikTok. Of these, Krause stated that only TikTok appears to track keystrokes.
See cnet.com for more about the article by Bree Fowler.