Buzz
According to a report from a cybersecurity expert, TikTok's browser on iPhone has inserted JavaScript code into external websites, allowing tracking of everything...
According to cybersecurity expert Felix Krause, TikTok's in-app browser has closely monitored all user keyboard interactions when accessing external websites, including sensitive information like passwords, credit card details, and touchscreen gestures.
'From a technical standpoint, it's equivalent to installing a keylogger on a third-party website' - emphasized Felix Krause. However, this cybersecurity expert also affirmed that an app inserting JavaScript into external websites does not necessarily mean the app is doing anything harmful.
In a statement shared with Forbes magazine, a TikTok spokesperson admitted to the JavaScript code in question but insisted it's only used for debugging, issue detection, and performance monitoring to ensure optimal user experience, such as checking if a website loads quickly or experiences interruptions.
Security expert Felix Krause recommends users switch to viewing links in the default browser of their operating system, such as Safari on iPhone or iPad, for added peace of mind.
According to Krause, Facebook and Instagram are two apps that inject JavaScript code into external websites loaded in the in-app browser, enabling them to track user activities. However, on Twitter, a spokesperson for Meta asserts that the company develops this code for users who opt for App Tracking Transparency on the platform.
Felix Krause has developed a simple tool for people to check if an in-app browser injects JavaScript code when accessing a website or not. Users just need to open the app they want to analyze, share the InAppBrowser.com address with someone via the app, possibly by direct messaging, clicking on an internal link within the app to open it in the in-app browser, and then read the detailed report.
