TikTok's in-app browser can track clicks and keystrokes

TikTok has been under fire by more than just users for its bizarre security overreaches. The U.S. government has also been at TikTok for being a potential security threat. New research has also revealed now that TikTok doesn’t just collect your data while using the app–it’s also reading everything you click and type if you click on a link within the app.

Security researcher Felix Krause announced the launch of a tool called InAppBrowser, a tool that lists all of the JavaScript commands executed by an iOS app as the in-app browser renders a webpage. Krause demonstrated what the tool could do by analyzing popular iOS apps that include an in-app browser.

Krause’s data revealed that TikTok, Instagram, Facebook Messenger, and Facebook all modify webpages that are opened in the in-app browser. “This includes adding tracking code (like inputs, text selections, taps, etc…), injecting JavaScript files, as well as creating new HTML elements.”

Krause also says that they fetch metadata, but that this is “harmless.”

Digging further, Krause found that TikTok committed some of the worst offenses in this realm. TikTok’s in-app browser monitors all of a users’ keyboard inputs and taps. Basically, if you open a web page within the TikTok app and enter in credit card details, TikTok now has access to those details. It’s also the only app that does not allow users to open the link in the device’s default browser. Basically, TikTok forces you to use the in-app browser.

In confirmation to Forbes, a TikTok spokesperson said that “the JavaScript code in question is used only for debugging troubleshooting, and performance monitoring of that experience.”

She also stated that it’s needed to provide “an optimal user experience.”

Krause added on that some apps can even hide their JavaScript activity from his InAppBrowser tool, which means that even more could be happening behind the scenes.


Hey, thanks for reading DZSH! Check out our newsletter too so you can always stay in the loop!

Zainah Yousef is the author of The Fallen Age Saga and specializes in gaming, social media advice, and reviews. She's been writing all her life and she probably won't stop anytime soon.