TikTok browser can track users' keystrokes, according to new research
If you use TikTok's in-app browser to access websites, here's a warning: it could be tracking every keystroke you make.
According to a report published on Thursday (Aug 18) by Vienna-based researcher Felix Krause, this happens when TikTok users access websites through a link in the app, rather than through browsers such as Google's Chrome or Apple's Safari.
The app inserts code that makes it possible to monitor activity like what users are tapping on the site. This could allow TikTok to capture user information, including credit card numbers and passwords.
The research has surfaced as the Chinese-owned video-sharing platform is running into US lawmakers' concerns over its data practices.
Mr Krause, 28, said he could not determine if keystrokes were actively being tracked and data was being sent to TikTok.
TikTok said the report was "incorrect and misleading" and insisted the feature was used for "debugging, troubleshooting and performance monitoring".
"Contrary to the report's claims, we do not collect keystroke or text inputs through this code," TikTok said.
But Mr Krause said the development was concerning because it showed TikTok had built in functionality to track users' online habits if it chose to do so.
Collecting information on what people type on their phones while visiting outside websites is often a feature of malware and hacking tools.
While major technology companies might use such trackers when they test new software, it is not common for them to release a major commercial app with the feature, whether or not it is enabled, the New York Times reported.
The research could raise further questions for TikTok, which is owned by the Chinese tech company ByteDance, with US government officials scrutinising whether the popular app could endanger national security by sharing information about Americans with China, the newspaper reported.
Apps sometimes use in-app browsers to prevent people from visiting malicious sites or to make online browsing easier with the auto-filling of text.
Facebook and Instagram can use in-app browsers to track data like what sites a person visited, what they highlighted and which buttons they pressed on a website, but according to Mr Krause, TikTok goes further by using code that can track each character entered by users.
Mr Krause, who reportedly has links to Google, said he carried out the research only on Apple's iOS operating system, and noted that any keystroke tracking by TikTok would occur only within its in-app browser.
Get The New Paper on your phone with the free TNP app. Download from the Apple App Store or Google Play Store now