TikTok's in-app browser found to be recording your keystrokes

AlphaX

Posts: 22   +6
Staff
WTF?! Felix Krause, a software researcher and founder of Fastlane, recently made reports about popular social app TikTok. Krause claims that JavaScript code embedded into the in-app browser is currently being used to track keystrokes, screen taps, copied text, etc. Krause deems this to be a major security concern. TikTok claims that this code is strictly for debugging purposes, and is in no way used to track or log a user's information while they are using the app.

TikTok is widely regarded as one of the most popular mobile apps today, especially among the young. With 2.6 billion downloads since its launch in 2016, and TikTok's claims of up to one billion active global users, that statement certainly holds its weight.

TikTok has had its fair share of security concerns in the past, with even the commissioner of the FCC, Brendan Carr, calling on Apple and Google to remove it from their respective app stores. These concerns were recently made more prominent with a report released by Felix Krause, a well-known software researcher and founder of Fastlane.

Krause states that TikTok has JavaScript code embedded into the in-app browser, used when users tap on links while scrolling through the app. He notes that the code being embedded into the browser is not the concern, as nearly all apps with integrated browsers have this form of code, including Facebook, Instagram, and Snapchat. Where the concern lies is what the JavaScript code is intending to do while the user interacts with the browser.

Krause reveals that the code is tracking the location of screen taps, what text a user copies while in the browser. But most importantly, the code tracks every single keystroke someone makes during their time inside the browser. The first two points are not as concerning, Krause notes. Multiple apps also track screen taps and copied text. However, TikTok was the only app during his testing that logged keystrokes in any way. This is undoubtedly a major security concern for users, Krause insists.

TikTok was quick to attempt to disprove Krause's report, insisting the JavaScript code containing keylogging, screen tap data, and logging copied links from users is used strictly for debugging.

The company further points out that the code was included in a "third-party software development kit," also known as an SDK, and that the security concerns within the code are not being used or monitored by TikTok. However, when questioned regarding this, TikTok did not answer questions regarding the SDK or who specifically made it.

The rise of TikTok has brought with it monumental controversy. Since its early days, there's been concerns about TikTok's parent company being closely linked to the Chinese government. The letter from the FCC commissioner claiming that the app is used to essentially provide surveillance and extract data from the user was just the last of many calls to stop using the app.

Krause's findings simply add another reason to stop using TikTok. But will users and content creators care? The security concerns may far exceed the entertainment value that TikTok provides to some, but last we checked TikTok's ad revenue was predicted to hit $11 billion, more than Twitter and Snapchat combined.

Permalink to story.

 

Rocky4040

Posts: 103   +136
No really who would have thought /s being where it was developed why would this surprise anyone. Tne again I'm pretty sure most online social media sites record key strokes and use your info and the data you provided to them on their sites is used for their own purposes such as selling to advertizers.
 

Dsirius

Posts: 233   +446
So Tik Tok tries to do what Google, Microsoft, Facebook are doing for decades.
Fascinating old news.
Let's improve this title.
TikTok caught doing what Google, Microsoft, Facebook are doing for decades, like recording your keystrokes. Are they trying to catch up?
Oh, are Google Microsoft, Facebook linked to NSA, CIA and USA government?
Take it, I made this article more interesting.
It's controversial only when others are doing what US government is doing through their corporate proxies like Google, Microsoft, Facebook, Twitter etc. This is the result of american lame propaganda when US has double standards and promote Orwellian double thinking.
Oh and check who this Krause Felix really is, a "genuine" hypocrite:
So this Felix Krause is in bed with at least Google, Twitter, and is payed by the corporations which are TikTok competitors. How pathetic this dude's claims are accounting TikTok while discounting Google and Twitter.
And this just because TikTok is better than US competition and Facebook, Google, Instagram, Twitter are loosing hard.
 
Last edited:

m4a4

Posts: 2,999   +3,911
TechSpot Elite
Decided to download the app once for a joke. Only opened it once for a few seconds just to show the person...
Then a few months later, going through my phone to clear old apps, and saw it was taking over 1GB of space. Turns out, the user data was half of it (for only opening once). Why? Not even Google's apps stored that much stuff.

Needless to say, it was a quick and easy uninstall
 

Dsirius

Posts: 233   +446
"Endymio, post: 1980897, member: 456382"]
Funny, I don't recall any of those recording my keystrokes for use by an authoritarian communist dictatorship. Since it's been happening for "decades", could you provide a link verifying this?
[/QUOTE]

I can help u, ask US government (probably your government) about Eduard Snowden, Chelsea Manning, those are 2 among of many US citizens living proofs about US real Orwellian spying dictatorship against the world. Also ask about Julian Assange. Or check yourself about them, u may discover real inconvenient truths.
Can u do this and get an honest answer without getting in troubles after? Wish u good luck.
And being honest with ourselves, any government which is spying the entire world including it's own citizens is at least a concealed dictatorship regardless of political façade. Or do u think that a corporate capitalist dictatorship is way better? Either of them is wrong.
 
Last edited:

Tams80

Posts: 121   +82
So Tik Tok tries to do what Google, Microsoft, Facebook are doing for decades.
Fascinating old news.
Let's improve this title.
TikTok caught doing what Google, Microsoft, Facebook are doing for decades, recording your keystrokes. Are they trying to catch up?
Oh, are Google Microsoft, Facebook linked to NSA, CIA and USA government?
Take it, I made this article more interesting.
It's controversial only when others are doing what US government is doing through their corporate proxies like Google, Microsoft, Facebook, Twitter etc. This is the result of american lame propaganda when US has double standards and promote Orwellian double thinking.
Oh and check who this Krause Felix really is, a "genuine" hypocrite:
So this Felix Krause is in bed with at least Google, Twitter, and is payed by the corporations which are TikTok competitors. How pathetic this dude's claims are accounting TikTok while discounting Google and Twitter.
And this just because TikTok is better than US competition and Facebook, Google, Instagram, Twitter are loosing hard.

No mention that TikTok may well be sharing that data with an authoritarian dictatorship committing genocide?
I mean, I have no love for any of those companies (though do appreciate some of their products), but I trust the US a hell of a lot more.

So, I'm not sure why you're out in defence of TikTok here?

We'd also take your more seriously if you stopped with the text speak. Some poor English is fine, but things like "u" instead of "you" and a lack of paragraphs say a lot about you.
 

MyIOnU

Posts: 95   +239
There is no pity for those that use CCP thic thot anyway. Thic thot is their tool to spread propaganda and destroy Western culture. They don't even let their own people to get on the Western version. Chinese people have their own thic thot.
 

Dsirius

Posts: 233   +446
No mention that TikTok may well be sharing that data with an authoritarian dictatorship committing genocide?
I mean, I have no love for any of those companies (though do appreciate some of their products), but I trust the US a hell of a lot more.

So, I'm not sure why you're out in defence of TikTok here?

We'd also take your more seriously if you stopped with the text speak. Some poor English is fine, but things like "u" instead of "you" and a lack of paragraphs say a lot about you.
Curious how u or "you" care so much about my non-native English instead of the topic. If U took it too personal this will only hinder your chances to become objective.

Since u opened the Pandora box let's clear things up.
About dictatorship committing genocide - who do u refer to?
1. China, which allegedly committed genocide claimed by US with some real concerning evidence but warped up in such a lame american propaganda;
2. USA, which already committed genocide against native (indigen) population so they could claim that they colonized the land which is now US, (this is proven historical fact). And continues to do it nowadays too, just that in a more sophisticated ways in other parts of the world. Yemen, Irak, Afghanistan do they ring a bell?

And the answer may be a surprising one for u. Both, and in general all of the governments which did this are accountable!

So back to the topic.
Google, Microsoft, Facebook, Instagram, Twitter, Apple and TikTok, all of them, are spying and stealing users data and brake the laws.
I was pointing out that all of these US corporations, Google, Microsoft, Facebook, Instagram, Twitter, etc. do this for a long time and more successfully than TikTok. TikTok started recently and hey, they are catching up fast.
To wrap things up, here is about competition and not about a smoking political screen which some desperately tries to deflect to.
The real concern and drama for american corporations is that in fact TikTok is better than them, the competitors. TikTok is better, easier to use, has a more modern and friendly interface and do not drawn users in political lame american propaganda like infamous Facebook and Twitter.
When american corporations mentioned are loosing hard they suddenly do not like competition anymore, or the "free market", which in their vision is without regulations.

Unfortunately US corporations chose to react by whinning, paying campaigns to smear the competition and accusing TikTok of the exact reprobable things which they are doing for years and meanwhile doing others much worse.
These US corporations become so corrupted that they are unable to play fair at all.
Rather Google, Microsoft, Facebook, Instagram, Twitter, all of these US corporations have to start innovating fast to improve their outdated products and competing transparently and fair, like in all players respecting the same rules.

 
Last edited:

ShadowDeath

Posts: 201   +197
I mean it is 100% spying no matter what they say. Even when the app is closed it's sending information to their servers. Use something like glasswire to track traffic your app's traffic and you'll see what I mean.
 
Last edited: