TikTok's In-App Browser Reportedly Capable of Monitoring Anything You Type

TikTok's custom in-app browser on iOS reportedly injects JavaScript code into external websites that allows TikTok to monitor "all keyboard inputs and taps" while a user is interacting with a given website, according to security researcher Felix Krause, but TikTok has reportedly denied that the code is used for malicious reasons.

tiktok logo
Krause said TikTok's in-app browser "subscribes" to all keyboard inputs while a user interacts with an external website, including any sensitive details like passwords and credit card information, along with every tap on the screen.

"From a technical perspective, this is the equivalent of installing a keylogger on third party websites," wrote Krause, in regards to the JavaScript code that TikTok injects. However, the researcher added that "just because an app injects JavaScript into external websites, doesn't mean the app is doing anything malicious."

In a statement shared with Forbes, a TikTok spokesperson acknowledged the JavaScript code in question, but said it is only used for debugging, troubleshooting, and performance monitoring to ensure an "optimal user experience."

"Like other platforms, we use an in-app browser to provide an optimal user experience, but the Javascript code in question is used only for debugging, troubleshooting and performance monitoring of that experience — like checking how quickly a page loads or whether it crashes," the statement said, according to Forbes.

Krause said users who wish to protect themselves from any potential malicious usage of JavaScript code in in-app browsers should switch to viewing a given link in the platform's default browser if possible, such as Safari on the iPhone and iPad.

"Whenever you open a link from any app, see if the app offers a way to open the currently shown website in your default browser," wrote Krause. "During this analysis, every app besides TikTok offered a way to do this."

Facebook and Instagram are two other apps that insert JavaScript code into external websites loaded in their in-app browsers, giving the apps the ability to track user activity, according to Krause. In a tweet, a spokesperson for Facebook and Instagram parent company Meta said that the company "intentionally developed this code to honor people's App Tracking Transparency (ATT) choices on our platforms."

Krause said he created a simple tool that allows anyone to check if an in-app browser is injecting JavaScript code when rendering a website. The researcher said users simply need to open an app they wish to analyze, share the address InAppBrowser.com somewhere inside the app (such as in a direct message to another person), tap on the link inside the app to open it in the in-app browser, and read the details of the report shown.

Apple did not immediately respond to a request for comment.

Update: A spokesperson for TikTok issued the following statement to MacRumors.

"The report's conclusions about TikTok are incorrect and misleading. The researcher specifically says the JavaScript code does not mean our app is doing anything malicious, and admits they have no way to know what kind of data our in-app browser collects. Contrary to the report's claims, we do not collect keystroke or text inputs through this code, which is solely used for debugging, troubleshooting, and performance monitoring."

According to the TikTok spokesperson, the JavaScript code is part of a software development kit (SDK) that TikTok is leveraging, and the "keypress" and "keydown" functions mentioned by Krause are common inputs that TikTok does not use for keystroke logging.

Tag: TikTok

Top Rated Comments

sniffies Avatar
6 weeks ago
TikTok is a tikking bomb that needs to be defused ASAP.
Score: 53 Votes (Like | Disagree)
DHagan4755 Avatar
6 weeks ago
It's owned by a Chinese company with alleged ties to the CCP. If you're concerned about it, don't use it. It's quite simple.
Score: 52 Votes (Like | Disagree)
bigandtasty Avatar
6 weeks ago
We were told TikTok was shady and monitoring people almost 2 years ago. Nothing surprising here.
Score: 42 Votes (Like | Disagree)
ian87w Avatar
6 weeks ago
This is why I hate in-app browser. Let's face it, Google, Facebook, they all do/did it, which is why they're insistence in forcing users to remain in their app with these in-app browser "experience." This is an issue on Android as well, where Google searches on Google app are sticking with Chrome/in-app browser by default even if I have another browser as my default browser.

There are always shenanigans like this. I wish for Apple to simply disable in-app browsers, and force any links to just use the default browser externally.
Score: 40 Votes (Like | Disagree)
macaddict06 Avatar
6 weeks ago
<shocked pikachu face>
Score: 37 Votes (Like | Disagree)
TheYayAreaLiving ? Avatar
6 weeks ago
I once said, never to trust Facebook. Now I’m going to say, Never trust TikTok.
Score: 24 Votes (Like | Disagree)

Related Stories

Instagram Feature 2

Analysis Suggests Instagram Tracks User Web Activity Through In-App Browser

Wednesday August 10, 2022 11:58 am PDT by
A new analysis of the Instagram app has suggested that every time a user clicks a link within the app, Instagram is capable of monitoring all of their interactions, text selections, and even text input, such as passwords and private credit card details within websites inside the app. The analysis conducted by Felix Krause found that both Instagram and Facebook on iOS use their own in-app...
facebook meta

Meta Sued Over Tracking iPhone Users Despite Apple's Privacy Features

Thursday September 22, 2022 5:12 am PDT by
Meta is facing a new proposed class action lawsuit that accuses it of tracking and collecting the personal data of iPhone users, despite features and policies made by Apple which are meant to stop that same type of tracking. In August, it was revealed that with the Facebook and Instagram apps, Meta can track all of a user's key taps, keyboard inputs, and more, when using the in-app browser....
webkit vs chromium feature

Should Apple Continue to Ban Rival Browser Engines on iOS?

Friday February 25, 2022 7:39 am PST by
Apple requires all apps that browse the web in iOS and iPadOS to use its own browser engine, WebKit, but amid accusations of anti-competitive conduct, should it continue to effectively ban rival browser engines? Big tech has been gripped by accusations of anti-competitive conduct in recent times, with Chief Executive of the UK's Competition and Markets Authority (CMA) Andrea Coscelli...
webkit logo

Web Developers Form Advocacy Group to Allow Other Browser Engines on iOS

Wednesday March 2, 2022 4:29 am PST by
Apple is being challenged by a group of developers to end WebKit's dominance on its mobile devices and allow other browser engines on iPhone and iPad, following accusations that the current situation amounts to anti-competitive conduct. For those unfamiliar with WebKit, Apple's browser engine powers Safari and other areas of the operating system where web content is displayed. Apple requires ...
applepaypromotion

Apple Pay Promo Offers Summertime Savings From Multiple Retailers

Thursday July 21, 2022 9:37 am PDT by
Apple today launched a new summer-themed Apple Pay promo offering discounts from a range of retailers like J.Crew, Crocs, Ray-Ban, and more when using Apple Pay to make a purchase. Crocs - 20% off footwear with promo code APPLEPAY. GOAT - Up to 70% off select styles when using Apple Pay. Gymboree - $15 off when you spend $50 or more with promo code APPLEPAY. J.Crew - $25 off...
iPhone 14 Pro Automatic CAPTCHA Verification 1

iOS 16 Feature for Bypassing CAPTCHAs Will Soon Work With Many More Websites

Wednesday September 28, 2022 9:36 am PDT by
iOS 16 has a new Automatic Verification feature that can bypass CAPTCHA prompts by automatically and privately verifying a user's device and Apple ID account via iCloud. The feature is designed to eliminate the need to tap on images of traffic lights or decipher squiggly text to prove that you are a real human being and not a robot. Automatic Verification is limited to websites and apps that ...
Apple Pay Feature

Third-Party Browsers Starting to Support Apple Pay in iOS 16 Betas

Monday August 1, 2022 3:31 am PDT by
Apple has added Apple Pay support to third-party browsers in recent betas of iOS 16 and iPadOS 16. The added support, spotted by MacRumors contributor Steve Moser, marks a change from iOS 15 and iPadOS 15 and earlier, where in-browser Apple Pay is exclusively available in Safari. Moser found that Apple Pay is available in Microsoft Edge and Google Chrome as of iOS 16 developer beta 4, and oth...
app store blue banner uk fixed

UK Looks to Trigger Regulation Process to Target Apple's Cloud Gaming and Browser Engine Restrictions

Friday June 10, 2022 5:34 am PDT by
The UK's competition watchdog seeks to "remedy" Apple's restrictions on browser engines in iOS and cloud gaming through the App Store via a high-level regulatory process, the organization announced today. The announcement comes upon the publication of the Competitions and Markets Authority (CMA) year-long study into Apple and Google's mobile ecosystems, which finds that Apple and Google have ...

Popular Stories

apple watch ultra deuglify 1

Apple Watch Ultra User Mods Titanium Casing to 'Deuglify' Design

Tuesday September 27, 2022 8:05 am PDT by
An Apple Watch Ultra user has modified their new device's casing to add a brushed finish and remove the orange color of the Action Button in an effort to make it more visually appealing. The Apple Watch Ultra offers the first complete redesign of the Apple Watch since the product line's announcement in 2014, and while the design has been met with praise from many users, some have criticized...
Dark Sky App Featured

Dark Sky Removed From iOS App Store Ahead of Upcoming Shutdown

Wednesday September 28, 2022 4:27 pm PDT by
The Dark Sky weather app that's owned by Apple is no longer available for download in the U.S. App Store, suggesting that it has been removed ahead of schedule. Apple acquired Dark Sky back in March 2020 and has since incorporated elements of the app into the Weather app available on the iPhone (and soon, the iPad). Dark Sky remained available for purchase as a standalone weather app...
iphone 14 pro max vs 13 max 2

Camera Comparison: iPhone 14 Pro Max vs. iPhone 13 Pro Max

Thursday September 29, 2022 7:44 am PDT by
The iPhone 14 Pro and Pro Max introduce some major improvements in camera technology, adding a 48-megapixel lens and low-light improvements across all lenses with the new Photonic Engine. We've spent the last week working on an in-depth comparison that pits the new iPhone 14 Pro Max against the prior-generation iPhone 13 Pro Max to see just how much better the iPhone 14 Pro Max can be. Subscrib ...
apple watch ultra hammer test

YouTuber Tests Apple Watch Ultra Durability With a Hammer: Table Breaks Before the Watch

Sunday September 25, 2022 2:27 pm PDT by
A YouTuber has put Apple's claims for the durability of the Apple Watch Ultra to the test by putting it up against a drop test, a jar of nails, and repeated hits with a hammer to test the sapphire crystal protecting the display. TechRax, a channel popular for testing the durability of products, first tested the Apple Watch Ultra by dropping it from around four feet high. The Apple Watch...
tony blevins car

Apple Procurement VP Departs Company After Vulgar TikTok Comment

Thursday September 29, 2022 12:38 pm PDT by
Tony Blevins, Apple's vice president of procurement, is set to depart the company after he made a crude comment about his profession in a recent TikTok video, reports Bloomberg. Blevins was in a video by TikTok creator Daniel Mac, who was doing a series on the jobs of people he spotted with expensive cars. After seeing Blevins in an expensive Mercedes-Benz SLR McLaren, Mac asked Blevins what ...
iPhone 14 Pros in Hand Black Background Feature

Verizon iPhone 14 Pro Customers Reporting Cellular Connection Issues

Monday September 26, 2022 6:23 am PDT by
iPhone 14 Pro customers on the Verizon network in the U.S. are reporting issues with slow and unreliable 5G cellular connections and calls randomly dropping. Several threads on Reddit (1,2,3) and the MacRumors forums chronicle issues faced by Verizon customers and Apple's latest iPhone. According to user reports, signal strength on the iPhone 14 Pro is unreliable and weak, while other...
iPhone 15 to Switch From Lightning to USB C in 2023 feature sans arrow

Kuo: iPhone 14 Pro Max Popularity Could Lead to More Differentiation Between iPhone 15 Pro and iPhone 15 Pro Max

Wednesday September 28, 2022 10:22 am PDT by
Apple has seen high demand for the 6.7-inch iPhone 14 Pro Max, which could lead the company to further differentiate the next-generation iPhone 15 Pro and Pro Max, according to Apple analyst Ming-Chi Kuo. Apple could add exclusive features to the iPhone 15 Pro Max in an effort to encourage more people to purchase the larger and more expensive device. Kuo last week said that Apple asked...
iPhone 14 Pro Sports Scores Dynamic Island

iPhone 14 Pro Features Live Sports Scores in Dynamic Island on iOS 16.1

Monday September 26, 2022 7:52 am PDT by
Earlier this month, Apple announced that iOS 16.1 will enable a new Live Activities feature that allows iPhone users to stay on top of things that are happening in real time, such as a sports game or a food delivery order, right from the Lock Screen. On the iPhone 14 Pro and Pro Max, Live Activities also integrate with the Dynamic Island. Premier League match in Dynamic Island via Paul Bradford ...
iOS 16

Everything New in the Latest iOS 16.1 and iPadOS 16.1 Betas: Stage Manager Expansion, Wallpaper Tweaks and More

Tuesday September 27, 2022 11:36 am PDT by
Apple today released new betas of iOS 16.1 and iPadOS 16.1 to developers, tweaking some of the functionality that's been introduced in prior betas and in the case of iPadOS 16.1, adding a major new feature to Stage Manager. We've rounded up everything new in both betas below. Wallpaper Updates Apple has updated the Wallpaper section of the Settings app to allow users to swap between...
General iOS 16 Feature Yellow

Some iOS 16 Users Continue to Face Unaddressed Bugs and Battery Drain Two Weeks After Launch

Monday September 26, 2022 7:34 am PDT by
Today marks exactly two weeks since Apple released iOS 16 to the public. Besides the personalized Lock Screen, major changes in Messages, and new features in Maps, the update has also seen its fair share of bugs, performance problems, battery drain, and more. After major iOS updates, it's normal for some users to report having issues with the new update, but such reports usually subside in...