Caden Pearson | New Tang Dynasty
TikTok logs the keystrokes of users with its in-app browser on Apple devices, including passwords and credit card numbers, according to a researcher who used to work for Google and Twitter.
Of the seven most popular iOS apps analyzed, Beijing-based TikTok was the only one that didn’t give users the option to open links with a third-party browser.
Klause found that TikTok’s iOS app “monitors all taps happening on websites, including taps on all buttons and links” accessed via its in-app browser.
“TikTok iOS subscribes to every keystroke (text inputs) happening on third-party websites rendered inside the TikTok app. This can include passwords, credit card information, and other sensitive user data (keypress and keydown),” Krause wrote.
“We can’t know what TikTok uses the subscription for, but from a technical perspective, this is the equivalent of installing a keylogger on third-party websites.”
TikTok confirmed that the code exists in its iOS app, but claimed that it doesn’t use it.
Klause analyzed TikTok, Facebook, Instagram, Snapchat, Amazon, Robinhood, and Messenger with a tool he developed called InAppBrowser.com.
Klause said the risk occurs when users open links while using an iOS app, such as TikTok, and view the rendered webpage inside that app instead of opening the link with a third-party browser, such as Safari or Chrome.
This happens “without the consent of the user, nor the website provider,” he said.
For example, a person who uses the Safari app on their iPhone may have their login or credit card information saved for convenience. But if they visit a page with TikTok’s in-app browser, any login or payment information will need to be entered fresh. Those keystrokes are being monitored, according to the report.
“This causes various risks for the user, with the host app being able to track every single interaction with external websites, from all form inputs like passwords and addresses to every single tap,” Krause wrote.
Experts have long warned that TikTok can’t be trusted due to the company’s ties to the Chinese Communist Party (CCP). This has brought the company under scrutiny.
Chinese security laws compel companies to cooperate with intelligence agencies when asked. TikTok has said that it would not comply with any requests by the CCP for user data.
Casey Fleming, CEO of intelligence and security strategy firm BlackOps Partners, has said that the CCP is engaged in “unrestricted warfare” as it seeks to supplant the United States to become the world’s sole superpower.
“All technology coming out of China—either manufactured in China, created in China—is controlled by the CCP,” he said.
The vast amount of data TikTok collects about its users, mostly young Americans, makes the app a risk, according to another expert, who said the app could be used to spy on Americans.
“If you want to spy on a country, why send in a spy the old-fashioned way? Why not just send in a great app and make it go viral?” said Gary Miliefsky, a cybersecurity expert and publisher of Cyber Defense Magazine, in a statement previously obtained by The Epoch Times.