TikTok's in-app browser code tracks everything you type

TikTok's iOS in-app browser injects JavaScript code into external websites, allowing the app to "track all keystrokes and prompts" when a user interacts with a specific website

Any activity on a third-party website that is opened within the app rather than in an external window is called in-app browsing

The popular video-sharing platform TikTok is one of many apps that use an in-app browser.

Krause published a study last week looking at JavaScript code injected into third-party websites by various applications.

This code enables the platform to monitor user activity.

Krause said his security tool, InAppBrowser.com, found that TikTok's in-app browser for iOS "subscribes" to all keystrokes when users interact with external websites.

Include sensitive information like credit card details and passwords, and every touch of the screen.

TikTok described the report's findings as inaccurate and misleading.

The platform confirmed the existence of the JavaScript code, but claimed that it did not capture any keystrokes or text input through the code,

And the code will only be used for performance monitoring, troubleshooting and troubleshooting to ensure the "best user experience".

TikTok further explained and noted that the code is a component of a third-party software development kit.

Both Facebook and Instagram track every click on sites like TikTok.

G-DVK4RHK6J2