TikTok spies on its users and can steal personal data

Renowned application security analyst Felix Krause has published a new study on the embedded browsers of popular applications on his blog.

As the latest analysis showed, the built-in browser allows the application to track all your actions on any link that you open in it. And as a result, the worst application, in terms of user security, is the long-suffering TikTok.

Krause made this conclusion after running the author’s InAppBrowser utility, which shows all JavaScript commands executed in the internal browser of any iOS application. To show what his tool is capable of, he ran most of the popular applications through it.

The results showed that Instagram, Facebook Messenger, and Facebook modify the web pages that open in the app’s browser.

“This includes adding tracking code (like typing, highlighting text, taps, etc.), injecting external JavaScript files, and creating new HTML elements. They also get the website metadata, but that’s harmless,” says Krause.

When Krause digs a little deeper into what’s actually going on inside, he discovers that TikTok doesn’t just collect analytics, but also tracks all user keyboard actions.

For example, if you open a web page inside the TikTok app and enter your credit card details there, TikTok will be able to access all of that data. TikTok is also the only app Krause researched that doesn’t even offer the ability to open a link in the device’s default browser, forcing you to use your own in-app browser.

It is worth noting that this is not the first TikTok scandal in recent years. Earlier it was said that the application copies all personal data from the user’s phone (including bank card data and photos – approx.) And saves them on its servers. It is for this reason that the US authorities banned the app in the middle of last year.

Read also: Blockchain companies received $6 billion in investments in the last year