PSA: STOP USING INAPP BROWSERS NOW
PC Magazine|October 2022
TikTok’s in-app browser is a privacy nightmare, but it’s not the only one to watch out for. Beware of other popular app browsers, which could be recording everything you type.
KIM KEY
PSA: STOP USING INAPP BROWSERS NOW

A recent data report revealed a potential privacy nightmare for TikTok users: A security researcher discovered that TikTok’s in-app browser injects JavaScript into external websites, causing potential security risks. This is just the latest security snafu for the social media giant, which is still facing scrutiny from US lawmakers after leaked audio revealed the video-hosting service may have been sharing US user data with China.

TikTok is wildly popular and owned by a Chinese company. Given the political tension between the US and China, it’s unsurprising that many US-based news media outlets jumped at the chance to report on security researcher Felix Krause’s findings. On his website, Krause said his tests show that when a user opens a webpage inside TikTok’s iOS app, the in-app browser injects a code that subscribes to all keyboard inputs and every tap on the screen. According to Krause, “We can’t know what TikTok uses the subscription for, but from a technical perspective, this is the equivalent of installing a keylogger on third-party websites.”

A TikTok spokesperson admitted the app injects JavaScript into websites but insisted, “Contrary to the report’s claims, we do not collect keystroke or text inputs through this code, which is solely used for debugging, troubleshooting, and performance monitoring.”

This story is from the October 2022 edition of PC Magazine.

Start your 7-day Magzter GOLD free trial to access thousands of curated premium stories, and 9,000+ magazines and newspapers.

This story is from the October 2022 edition of PC Magazine.

Start your 7-day Magzter GOLD free trial to access thousands of curated premium stories, and 9,000+ magazines and newspapers.