TikTok denies claims of keystroke monitoring with in-app browser
tiktok's use of code is the ‘equivalent of installing a keylogger on third-party websites', according to a privacy researcher. But the company says this code is used for debugging and performance monitoring.
Krause published a report saying that the video-sharing platform subscribes to every keystroke happening on third-party websites that are rendered inside the iOS TikTok app – which could include passwords, credit card information and other sensitive user data.
“We can't know what TikTok uses the subscription for, but from a technical perspective, this is the equivalent of installing a keylogger on third-party websites,” he wrote.
“There is no way for us to know the full details on what kind of data each in-app browser collects, or how or if the data is being transferred or used.”
In a statement issued to SiliconRepublic.com, TikTok called the claims made in Krause's report “incorrect and misleading”.
“Contrary to the report's claims, we do not collect keystroke or text inputs through this code, which is solely used for debugging, troubleshooting and performance monitoring.”
TikTok is not the only platform under scrutiny from Krause. He has also looked at in-app browser data collection by companies such as Meta, the owner of Instagram and Facebook.