Viral video platform TikTok is a growing world favorite. And concerns about the Chinese company’s handling of user’s data are only increasing.
Krause suspects that TikTok can subscribe to every keystroke (text inputs) happening on third-party websites rendered inside the app. He adds that this can include passwords, credit card information, and other sensitive user data.
Krause says he could not determine if keystrokes were being actively recorded and if that data was being transferred to TikTok. According to him, the feature is still alarming because it suggests that TikTok can track people’s online behaviors if it so chooses to do so.
Speaking to Forbes magazine, Krause, who also is a former Google engineer, says, “This was an active choice the company made. This is a non-trivial engineering task. This does not happen by mistake or randomly.”
In-app browsers have their merits, such as blocking access to harmful websites or simplifying online browsing through text auto-filling. Both Facebook and Instagram rely on the browser to learn information such as what websites a person visited, what they highlighted, and which buttons they pushed on a website.
TikTok, however, opted for code that can read any character entered by users.
At least, Krause says such a potential threat may only occur on Apple’s iOS operating system.
TikTok’s spokesperson denies that the code was meant for monitoring users. The person says it was for debugging, troubleshooting, and performance monitoring, such as checking how fast a page loads or whether it crashes. The person adds that the code belongs to a third-party software development kit containing other features TikTok does not use.
The New York Times reminds that malware and other hacking tools often have features that allow them to gather data on what users write on their phones while accessing external websites, revealing credit card numbers and passwords.