TikTok browser can track users’ keystrokes: report

Published Aug 23, 2022

Share

Washington – Amid concerns over data privacy, latest research has revealed that the web browser used within China’s TikTok app can track every keystroke made by its users.

The research was done by Felix Krause, a privacy researcher and former Google engineer, “The New York Times” (NYT) reported.

According to the researchers, collecting information on what people type on their phones while visiting outside websites, which can reveal credit card numbers and passwords, is often a feature of malware and other hacking tools.

While major technology companies might use such trackers as they test new software, it is not common for them to release a major commercial app with the feature, whether or not it is enabled, researchers said as quoted by The NYT.

“Based on Krause’s findings, the way TikTok’s custom in-app browser monitors keystrokes is problematic, as the user might enter their sensitive data such as login credentials on external websites,” said Jane Manchun Wong, an independent software engineer and security researcher who studies apps for new features.

However, TikTok said that Krause’s report was “incorrect and misleading” and that the feature was used for “debugging, troubleshooting and performance monitoring”.

“Contrary to the report’s claims, we do not collect keystroke or text inputs through this code,” TikTok said.

Krause, 28, said he was unable to ascertain whether keystrokes were actively being tracked, and whether that data was being sent to TikTok.

Notably, according to public employee LinkedIn profiles reviewed by Forbes, 300 current employees at TikTok and its parent company ByteDance previously worked for Chinese state media publications.

Twenty-three of these profiles appear to have been created by current ByteDance directors, who manage departments overseeing content partnerships, public affairs, corporate social responsibility and “media cooperation.”

Fifteen indicate that current ByteDance employees are also concurrently employed by Chinese state media entities, including Xinhua News Agency, China Radio International and China Central / China Global Television. (These organisations were among those designated by the State Department as “foreign government functionaries” in 2020.)

Meanwhile, leaders of the US Senate Intelligence Committee have called for an investigation into whether Chinese officials were getting access to data about US users of the short-video platform TikTok.

In a letter to Federal Trade Commission (FTC) chairwoman Lina Khan, Democrat Senator Mark Warner and Republican Senator Marco Rubio had urged her to scrutinise how well TikTok safeguards private data.

TikTok, which is popular for its short and viral meme-making videos, has been working to rebut concerns that it is a national security risk.

ANI