TikTok, a popular short film program in Europe and the United States, was recently revealed to be able to monitor user keyboard input and clicks, but TikTok denies that it is for any malicious reason. Security researcher Felix Krause recently broke the news that the iOS version of TikTok has a built-in browser that injects JavaScript code into external websites to monitor users.
Sensitive information will be recorded
Krause pointed out that when users use TikTok’s built-in browser to view web pages, their keyboard input and clicks will be recorded, including sensitive information such as account passwords and credit card information. The security researcher pointed out that TikTok’s practice is technically like installing a keylogger on a third-party website, but he also stated that the injection of JavaScript into programs such as external websites does not necessarily mean malicious purposes.
FB, IG also have similar practices
In response to a query from Forbes, a spokesperson for TikTok admitted to injecting JavaScript, but stressed that it was for debugging, debugging, and monitoring performance to ensure the best user experience, such as checking page loading speed or crashes. Krause advises users who are skeptical of TikTok’s practices to open web pages in Safari instead of the built-in browser. In addition to TikTok, Facebook and Instagram have similar practices of injecting JavaScript into external websites. Meta emphasizes that it is deliberately added in order to respect the user’s choice of program tracking transparency.
Source: macrumors