The social media platform TikTok has code inside its app that allows the Chinese Communist Party-backed company to track users’ activity on external websites, according a report in Forbes magazine.
The author of the original report on the embedded code is a software engineer who found that TikTok can capture your credit card details, passwords, and other forms of personal information, and the choice to use the special lines of code was purposeful.
“This was an active choice the company made, said Felix Krause, who had also analyzed other popular iPhone applications that use in-app browsers, including Facebook, Facebook Messenger, Instagram, Snapchat, Amazon, and Robinhood. None of the other apps had the code that allowed companies to monitor a phone owner’s activities outside of the app itself.
Tracking keystrokes allows the app to gather all manner of sensitive information, including log-ins, passwords, and more.
“When TikTok users enter a website through a link on the app, TikTok inserts code that can monitor much of their activity on those outside websites, including their keystrokes and whatever they tap on the page, according to new research shared with Forbes. The tracking would make it possible for TikTok to capture a user’s credit card information or password,” according to Forbes. The way to avoid this happening is to not click on any websites from the TiokTok app, such as advertisements.
“This is a non-trivial engineering task. This does not happen by mistake or randomly,” Krause told writer Richard Nieva.
“Tiktok strongly pushed back at the idea that it’s tracking users in its in-app browser. The company confirmed those features exist in the code, but said TikTok is not using them,” Nieva wrote.
Krause is founder of Fastlane, a service that tests and deploys apps. The company was acquired by Google several years ago.