Last Updated on August 23, 2022
Recent research has revealed that social media platforms Tiktok, Instagram, and Meta, can pry on users’ personal information when it is entered into the in-app browser.
Felix Krause, a software engineer, and security researcher looked into the coding built into Tiktok, the Chinese-produced app’s infrastructure, which led to his shocking revelation.
Users who click on links on Tiktok are led to a native in-app browser produced by Tiktok, and not default browsers like Safari or Google Chrome.
The JavaScript code in Tiktok’s in-app browser can allow the company to monitor every keystroke. This means the social media company could access every action taken on the screen, even passwords or credit card information.
Krause explained that while Tiktok allegedly does not have the feature enabled at this moment, the infrastructure is in place. “Installing a keylogger is obviously a huge thing… according to TikTok it’s disabled at the moment. The problem is they do have the infrastructure and the systems in place to be able to track all these keystrokes… that on its own is a huge problem.”
A Tiktok spokesman claimed the code is in place for “debugging, troubleshooting, and performance monitoring” purposes. “We do not collect keystroke or text inputs through this code, which is solely used for debugging, troubleshooting, and performance monitoring.”
After looking into the coding of Instagram, Krause came to a similar conclusion. According to Krause, Instagram’s infrastructure is also able to log phone taps and clicks on images.
When Instagram users click on links in the app they are brought to an in-app browser that could track sensitive and personal information entered by the user. Meta operates in a likewise manner, with their in-app browser.
A Meta spokesperson refuted that any private information was being harvested: “We use in-app browsers to enable safe, convenient, and reliable experiences, such as making sure auto-fill populates properly or preventing people from being redirected to malicious sites. Adding any of these kinds of features requires additional code. We have carefully designed these experiences to respect users’ privacy choices, including how data may be used for ads.”
Stay tuned to National File for any updates.