During a recent research by Felix Krause, Chinese-owned TikTok chared with Privacy and security indictment.
Felix Krause stated TikTok could monitor users’ keystrokes on third-party websites, including passwords and credit card numbers.
Krause said that TikTok’s iOS app “subscribes to every keystroke (text inputs) happening on third party websites rendered inside the TikTok app.” He explained, “This can include passwords, credit card information, and other sensitive user data,” he said.
According to the researcher, Apple should take action to fix the potential issue because the TikTok app contains code that could enable the company to monitor everything users type while using the app, even when they are redirected to third-party websites. This could allow the social media app to see sensitive data like passwords and credit card numbers.
He articulated, “It’s the equivalent of a keylogger, which is software that monitors your keystrokes. That includes passwords, credit cards, any sensitive information could be taken from that,”. “Even though the injected script doesn’t currently do this, running custom scripts on third-party websites allows them to monitor all user interactions, like every button and link tapped, text selections, screenshots, as well as any form inputs, like passwords, addresses, and credit card numbers.”
Krause advises users to open links from outside the Instagram, Facebook, and TikTok applications and utilize the iPhone’s default Safari browser to prevent the possibility of monitoring or data breach.
In a statement to The Post, a TikTok spokesperson accused Krause of making “incorrect and misleading” statements about the app.
Tiktok defended the firm by saying, “The researcher specifically says the JavaScript code does not mean our app is doing anything malicious and admits they have no way to know what kind of data our in-app browser collects.” He added, “Contrary to the report’s claims, we do not collect keystroke or text inputs through this code, which is solely used for debugging, troubleshooting, and performance monitoring.”
to The Post, a TikTok spokesperson accused Krause of making “incorrect and misleading” statements about the app.
#23 Chase Tower, opp. Metro Pillar 31,
USA
UK
Singapore