A recent data report revealed a potential privacy nightmare for TikTok users: A
security researcher discovered that TikTok’s in-app browser injects JavaScript
into external websites, causing potential security risks. This is just the latest
security snafu for the social media giant, which is still facing scrutiny from US
lawmakers after leaked audio revealed the video-hosting service may have been
sharing US user data with China.
TikTok is wildly popular and owned by a Chinese
company. Given the political tension between the US
and China, it’s unsurprising that many US-based news
media outlets jumped at the chance to report on
website, Krause said his tests show that when a user
browser injects a code that subscribes to all keyboard
inputs and every tap on the screen. According to
Krause, “We can’t know what TikTok uses the
subscription for, but from a technical perspective,
this is the equivalent of installing a keylogger on thirdparty
websites.”
A TikTok spokesperson admitted the app injects
JavaScript into websites but insisted, “Contrary to the
report’s claims, we do not collect keystroke or text
inputs through this code, which is solely used for
debugging, troubleshooting, and performance
monitoring.”