TikTok's in-app web browser is reportedly monitoring everything its users are typing while it, including sensitive information, such as login credentials, passwords, and even payment details like credit card numbers.

(Photo : Jakub Porzycki/NurPhoto via Getty Images)
TikTok logo displayed on a phone screen and a laptop are seen in this illustration photo taken in Krakow, Poland on August 10, 2022.

The China-based phenomenal social media platform, TikTok, is once again accused of snooping around the activities of its users.

TikTok In-App Browser Tracks Everything Users Type

As per the latest news story by Apple Insider, a security researcher discovered that when TikTok users browse external links using its in-app browser, the social media platform monitors whatever they type while using it.

But it seems that what TikTok users tapped on was not enough.

The recent discovery of a cybersecurity researcher, Felix Krause, reveals that the in-app browser also tracks the links and buttons that its users click.

(Photo : TOLGA AKMEN/AFP via Getty Images)
A photograph taken on February 9, 2022 shows the logo of video-focused social networking service TikTok, at the TikTok UK office, in London.

The cybersecurity researcher claims that the in-app web browser on the social media service stuffs JavaScript into the external sites that its users visit.

It then lets TikTok monitor the activity of its users, which alarmingly includes whatever they type. It means that the JavaScript code reportedly allows the social media giant to track the passwords of its users elsewhere.

The researcher, Krause, states in an interview with Forbes that the expanded monitoring in the in-app browser of TikTok "was an active choice the company made."

He further went on to say that "this is a non-trivial engineering task," noting that such JavaScript injection "does not happen by mistake or randomly."

Essentially, the cybersecurity researcher accuses TikTok of deliberately including a function that tracks its users across other sites using its in-app browser.

Besides these remarks, Krause also put it this way: "From a technical perspective, this is the equivalent of installing a keylogger on third-party websites."

Read Also: Top 10 Apps: Facebook Struggles to Maintain Significance as TikTok, BeReal, and MORE Expand

TikTok Justifies JavaScript Code

According to a recent article by Mac Rumors, none other than the giant video sharing platform, TikTok, has responded to the recent discovery of a cybersecurity researcher.

The spokesperson of TikTok acknowledged the said JavaScript code in its statement to Forbes.

(Photo : MANJUNATH KIRAN/AFP via Getty Images)
An Indian mobile user browses through the Chinese owned video-sharing 'Tik Tok' app on a smartphone in Bangalore on June 30, 2020.

However, the Chinese social network clarifies that the code that tracks the typing activities of its users in its in-app browser is not malicious at all.

Instead, TikTok claims that the purpose of the JavaScript code in its browser is limited to performance monitoring, troubleshooting, and debugging.

Essentially, the giant social media platform says that it only seeks to improve the overall experience of millions of its users.

The TikTok spokesperson states that what they are doing is similar to other rivaling platforms, adding that they use "an in-app browser to provide an optimal user experience."

Related Article: Tiktok Now Allows Users to Crosspost 'Tiktok Stories' on Facebook and Instagram

This article is owned by Tech Times

Written by Teejay Boris