News Categories

TikTok's in-app browser reportedly monitors all your keystrokes

By Kenny Yeo - on 19 Aug 2022, 10:14am

TikTok's in-app browser reportedly monitors all your keystrokes

(Image source: Bloomberg)

Security researcher Felix Krause has discovered more security concerns with in-app browsers, this time it's Tik Tok.

If the name is familiar, it's because Krause is the same researcher who discovered that Facebook and Instagram's in-app browsers can monitor and track all sorts of user interactions.

According to Krause, TikTok also runs a custom in-app browser on iOS and it reportedly injects a JavaScript code into external websites that allows TikTok to monitor all your inputs

Krause says this code means TikTok "subscribes to all keyboard inputs" which means everything you type (including usernames, passwords, and credit card numbers) and every tap you make (buttons and links).

It's unclear what TikTok is using all of this information for but Krause calls it "the equivalent of installing a keylogger" on third-party websites.

While TikTok admitted that the app has those features, it said that it is not using them. TikTok spokesperson said in a statement to Forbes:

Like other platforms, we use an in-app browser to provide an optimal user experience, but the Javascript code in question is used only for debugging, troubleshooting and performance monitoring of that experience — like checking how quickly a page loads or whether it crashes.

TikTok explains that the JavaScript code in question is part of a third-party SDK (software development kit) but did not elaborate any further nor disclose who made the SDK.

Users can protect themselves by always opening links on their device's platform browser, which, in the case of iOS, is Safari. However, Krause also said that while almost every app gives users the option to do this, TikTok doesn't.

Finally, Krause also recently released a tool that lets people check if their browser might be injecting any new code when they are rendering websites. To use the tool, simply open any app you wish to analyse and share the address "" somewhere within the app (like in a DM to a friend) and tap on the link within the app to open it. Once you do, a report will be generated.

Source: Felix Krause, Forbes 

Join HWZ's Telegram channel here and catch all the latest tech news!
Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.