"TikTok's In-App Browser Can Monitor Your Keystrokes, Including Passwords And Credit Cards, Researcher Says"
During new research, a security researcher named Felix Krause revealed some of the data popular apps can track and collect while using in-app browsers. Krause assessed what code is injected onto a website to gather user activity when it is opened through an app. This includes any ads or links clicked through a creator's profile. Krause found that the JavaScript code embedded by TikTok allows the company to monitor all keystrokes, the equivalent of a keylogger, as well as every tap on the screen, and text inputs, including passwords and credit card information. Krause noted that "installing a keylogger is obviously a huge thing," but according to TikTok, it's disabled at the moment. Krause stated that the problem is TikTok has the infrastructure and the systems in place to be able to track all these keystrokes. The fact that they have this system already is a huge risk for every user, Krause stated. Krause noted that the injection of the coding does not mean user data is being stored or used maliciously, but the deliberate action to include it is concerning.