September 26, 2022

TheCyberThrone

Thinking Security ! Always

TikTok can track user web activity

TikTok can track user interactions with websites that they access through the app’s built-in browser.

TikTok enables users to open websites through the app interface by tapping on links and ads. The app doesn’t load websites in an external browser such as Chrome, but rather uses a built-in browser. That built-in browser can reportedly collect data about user activity in external websites.

The researcher specifically says the JavaScript code does not mean our app is doing anything malicious, and admits they have no way to know what kind of data our in-app browser collects, Contrary to the report’s claims, we do not collect keystroke or text inputs through this code.

Advertisements

The additional code within in-app browser adds to websites is used solely for debugging, troubleshooting and performance monitoring. The company added that the code is part of a third-party software development kit used by its app. However, TikTok didn’t share technical details about the development kit.

The new findings about TikTok’s built-in browser come a few months after BuzzFeed reported that the data of U.S. users had been accessed by China-based employees of TikTok parent company ByteDance Ltd.

Most of the data access incidents reviewed by BuzzFeed reportedly took place as part of an internal initiative designed to make U.S. users’ information inaccessible to China-based staff.

%d bloggers like this: