After his article against Meta, Felix Krause does it again by attacking TikTok this time. According to his research, the Chinese application also injects code into the websites visited by its users via its integrated browser. Its method is however even more aggressive since it allows to recover what Internet users write.
Last week, we shared a study by Felix Krause, a developer who discovered that Facebook and Instagram inject additional code into websites through their built-in browser to track user activity. Today, the developer returns to the charge with new uplifting revelations. According to his research, Meta’s social networks are not the only ones to use this practice: their competitor TikTok also uses it.
Like Facebook and Instagram, the Chinese app has a built-in browser, although this is primarily used for advertising links. And, just like Facebook and Instagram, it adds lines of JavaScript code to the sites visited that allow it to know exactly what its users are doing on the web. However, TikTok has added a personal touch to the process, as the app also saves everything users write in its browser.
TikTok also spies on its users via its built-in browser
This addition to Meta’s method is far from trivial. According to Felix Krause, this feature allows TikTok to retrieve usernames, passwords and other bank details that users would type once in its browser. “It is a conscious choice that the company has made“says Felix Krause. “This is a non-trivial engineering task. This does not happen by mistake or by chance”.
For its part, the Chinese firm justifies itself by ensuring that it never uses this additional code to spy on users. “Like other platforms, we use an in-app browser to provide the best user experience, but the JavaScript code in question is only used for debugging, troubleshooting, and performance monitoring of that experience — such as checking the page load speed or if it crashes »said spokeswoman Maureen Shanahan.
It must be admitted that Felix Krause’s research does not allow us to say with certainty that TikTok, or similarly Meta, actively use their code to spy on their users’ data, or even resell it to third parties. It is also impossible to say whether this information is indeed linked to the person concerned. After the publication of our previous article, Facebook also told us that this process is completely anonymous.
Related — TikTok: “Kia Challenge” Encourages Teens to Steal Hyundai Group Cars
How to know if a social network is spying on you on the web
Nevertheless, Felix Krause insists on this point: of all the social networks studied, TikTok is the only one to collect the input data of its users. This conclusion thus leads him to think that other still unknown information could be recovered by the application, which also applies to its competitors. In order to help Internet users to protect their data, the developer has published a tool allowing to know precisely the data to which social networks have access.
Here’s how it works:
- In the social network of your choice, ask a friend to send you this link
- Click on it from your smartphone
- The page that opens then indicates the data recovered by the platform
Of course, the most effective way to protect against this additional code is still to never use in-app browsers. When you click on a link, prefer to copy it and then paste it into a third-party browser such as Google Chrome or Safari.
Source : Felix Krause
