Felix Krause, founder of the company fastlane.tools, has published a report in which he states that the application of TikTok for iOS It records the keystrokes made by users in such a way that, at least potentially, the data could end up being received by servers belonging to ByteDance and other companies.
Krause explains that, every time a link is opened with the TikTok application for iOS, the web page is loaded on the web browser present within the application (which, seeing Apple’s restrictions, necessarily has to rely on the engine of WebKit rendering present by default on the system). According to Krause’s version, “TikTok subscribes to all keyboard input (including passwords, credit card info, etc.) and every touch on the screen, like the buttons and links you click.”
It’s important to note that keystroke logging rolls over any third-party web pages that are loaded from the TikTok iOS app. This function was implemented using JavaScript (a common technology in these cases) and at first it was not known for what or how ByteDance used that data.
How could it be otherwise, Felix Krause’s report generated a certain stir, especially if we see the enormous popularity enjoyed by the video service, which also performs the function of a social network. TikTok was practically forced to step in, but did not respond directly to Krause, but via Forbes to say the following:
“Like other platforms, we use a browser in the app to provide an optimal user experience, but the JavaScript code in question is used only for debugging, troubleshooting, and performance monitoring of that experience, such as checking how fast it loads. a page or if it fails”.
In short, that TikTok, although it tries to play down the matter and has said that it does not use that code to record keystrokes, ultimately ends up confirming the findings of Felix Krause. Unfortunately, this is by no means new, but rather a practice that has been around for many years and has been used by many popular services and websites. TikTok itself already has some shady precedent.
If you look at the report, you’ll see that TikTok isn’t the only service engaging in questionable practices, as Instagram does something similar, but apparently without recording keystrokes. Many of these practices are allowed by Apple due to how the Internet works, full of company trackers that need not be mentioned, but that the TikTok application is capable of acting as a keylogger It is to cross a line that the Cupertino giant should not allow.
