TikTok denies allegations of violating user privacy revealed by iOS developer Felix Krause. TikTok has denied accusations that its platform uses the browser's in-App feature to misuse user data.
TikTok says it doesn't use JavaSript code in in-app browsers for malicious reasons. Some time ago, application developer Felix Krause shared a detailed report that revealed how TikTok iOS can snoop on user data.
Felix Krause said that in-app browsers on Instagram, Facebook, TikTok and other mobile apps can be used to track user data.
Not kidding, TikTok is reported to be able to access sensitive data such as passwords and credit card details entered by users through the in-app browser.
For those of you who are not familiar, in-app browsers usually act when the user clicks on a URL in the application.
For example, we tap on the app sticker on an Instagram user's story and then open the site linked to that link. Well, when we open the in-app browser, the developer can track our activities.
With the code, Meta has the freedom to track user interactions without their explicit consent.
“This allows Instagram to monitor everything that happens on external websites without the consent of the user or website provider,” Felix Krause wrote in the report.
The Instagram app injects their tracking code into the websites that are displayed, including when you click on ads,” Felix continued.
“This allows monitoring all user interactions including form input such as passwords, addresses, to credit card numbers,” said Felix.
This practice violates Apple's App Tracking Transparency policy. App Tracking Transparency itself requires that all applications seek user consent before tracking them. Unfortunately, Apple still has not responded to the results of Felix Krause's analysis.
TikTok launches AI generator, capable of turning text into images