TikTok denies allegations of violating user privacy revealed by iOS developer Felix Krause. TikTok has denied accusations that its platform uses the browser’s in-App feature to misuse user data.
TikTok says it doesn’t use JavaSript code in in-app browsers for malicious reasons. Some time ago, application developer Felix Krause shared a detailed report that revealed how TikTok iOS can snoop on user data.
Felix Krause said that in-app browsers on Instagram, Facebook, TikTok and other mobile apps can be used to track user data.
Not kidding, TikTok is reported to be able to access sensitive data such as passwords and credit card details entered by users through the in-app browser.
For those of you who are not familiar, in-app browsers usually act when the user clicks on a URL in the application.
For example, we tap on the app sticker on an Instagram user’s story and then open the site linked to that link. Well, when we open the in-app browser, the developer can track our activities.
In a statement shared by Forbes, a TikTok spokesperson admitted to using the browser’s in-app JavaScript code revealed by Felix Krause.
However, it is only used for troubleshooting or debugging purposes. TikTok also revealed that the JavaScript code is also used for performance monitoring to ensure an “optimal user experience”.
Like other platforms, we use an in-app browser to provide an optimal user experience, but the Javascript code in question is only used for debugging and performance monitoring, such as checking how fast a page loads or if the page has a problem,” said a TikTok spokesperson. Forbes.
Not only TikTok, Instagram and Facebook can also track user interactions via in-app browsers. Instagram and Facebook inject a tracking JavaScript code named “Meta Pixel” into all links and websites displayed in-app browsers Instagram and Facebook.
With the code, Meta has the freedom to track user interactions without their explicit consent.
“This allows Instagram to monitor everything that happens on external websites without the consent of the user or website provider,” Felix Krause wrote in the report.
The Instagram app injects their tracking code into the websites that are displayed, including when you click on ads,” Felix continued.
“This allows monitoring all user interactions including form input such as passwords, addresses, to credit card numbers,” said Felix.
This practice violates Apple‘s App Tracking Transparency policy. App Tracking Transparency itself requires that all applications seek user consent before tracking them. Unfortunately, Apple still has not responded to the results of Felix Krause’s analysis.
