How TikTok in-app browser can monitor your every click

How TikTok in-app browser can monitor your every click

Do you know how when you click on a link, certain well-known applications won’t allow you to leave the app but instead open the link in their own tiny in-app browser?

It turns out that this gives these apps the ability to watch what you do. TikTok seems to be the worst offender among the most well-known apps that do this.

The unveiling of InAppBrowser, a tool that displays all the JavaScript commands carried out by an iOS app when its in-app browser produces a webpage, was revealed by security researcher Felix Krause on his blog on Thursday.

Krause examined various well-known iOS apps with in-app browsers to demonstrate the tool’s capabilities, and the findings are unsettling. According to Krause’s research, apps like Facebook, Instagram, TikTok, and Facebook Messenger all alter web sites that are opened in-app. Injecting external JavaScript files, adding tracking code (for inputs, text selections, taps, etc.), and developing new HTML elements are all included in this, according to Krause. Additionally, Krause claims that they retrieve website metadata in a “harmless” manner.

When Krause looked a little closer at what these apps’ in-app browsers actually did, he discovered that TikTok performs several questionable actions, such as tracking every user’s keyboard presses and input. Thus, TikTok can access all of your credit card information if you open a web page within the app and enter it there. Out of all the apps Krause has investigated, TikTok is the only one that doesn’t even provide a choice to open the link in the device’s default browser, requiring you to use its own in-app browser instead.