TikTok denies allegations of scrapping users’ personal data
The popular short video platform TikTok denied claims to "scratch" its users' personal data, including passwords, identifiers, and other sensitive data thanks to its in-app browser.
Felix Krause, who is a developer, claimed that the TikTok iOS app contains a code that lets the company monitor “all keystrokes, including passwords, and all taps.”
The developer who had previously worked with Twitter and Google discovered privacy and security issues in the past, Vice’s motherboard reported.
Turning to his Twitter and blog post, the developer wrote that the TikTok iPhone app opens an in-app browser when a link in the app is opened.
His findings were echoed on the websites of several media outlets, making this a shocking revelation. However, Krause limited his own conclusions by adding that it is unclear what the video-manufacturing application uses subscriptions for.
“This is the equivalent of setting up a keylogger on third-party websites,” he wrote, citing his point of view from a technical point of view.
During an online chat, Krause also said that his report “does not say TikTok is effectively recording and using these data.”
“I emphasized that I can’t talk about if and how the system is actually being used,” he said during the discussion.
TikTok, however, strongly denied this claim. The spokesman for the video-sharing platform called the report “deceptive and incorrect”.
TikTok also wrote that the code is used solely for “debugging, troubleshooting and performance monitoring”.
The application uses a browser in the application like any other application and refused to log keystrokes.
Zach Edwards, an independent researcher in the area of privacy and cybersecurity, also analyzed the code used by the iOS app of the video sharing company.
He said that tracking the type of data the application sends to its servers is the only way to confirm whether an application actually scrapes forms like password form fields.
“Felix makes TikTok look worse than they are – which is unfortunate because they’re pretty bad,” Edwards said.
Edwards, however, found browsers in-app to be “extremely dangerous” because they allow the application to scrape sensitive data. For this reason, he believes that Google and Apple should allow users to disable the feature.