A study by software researcher Felix Krause reveiled that TikTok can monitor your activity even when you are not using the app.
Felix Krause is the founder of an app testing company Fastlane, which was acquired by Google five years ago. The researcher’s findings were originally shared by Forbes.
The study was published on Thursday and it shows that TikTok is able to insert a code into the websites you visit through a link in the app. The code modifies the websites to allow monitoring since these are opened in the in-app browser rather than Chrome or Safari.
This allows the Chinese app to monitor your keystrokes and clicks on the website. TikTok could easily use this to steal personal information like credit card numbers and passwords.
TikTok can gather information when you arrive on the site even if you aren’t signed up, via cookies and other trackers. Once you’ve created an account, the social network collects data about your activities and preferences based on the videos you watch.
TikTok knows the device you are using, your location, IP address, search history, the content of your messages, what you’re viewing and for how long. It also collects device identifiers to track your interactions with advertisers. TikTok “infers” factors such as your age range, gender and interests based on the information it has about you.
Krause commented on his findings saying:
This was an active choice the company made. This is a non-trivial engineering task and it does not happen by mistake or randomly.
Tiktok has not responded to a request to comment but confirmed to Forbes that this code does exist within TikTok’s in-app browser. However, the spokesperson also said that the app does not use the code to track people on the internet.
Like other platforms, we use an in-app browser to provide an optimal user experience, but the Javascript code in question is used only for debugging, troubleshooting and performance monitoring of that experience like checking how quickly a page loads or whether it crashes.
TikTok said that this code is part of a third-party software development kit (SDK) and it includes features that TikTok does not use.