Source: ReclaimTheNet.org
TikTok’s in-app browser on iOS injects Javascript code into external websites, which allows the social media platform to track “all keyboard inputs and taps,” according to security researcher Felix Krause. TikTok said the code is not used for malicious reasons.
Krause added that the keyboard inputs and taps monitored include sensitive data like credit card information and passwords.
“From a technical perspective, this is the equivalent of installing a keylogger on third-party websites,” the security researcher said. However, he acknowledged that “just because an app injects JavaScript into external websites, doesn’t mean the app is doing anything malicious.”…