{"id":1624527,"date":"2022-08-28T07:50:48","date_gmt":"2022-08-28T11:50:48","guid":{"rendered":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/?p=1624527"},"modified":"2022-08-28T07:50:54","modified_gmt":"2022-08-28T11:50:54","slug":"tiktok-can-monitor-keystrokes-of-users-in-ios-apps-browser-expert","status":"publish","type":"post","link":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/tiktok-can-monitor-keystrokes-of-users-in-ios-apps-browser-expert\/","title":{"rendered":"TikTok Can Monitor Keystrokes of Users in iOS App\u2019s Browser: Expert"},"content":{"rendered":"<aside class=\"mashsb-container mashsb-main mashsb-stretched\"><div class=\"mashsb-box\"><div class=\"mashsb-count mash-medium\" style=\"float:left\"><div class=\"counts mashsbcount\">22<\/div><span class=\"mashsb-sharetext\">SHARES<\/span><\/div><div class=\"mashsb-buttons\"><a class=\"mashicon-facebook mash-medium mash-nomargin mashsb-noshadow\" href=\"https:\/\/www.facebook.com\/sharer.php?u=https%3A%2F%2Fwww.conservativenewsdaily.net%2Fbreaking-news%2Ftiktok-can-monitor-keystrokes-of-users-in-ios-apps-browser-expert%2F\" target=\"_top\" rel=\"nofollow\"><span class=\"icon\"><\/span><span class=\"text\">Facebook<\/span><\/a><a class=\"mashicon-twitter mash-medium mash-nomargin mashsb-noshadow\" href=\"https:\/\/twitter.com\/intent\/tweet?text=&amp;url=https:\/\/www.conservativenewsdaily.net\/breaking-news\/?p=1624527&amp;via=ConservNewsDly\" target=\"_top\" rel=\"nofollow\"><span class=\"icon\"><\/span><span class=\"text\">Twitter<\/span><\/a><a class=\"mashicon-subscribe mash-medium mash-nomargin mashsb-noshadow\" href=\"#\" target=\"_top\" rel=\"nofollow\"><span class=\"icon\"><\/span><span class=\"text\">Subscribe<\/span><\/a><div class=\"onoffswitch2 mash-medium mashsb-noshadow\" style=\"display:none\"><\/div><\/div>\n            <\/div>\n                <div style=\"clear:both\"><\/div><\/aside>\n            <!-- Share buttons by mashshare.net - Version: 4.0.47--><p>TikTok logs the keystrokes of users with its in-app browser on Apple devices, including passwords and credit card numbers, according to a researcher who used to work for Google and Twitter.<\/p>\n<p>App developer and privacy researcher\u00a0Felix Krause\u00a0<a href=\"https:\/\/krausefx.com\/blog\/announcing-inappbrowsercom-see-what-javascript-commands-get-executed-in-an-in-app-browser\">published a report<\/a>\u00a0on the risks associated with some iOS apps injecting JavaScript code into third-party browsers.<\/p>\n<p>Of the seven most popular iOS apps analyzed,\u00a0Beijing-based TikTok was the only one that didn\u2019t give users the option to open links with a third-party browser.<\/p>\n<p>Krause\u00a0found that TikTok\u2019s iOS app \u201cmonitors all taps happening on websites, including taps on all buttons and links\u201d accessed via its in-app browser.<\/p>\n<p>\u201cTikTok iOS subscribes to every keystroke (text inputs) happening on third party websites rendered inside the TikTok app. This can include passwords, credit card information, and other sensitive user data (keypress and keydown),\u201d Krause wrote.<\/p>\n<p>\u201cWe can\u2019t know what TikTok uses the subscription for, but from a technical perspective, this is the equivalent of installing a keylogger on third party websites.\u201d<\/p>\n<p>TikTok confirmed that the code exists in its iOS app, but claimed that it doesn\u2019t use it.<\/p>\n<p>\u201cLike other platforms, we use an in-app browser to provide an optimal user experience, but the Javascript code in question is used only for debugging, troubleshooting, and performance monitoring of that experience\u2014like checking how quickly a page loads or whether it crashes,\u201d TikTok spokesperson Maureen Shanahan said in a statement obtained by Krause.<\/p>\n<p>Krause\u00a0analyzed TikTok, Facebook, Instagram, Snapchat, Amazon, Robinhood, and Messenger with a tool he developed called InAppBrowser.com.<\/p>\n<p>According to the report, only Snapchat and Robinhood didn\u2019t inject any JavaScript code. Facebook, Instagram, and Messenger injected some code, but Krause said that \u201cdoesn\u2019t mean the app is doing anything malicious.\u201d<\/p>\n<p>\u201cJust because an app injects JavaScript into external websites, doesn\u2019t mean the app is doing anything malicious. There is no way for us to know the full details on what kind of data each in-app browser collects, or how or if the data is being transferred or used,\u201d Krause\u00a0wrote.<\/p>\n<h2>The Risks<\/h2>\n<p>Krause\u00a0said the risk occurs when users open links while using an iOS app, such as TikTok, and view the rendered webpage inside that app instead of opening the link with a third-party browser, such as Safari or Chrome.<\/p>\n<p>Some JavaScript code allows apps to know how long the user visited the linked website, which links they opened, what they tapped on, location data if enabled, and even record the user or \u201cparse their face\u201d while browsing, Krause\u00a0noted in a 2018 <a href=\"https:\/\/krausefx.com\/blog\/follow-user\">blog post<\/a>.<\/p>\n<p>This happens \u201cwithout the consent from the user, nor the website provider,\u201d he said.<\/p>\n<p>For example, a person who uses the Safari app on their iPhone may have their login or credit card information saved for convenience.\u00a0But if they visit a page with TikTok\u2019s in-app browser, any login or payment information will need to be entered fresh. Those keystrokes are being monitored, according to the report.<\/p>\n<p>\u201cThis\u00a0causes various risks for the user, with the host app being able to track every single interaction with external websites, from all form inputs like passwords and addresses, to every single tap,\u201d Krause wrote.<\/p>\n<p>Experts have long warned that TikTok can\u2019t be trusted due to the company\u2019s ties to the Chinese Communist Party (CCP). This has brought the company under scrutiny.<\/p>\n<p>Chinese security\u00a0<a href=\"https:\/\/www.theepochtimes.com\/huawei-says-no-law-requires-installation-of-backdoors-but-other-laws-worry-western-governments_2826128.html\" target=\"_blank\" rel=\"noopener\">laws<\/a>\u00a0compel companies to cooperate with intelligence agencies when asked. TikTok has said that it would not comply with any requests by the CCP for user data.<\/p>\n<p>Casey Fleming, CEO of intelligence and security strategy firm BlackOps Partners, has said that the CCP is engaged in \u201cunrestricted warfare\u201d as it seeks to supplant the United States to become the world\u2019s sole superpower.<\/p>\n<p>\u201cAll technology coming out of China\u2014either manufactured in China, created in China\u2014is controlled by the CCP,\u201d he said.<\/p>\n<p>\u201cTikTok is a weaponized espionage platform controlled by the CCP in the hands of most of your kids and young adults. It is what war looks like today\u2014hybrid warfare. It should be banned by the U.S. government immediately.\u201d<\/p>\n<p>The vast amount of data TikTok collects about its users, mostly young Americans, makes the app a risk, according to another expert, who said the app could be used to spy on Americans.<\/p>\n<p>\u201cIf you want to spy on a country, why send in a spy the old-fashioned way? Why not just send in a great app and make it go viral?\u201d said Gary Miliefsky, a cybersecurity expert and publisher of Cyber Defense Magazine, in a statement <a href=\"https:\/\/www.theepochtimes.com\/tiktok-is-spyware-for-the-chinese-regime-cyber-experts-warn_3429621.html\">previously obtained<\/a> by The Epoch Times.<\/p>\n<div class=\"author_wrapper\">\n<div class=\"one_author_block round\">\n<div class=\"top_row\">\n\t\t\t\t\t<a href=\"https:\/\/www.theepochtimes.com\/author-caden-pearson\"><img decoding=\"async\" src=\"https:\/\/secure.gravatar.com\/avatar\/38ce23ace09f12718ad757e5cb92eca2\" alt=\"Caden Pearson\" \/><\/a><\/p>\n<p>Follow<\/p>\n<\/div>\n<p>Caden Pearson is a reporter based in Australia. Contact him on caden.pearson@epochtimes.com.au<\/p>\n<\/p><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>TikTok logs the keystrokes of users with its in-app browser on Apple devices, including passwords and credit card numbers, according to a researcher who used to work for Google and<\/p>\n","protected":false},"author":1,"featured_media":2315279,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_mo_disable_npp":"","fifu_image_url":"","fifu_image_alt":"","footnotes":""},"categories":[],"tags":[],"class_list":["post-1624527","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry"],"_links":{"self":[{"href":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/wp-json\/wp\/v2\/posts\/1624527","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/wp-json\/wp\/v2\/comments?post=1624527"}],"version-history":[{"count":0,"href":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/wp-json\/wp\/v2\/posts\/1624527\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/wp-json\/wp\/v2\/media\/2315279"}],"wp:attachment":[{"href":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/wp-json\/wp\/v2\/media?parent=1624527"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/wp-json\/wp\/v2\/categories?post=1624527"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/wp-json\/wp\/v2\/tags?post=1624527"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}