TikTok, a short video-sharing application, has denied claims made by a developer of “scraping” its users’ password, credentials and other sensitive data through its in-app browser.
The developer alleged that TikTok’s iOS app contains a code which lets the company monitor “all keystrokes, including passwords, and all taps.”
Felix Krause — a developer who previously worked with Twitter and Google — found privacy and security issues in the past as well, as reported by Vice’s Motherboard.
Taking to his Twitter and a blog post, the developer wrote that the iPhone app of TikTok opens an in-app browser when a link within the app is opened.
Krause’s findings were picked up by websites of several media outlets, making it an upsetting revelation. However, Krause limited his own findings by adding that it’s difficult to know what the video-making app uses the subscription for.
“This is the equivalent of installing a keylogger on third party websites,” he wrote, citing his view from a technical perspective.
Krause, during a chat online, also said that his report “doesn’t say TikTok is actually recording and using this data.”
“I emphasised how I can’t talk about if and how the system is actually being used,” he said during the chat.
TikTok, however, has strongly denied the allegation. The video-sharing platform’s spokesperson, in a statement sent to Vice’s Motherboard, deemed the conclusions of the report regarding TikTok as “misleading and incorrect”.
TikTok also wrote that the code is exclusively used for “debugging, troubleshooting, and performance monitoring”.
The app uses an in-app browser like other application and denied logging keystrokes.
Zach Edwards, an independent privacy and cybersecurity researcher, has also analysed the code utilised by the video-sharing company’s iOS app.
He said that monitoring the kind of data the application sends to its servers is the only way to confirm if an app actually scrapes forms such as password form fields.
“Felix is making TikTok look worse than they are—and that’s unfortunate because they are pretty bad,” Edwards said.
Edwards, however, deemed in-app browsers to be “wildly dangerous” because they allow app to scrape sensitive data, which is why he thinks that Google and Apple should allow users to disable the feature.
If successful, the mission will make UAE the first Arab nation and the second nation ever to successfully enter Mars'...
These two features are available to some beta testers and will be available to more people in coming weeks
OpenAI's ChatGPT's viral success has fueled an artificial intelligence arms race in the tech sector
According to research, although it appeared to be quite straightforward, mechanism was technologically ahead of its time
Scientists believe presence of alien life may actually be possible on Enceladus
Feature will be rolled out to beta testers of WhatsApp Business for Android and will be accessible to more users in...