According to a privacy expert, the software adds code that allows third parties to monitor behavior on websites accessed through their browser. TikTok claims that it uses the code for debugging and other purposes.
Felix Krause, a software researcher based in Vienna, claims that when TikTok users click on a link in the TikTok app, the program inserts code into the website that enables TikTok to track behavior like keystrokes and what users tap on that site.
That might make it possible for TikTok to collect private user data like passwords and credit card details. The websites are opened through TikTok's in-app browser rather than a conventional one like Chrome or Safari, which gives the app the ability to inject the code and change the websites to allow that surveillance.
The findings were first published by Forbes, which quoted Krause as saying, "This was an active choice the company made." Krause is the creator of the app-testing business Fastlane, which Google acquired five years ago. He said, "This is a non-trivial engineering task. This does not happen by mistake or randomly."
The code, according to TikTok, is a component of a third-party software development kit, or SDK, a collection of tools used to create or manage apps. The SDK has functionality that TikTok does not employ.
The announcement comes amid ongoing security and surveillance worries regarding the TikTok app and the Chinese business ByteDance, which owns it. According to some US officials, TikTok poses a concern to national security because ByteDance may provide Chinese authorities access to data about Americans gathered through the app, which they may use as a weapon against Americans. TikTok has frequently stated that it would never take such a step.
Krause's study included other platforms besides TikTok. He examined a total of seven in-app browser-enabled iPhone applications, including TikTok, Facebook, Facebook Messenger, Instagram, Snapchat, Amazon, and Robinhood. TikTok is the only one of those that, according to Krause, appears to track keystrokes. The TikTok app for Android wasn't tested by Krause.