Software expert Felix Krause has published a report about user details collected by mobile apps through in-app browsers.
Popular apps use JavaScript in in-app browsers to collect information about user actions on third-party websites (for example, the websites users visit and their taps).
Besides basic information, the TikTok app can monitor user keystrokes. These may be passwords, bank card details, and other sensitive information. The researcher discovered the “keypress” and “keydown” functions in the code.
After the report was published, a ByteDance spokesperson confirmed these functions do exist in the code, but argued against the fact that TikTok uses them. Maureen Shanahan claimed that the video service uses the code “only for debugging, troubleshooting, and performance monitoring.” For example, an app checks the page loading speed or whether it crashes.
In their article, the programmer clarified that they can’t provide details about the data an in-app browser collects. App developers may also have other methods of capturing user actions on third-party websites.