TikTok Can Log Everything You Type

TikTok’s app browser can log what you type on external websites that you access through the app. Software researcher Felix Krause reports that the social media app injects code that can be used to monitor user activity. TikTok has defended itself saying the code is only used for debugging.

Popular websites and keylogging go hand in hand as we’re seeing a constant increase in user monitoring and data recording. This isn’t the first time TikTok has been under fire for putting user data at risk of exposure, but is the app really logging everything you type on your keyboard or tap on a screen?  

What Is Keylogging?

Keylogging is the process of recording all of your keystrokes. Companies and cybercriminals use programs called keyloggers to capture what you type. Usually, keylogging is done on specific websites or apps that contain the code needed to gather this type of data. Some corporations started using keylogging software to monitor user activity on their websites for marketing purposes.

That said, keylogging is also used to steal your information. Keyloggers can come as malware and infest your device with the purpose of recording absolutely everything you type. You might have a keylogger installed on your phone and you don’t even know it.

How Can TikTok Log Your Activity?

TikTok may not be installing any actual keyloggers on your devices, but it does have the capability to track everything you do inside its environment. If you open a link from the TikTok app, the website will open inside the in-app browser instead of a standalone browser like Safari or Firefox. This allows TikTok to inject that website with code that enables it to log your keystrokes.

Screenshot of code injected into websites
Felix Krause reveals the keylogging code injected into websites opened through the TikTok in-app browser.

Felix Krause says this is a deliberate action with the purpose of logging private user information, including credit card data and passwords. TikTok issued a statement regarding Krause’s findings, confirming that the keylogging features exist. Maureen Shanahan, a spokesperson from TikTok stated:

“Like other platforms, we use an in-app browser to provide an optimal user experience, but the JavaScript code in question is used only for debugging, troubleshooting and performance monitoring of that experience — like checking how quickly a page loads or whether it crashes”

While the use of keylogging is confirmed, TikTok claims that it doesn’t use your data for anything else other than debugging, troubleshooting, and performance monitoring. So the question is – can you trust a social media giant to handle your data responsibly? Probably not.

Protect Your Digital Identity from Aggressive Corporations

TikTok shows obvious signs that it’s hungry for user data, but it’s not the only corporation that uses dubious practices to learn everything about you. Facebook and Instagram, together with Google, are also guilty of harvesting private information. Also, countless third-party apps like period tracking apps use aggressive tracking methods.

Data and privacy protection laws like the EU’s GDPR can only do so much against tech giants that are constantly looking for new ways to get more data. For example, TikTok uses legal loopholes to justify keylogging for legitimate purposes like debugging and troubleshooting. 

Take data protection into your own hands and use CyberGhost VPN. Encrypt your connection on all of your devices and hide your IP to prevent personal information from leaking into the hands of greedy companies. Also, consider deleting your TikTok, and use a private browser that doesn’t track all your search queries and every mouse click.

Leave a comment

Write a comment

Your email address will not be published. Required fields are marked*