Popular Articles
Today Week Month Year


New research reveals social media sites like Meta, Instagram and Tiktok can monitor keystrokes to obtain private information
By Mary Villareal // Aug 23, 2022

New research revealed that social media platforms Meta, Instagram and Tiktok can gain access to users' personal information when entered into the in-app browser.

Brighteon.TV

Software engineer and security researcher Felix Krause looked into the coding built into Tiktok, the Chinese-produced app's infrastructure, which led to this revelation. Users who click on links on Tiktok are led into a native in-app browser they produced, and not default browsers like Safari or Google Chrome.

The JavaScript code in Tiktok's in-app browser can also allow the company access to every action taken on the screen, including passwords or credit card information.

While Tiktok does not have the feature enabled at the moment, the infrastructure is still in place. Krause explained that the problem is that the company has the infrastructure and systems in place to be able to track keystrokes.

A Tiktok spokesperson said the code is in place for "debugging, troubleshooting and performance monitoring" purposes, adding that they do not collect keystrokes or text inputs through the code, which is solely used for the above-mentioned processes. (Related: Android messages and dialer apps quietly send data to Google, report alleges.)

After looking into the coding for Instagram, Krause came to a similar conclusion, saying that the platform's infrastructure is also able to log phone taps and click on images.

When Instagram users click on links in the app, they are also brought to an in-app browser that could track sensitive and personal information. Meta operates in a similar manner in their in-app browser as well.

However, a Meta spokesperson refuted that any private information was being harvested.

"We use in-app browsers to enable safe, convenient, and reliable experiences, such as making sure auto-fill populates properly or preventing people from being redirected to malicious sites. Adding any of these kinds of features requires additional code. We have carefully designed these experiences to respect users’ privacy choices, including how data may be used for ads," the spokesperson said.

Risks of in-app browsers

Krause, who is also the founder of Fastlane, a testing platform for Android and iOS apps acquired by Google five years ago, said he has been looking into the risks of in-app browsers for several years. However, the increased use of Big Tech companies spurred him to look at the code behind each platform.

He then released a report on his findings after creating a security tool, called the InAppBrowser.com, for anyone to see what apps can track them when using in-app browsers.

So far, it can recognize what apps like Tiktok, Instagram and Meta can track, but it is still unable to point out specific data that each app chooses to collect, transfer or use. (Related: Study: Many health apps share sensitive medical data with third parties, leaving patients at risk of potential privacy loss.)

InAppBrowser.com can also find commands embedded in the code, but the full extent of what apps implement, or what third-party websites can do is unknown due to an iOS 14.3 update in December 2020, where some JavaScript commands can be undetectable.

Bruce Davie, a leading computer scientist and Systems Approach co-founder, said app behavior of this nature undermines user confidence in e-commerce.

"It's alarming to see how much information can be tracked that people aren't aware of–including potentially any user interaction with a website," he said, adding that the issue seems to be widespread, with the tracking code observed at Facebook, Instagram and Tiktok.

Krause also noted that apps in their infancy use these types of data to find errors and debug before scaling. They usually later delete the functionality, but Tiktok seems to have failed to do so.

"Those [data tracking abilities] should not end up in the final version of the app that has been used by millions of people," Krause said. "That's not something that happens by mistake, especially at a company this size."

Visit BigTech.news for more information about privacy issues on social media sites.

Watch the video below about why digital privacy is an illusion.

This video is from the What is happening channel on Brighteon.com.

More related stories:

TikTok quietly changed its privacy policy, giving itself permission to harvest biometric data of US users.

Experts warn TikTok is spyware for the Chinese regime.

TikTok star shares "uncomfortable" amount of data Amazon has on her, including thousands of audio recordings.

Sources include:

NationalFile.com

ABC.net.au

Brighteon.com



Take Action:
Support NewsTarget by linking to this article from your website.
Permalink to this article:
Copy
Embed article link:
Copy
Reprinting this article:
Non-commercial use is permitted with credit to NewsTarget.com (including a clickable link).
Please contact us for more information.
Free Email Alerts
Get independent news alerts on natural cures, food lab tests, cannabis medicine, science, robotics, drones, privacy and more.

NewsTarget.com © 2022 All Rights Reserved. All content posted on this site is commentary or opinion and is protected under Free Speech. NewsTarget.com is not responsible for content written by contributing authors. The information on this site is provided for educational and entertainment purposes only. It is not intended as a substitute for professional advice of any kind. NewsTarget.com assumes no responsibility for the use or misuse of this material. Your use of this website indicates your agreement to these terms and those published on this site. All trademarks, registered trademarks and servicemarks mentioned on this site are the property of their respective owners.

This site uses cookies
News Target uses cookies to improve your experience on our site. By using this site, you agree to our privacy policy.
Learn More
Close
Get 100% real, uncensored news delivered straight to your inbox
You can unsubscribe at any time. Your email privacy is completely protected.