Last week, Felix Krause, a Viennese researcher, made news when he published that TikTok can record any user’s keystroke in certain situations. He found that TikTok inserts code into a 3rd party website when the user clicks on an external link. The code essentially acts as a keystroke logger.
What does this mean? Personal information may be recorded if you click on a website from within TikTok and type any information. The keystrokes can be recorded even if you enter the information and do not press Submit. In an interview with Forbes, Krause says, “This is a non-trivial engineering task. This does not happen by mistake or randomly.”
Per Forbes, TikTok has confirmed the code exists. However, it denies that the data is being used. “Contrary to the report’s claims, we do not collect keystroke or text inputs through this JavaScript code — it is only used for debugging, troubleshooting, and performance monitoring.”
Krause confirmed he has only tested the iOS version of the app and not the Android version.
Does this mean that you should abandon TikTok? That is a personal choice. It is up to the user to understand the potential that exists and take the necessary precaution. Based on this information, extra care is needed when accessing third-party websites directly from TikTok.
To read more, see the article on Forbes: https://www.forbes.com/sites/richardnieva/2022/08/18/tiktok-in-app-browser-research/?sh=3c8f356d7c55
I Teach Accounting Information Systems 