Image: Avishek Das/SOPA Images/LightRocket via Getty Images
Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.
Advertisement
Advertisement
According to the spokesperson, TikTok uses an in-app browser like many other apps and it does not log keystrokes.Zach Edwards, an independent cybersecurity and privacy researcher, who analyzed the code used by TikTok’s iOS app, also cautioned that Krause’s findings are not definitive. While he agreed that the JavaScript inside TikTok’s app “could scrape” information typed within the app, Edwards said that whether an app actually scrapes forms—such as password form fields—can only be confirmed by monitoring what data the app sends to its servers.“Felix is making TikTok look worse than they are—and that’s unfortunate because they are pretty bad,” he said. Still, Edwards said that in-app browsers are “wildly dangerous” because theoretically they give the apps the ability to scrape sensitive information. That's why he thinks that Apple and Google should give users a chance to disable them. Joseph Cox contributed reporting.Subscribe to our podcast, CYBER. Subscribe to our new Twitch channel.Sign up for Motherboard’s daily newsletter for a regular dose of our original reporting, plus behind-the-scenes content about our biggest stories.