In-app browser not used to scrape sensitive information from users: TikTok

Islamabad: TikTok, a globally-known platform for short videos, said on Monday afternoon that its in-app browser was not used to “scrape” passwords, credentials, and other sensitive information from its users.

Earlier, Developer Felix Krause alleged that a code in TikTok’s iOS app enabled the corporation to track “all keystrokes, including passwords, and all touches.”

TikTok, immensely popular in Pakistan, categorically denied the accusation. The representative for the video-sharing website described the report as “misleading and wrong.”

According to a spokesperson for the Chinese App: “The researcher specifically states that the JavaScript code does not mean that our app is doing anything malicious, and admits they have no way of knowing what kind of data our in-app browser collects.” The spokeswoman also clarified that, in contrast to the claims of the report, the applications do not collect “keystroke or text inputs” via this code.”

The code is only used for “debugging, troubleshooting, and performance monitoring, according to TikTok. The program does not log keystrokes and uses an in-app browser like other apps.

Zach Edwards, a freelance researcher in privacy and cybersecurity, has also examined the code used by the iOS version of the video-sharing service.

He cautioned against Krause’s conclusions, describing them as “not definite.” He did agree, though, that the JavaScript in the app “might scrape” the inputted information.

He claimed that the only method to determine whether an app genuinely scrapes forms, such as password form fields, is to watch the type of data the application transmits to its servers.

Edwards claimed that Felix was making TikTok appear worse than they actually were, which was terrible because they are not great.

Edwards, though, believes that users should be able to disable in-app browsers since he considers them to be “wildly dangerous” because they let apps scrape private information.