Invasion of privacy: TikTok is accused of monitoring user typing

0
26
Invasion of privacy: TikTok is accused of monitoring user typing
1660961699 invasion of privacy tiktok is accused of monitoring user typing.jpeg

TikTok doesn’t have a good track record when it comes to user data usage. The US government has even called for a ban on the app and today Felix Krause, software researcher and founder of Fastlane, is reporting that the app’s built-in browser has been spying on users, even recording typing without people’s consent.

According to Krause, TikTok’s browser records screen taps, typing and even the clipboard of the user’s device, which can contain sensitive personal data such as logins, passwords, credit card details and more.

Jennifer King, a Privacy and Data Policy Fellow at the Human-Centered Artificial Intelligence Institute at Stanford University, considers that this practice violates the privacy of users:

This is very sneaky. The assumption that your data is being pre-read before you even send it crosses a line in my opinion.

The collection is done by a JavaScript code injected into the web page from links promoted within the application. Integrating JavaScript code into promoted pages is normal, but not to collect data in such an intrusive way, even more so in an app that has around 1 billion active global users, as reported by TikTok itself.

Code injected via JavaScript to monitor users. Image: Felix Krause/Fastlane

According to the founder of Fastlane, an application testing and implementation company that was acquired by Google 5 years ago, tracking is not accidental:

This was an active choice the company made. This is a non-trivial engineering task. This does not happen by mistake or randomly.

In response, Maureen Shanahan, Global Director of Corporate Communications at TikTok, said in a statement that:

Like other platforms, we use an in-app browser to provide an optimal user experience, but the Javascript code in question is only used for debugging, troubleshooting, and performance monitoring of that experience — such as checking how quickly a page loads or if she has a problem.

In addition, Shanahan also stated that the JavaScript code is part of a third-party development kit (SDK), which includes features that TikTok does not use, but the company declined to answer further questions about the SDK and which vendor it is. who also have access to the collected data.

SEE ALSO  Do you need a new computer? These 5 clues show you that yes

When asked about tracking users, Meta replied that the browser integrated with Facebook and Instagram offers features that prevent redirects to malicious websites and that

Adding any of these resource types requires additional code. We carefully design these experiences to respect users’ privacy choices, including how the data may be used for advertising.

It is worth mentioning that Krause performed a test using an iPhone with the following applications with integrated browsers: TikTok, Facebook, Facebook Messenger, Instagram, Snapchat, Amazon and Robinhood. The result was that only TikTok monitors users’ typing, being the most invasive.

The situation around tracking becomes even more complex when we remember that TikTok launched the Election Center, where users will be able to have their information verified and will be redirected to US government and NGO websites to register to vote.

Monitoring could provide data such as users’ address, age and political preference, but TikTok claims that “this information is only used for debugging.”