Aug 19th, 2022

Companies like Apple and Google have made it a point to make sure that their browsers are (relatively) safe to use and will protect your privacy (to a certain extent). Unfortunately, the same cannot be said for the in-app browsers of some apps, such as TikTok.

According to a report by security researcher Felix Krause, he has published a post in which he has discovered JavaScript code that could potentially be used for malicious purposes. The code Krause found can apparently allow the browser to “subscribe” to keyboard inputs, meaning that the things you type while using the in-app browser has the potential to be logged, including passwords, credit card information, and so on.

Krause does note that just because JavaScript has been injected into external websites, it doesn’t mean that the app is doing anything malicious, which is essentially what TikTok is trying to clarify as well in a statement made to Forbes. The company acknowledges the use of the code, but says it’s only used for debugging and troubleshooting purposes.

“Like other platforms, we use an in-app browser to provide an optimal user experience, but the Javascript code in question is used only for debugging, troubleshooting and performance monitoring of that experience — like checking how quickly a page loads or whether it crashes.”

That being said, note that this “issue” only seems to be affecting the iOS version of TikTok. Krause does not mention if this affects the Android version of the app as well, but we suppose it’s still something that users might want to keep in mind all the same.

Source: MacRumors

local_offer    Apple   iOS   privacy   security   TikTok