“This is a non-trivial engineering task. This does not happen by mistake or randomly.” Eventually, policymakers and journalists need to accept that the culture of internet platforms guarantees they will always choose the alternative that produces the most harm for users. https://t.co/Q3His1PLKP

— Roger McNamee (@Moonalice) August 19, 2022

Wow, what an honour to have my work featured on @forbes

Including statements by TikTok confirming the code I found exists and does what I expected.https://t.co/1p8hOwQBWN via @richardjnieva pic.twitter.com/13M78cHEEy

— Felix Krause (@KrauseFx) August 18, 2022

As reported by @VICE: the researcher walks back his claims, saying that his report “doesn’t say TikTok is actually recording and using this data," and re-emphasizing that he can’t talk about if and how the system is actually being used. https://t.co/MdtTsEguui

— TikTokComms (@TikTokComms) August 19, 2022

NEW: A developer says TikTok "can monitor all keystrokes, including passwords, and all taps" in its in-app browser.

The company denies doing this, and another researcher said there's no evidence this is happening. https://t.co/gmw3hT7wFE

— Lorenzo Franceschi-Bicchierai (@lorenzofb) August 19, 2022

The report's conclusions about TikTok are incorrect and misleading. Contrary to its claims, we do not collect keystroke or text inputs through this code, which is solely used for debugging, troubleshooting and performance monitoring. https://t.co/eUl9hikO3h

— TikTokComms (@TikTokComms) August 19, 2022

NEW: TikTok's in-app browser injects code that could let the company monitor a user's keystrokes and taps on outside websites, according to research by @KrauseFx https://t.co/7mrBvPmIs2

— Richard Nieva (@richardjnieva) August 18, 2022

This isn’t just about TikTok, but also in-app browsers that inject JavaScript in general

Let alone what the injected script does, the fact it alters third-party webpage w/o explicitly informing the user is overreaching

I talked to @nytimes about it:https://t.co/Faq0ljXwN2 pic.twitter.com/sh9WttjzUW

— Jane Manchun Wong (@wongmjane) August 19, 2022

“Tiktok strongly pushed back at the idea that it’s tracking users in its in-app browser. The company confirmed those features exist in the code, but said TikTok is not using them.”

Then remove the code. You don’t accidentally include spyware, which is what this is. https://t.co/ppqcuaqK3D

— Rakesh Agrawal (@rakeshlobster) August 19, 2022

While there's no evidence that TIkTok *collects* keystokes, this isn't the first time the company has been suspected of *tracking* users' typing. And the fact TikTok has code in its app that could allow it to do so is worrying, say researchers.https://t.co/XXtPObUK8N

— Ryan Mac 🙃 (@RMac18) August 19, 2022

This should be illegal. https://t.co/ZTQlwgA5nX

— Whitney Merrill (@wbm312) August 19, 2022

"The company confirmed those features exist in the code, but said TikTok is not using them." https://t.co/P3gHkygWQT

— John Paczkowski (@JohnPaczkowski) August 18, 2022

serious question: can we just get rid of in app browsers? is there any reason we need them vs just opening links in the system browser? https://t.co/EWviU1uSAi

— J Emory Parker 🏳️‍🌈 Subscribe to STAT+ (@jaspar) August 18, 2022

FYI: At least on Instagram you can just dm the address to yourself to try it. No need to send it to a friend.

— Holger Eilhard (@holgr) August 18, 2022

How long till apple gives us the option to turn off in-app browsers. https://t.co/M9g4jNAFfq

— Ian (@Ianmurren) August 19, 2022

A security researcher's post about TikTok's in-app browser went viral. They said TikTok could steal passwords, credit card info with it. Lots of outlets ran with it.

Spoke to TikTok, they strongly deny. Actually no evidence TikTok *is* doing this https://t.co/hUxZRZzGhV

— Joseph Cox (@josephfcox) August 19, 2022

I have asked this question for the last few years: “what will it take for you to care about who is watching you even if ‘you are doing nothing important’”

Take a moment and contemplate what you have agreed to and speculate what value it has to the folks that ultimately use it. https://t.co/24OUoxoTMM

— Brian Roemmele (@BrianRoemmele) August 19, 2022

TikTok is capturing every keystroke you make on their in-app browser - including potentially passwords and credit card details - but don’t worry, it’s just for “troubleshooting”: https://t.co/zeNSr2lb0s

— James Paterson (@SenPaterson) August 19, 2022

When opening a website from within the TikTok iOS app, they inject code that can observe every keyboard input (which may include credit card details, passwords or other sensitive information)

TikTok also has code to observe all taps, like clicking on any buttons or links. pic.twitter.com/Dcv0N4ccKD

— Felix Krause (@KrauseFx) August 18, 2022

As reported by @VICE: the researcher walks back his claims, saying that his report “doesn’t say TikTok is actually recording and using this data," and re-emphasizing that he can’t talk about if and how the system is actually being used. https://t.co/MdtTsEguui

— TikTokComms (@TikTokComms) August 19, 2022

Once again @tiktok_us is playing games. Perhaps they’re not collecting keyboard data via the browser; BUT, that’s because the TOS of the app already grants this access/permission. Read the spokesperson’s statement carefully—it’s only about the browser.https://t.co/v1Gxk60Fg8

— Klon Kitchen (@klonkitchen) August 19, 2022

Yet another horrifying article shows TikTok has a back door on its iPhone app that lets it scrape passwords. Their defenders acknowledge that it CAN but say there's no evidence it does. 🤣 #BanTikTok #BBIG $BBIGhttps://t.co/vUAE7dxEMd

— John Colucci, Prison Commissary CEO (@FloridaUnemplo1) August 19, 2022

"...this is the equivalent of installing a keylogger on third party websites.”
Beware of TikTok. Addictive. Fun. Dangerous.

And if you haven't watched episode #42 of the Brett Johnson Show which discusses TikTok--you may want to.https://t.co/jC9n6rsfca

— Brett Johnson (@GOllumfun) August 19, 2022

"TikTok's custom in-app browser on iOS reportedly injects JavaScript code into external websites that allows TikTok to monitor "all keyboard inputs and taps" while a user is interacting with a given website" https://t.co/zb9mkurlpg - IABs are a boil on the bum of the Web.

— Bruce Lawson (@brucel) August 19, 2022

TikTok is capturing every keystroke you make on their in-app browser - including potentially passwords and credit card details - but don’t worry, it’s just for “troubleshooting”: https://t.co/zeNSr2lb0s

— James Paterson (@SenPaterson) August 19, 2022

TikTok's In-App Browser Reportedly Capable of Monitoring Anything You Type https://t.co/CvJR1VtVXJ

— Matt Navarra (@MattNavarra) August 19, 2022

This site exposes the creepy things in-app browsers from TikTok and Instagram might track https://t.co/PDExumUC2G pic.twitter.com/VipdnvSbRr

— The Verge (@verge) August 19, 2022