TikTok tracks people’s internet activity when they navigate to other websites through links clicked on the China-owned platform, according to researcher Felix Krause.
Mr. Krause wrote that the monitoring is similar to a “keylogger” that collects someone’s keystrokes.
“TikTok iOS subscribes to every keystroke (text inputs) happening on third party websites rendered inside the TikTok app,” Mr. Krause wrote on his website on Thursday. “This can include passwords, credit card information and other sensitive user data.”
TikTok told Forbes the features described by Mr. Krause exist, but it does not use them and the computer code is there to help with troubleshooting and debugging.
TikTok spokesperson Brooke Oberwetter said her company believes Mr. Krause’s conclusions are “incorrect and misleading.”
The House of Representatives’ chief administrative officer recently issued a cyber advisory cautioning lawmakers about using TikTok’s service, which Federal Communications Commission commissioner Brendan Carr published on Twitter.
“The ‘TikTok‘ mobile application has been deemed by the CAO Office of CyberSecurity to be a high-risk to users due to its lack of transparency in how it protects customer data, its requirement of excessive permissions, and the potential security risks involved in its use,” the advisory said.
TikTok replied in a letter challenging the cyber advisory’s concerns as false. TikTok Vice President Michael Beckerman wrote a letter requesting that the House chief administrative officer recant the warning.
“We urge the CAO to rescind the ‘TikTok Cyber Advisory,’” Mr. Beckerman wrote. “While we would have preferred a dialogue with your office prior to the Advisory being sent, we look forward to meeting with you to further discuss the facts laid out in this letter and ensure that accurate information about TikTok is shared going forward.”
TikTok is also under fire from the Senate. Sens. Richard Blumenthal, Connecticut Democrat, and Marsha Blackburn, Tennessee Republican, wrote a letter to TikTok on Thursday questioning how the company handles child sexual abuse material on its platform, according to Forbes.
Content moderators working at the third-party company Teleperformance were trained on how to censor TikTok posts using graphic videos and images of children engaged in sexual acts that were previously removed from TikTok, according to Forbes.