TikTok can monitor users’ keystrokes, could collect passwords, credit card info, researcher claims

TikTok can monitor users’ keystrokes, could collect passwords, credit card info, researcher claims

TikTok tracks people’s internet activity when they navigate to other websites through links clicked on the China-owned platform, according to researcher Felix Krause.

Mr. Krause wrote that the monitoring is similar to a “keylogger” that collects someone’s keystrokes.

TikTok iOS subscribes to every keystroke (text inputs) happening on third party websites rendered inside the TikTok app,” Mr. Krause wrote on his website on Thursday. “This can include passwords, credit card information and other sensitive user data.”

TikTok told Forbes the features described by Mr. Krause exist, but it does not use them and the computer code is there to help with troubleshooting and debugging.

TikTok spokesperson Brooke Oberwetter said her company believes Mr. Krause’s conclusions are “incorrect and misleading.”

“The researcher specifically says the code does not mean our app is doing anything malicious, and admits they have no way of knowing the full details on what kind of data our in-app browser collects,” Ms. Oberwetter said in a statement. “Contrary to the report’s claims, we do not collect keystroke or text inputs through this JavaScript code — it is only used for debugging, troubleshooting, and performance monitoring.” 

SEE ALSO: TikTok’s muzzling of conservatives accounts fans questions about Chinese influence

The latest revelations about TikTok’s functionality are likely to raise tensions with U.S. policymakers, who already sounded alarms about cyber problems and how TikTok stores data.

The House of Representatives’ chief administrative officer recently issued a cyber advisory cautioning lawmakers about using TikTok’s service, which Federal Communications Commission commissioner Brendan Carr published on Twitter.

“The ‘TikTok‘ mobile application has been deemed by the CAO Office of CyberSecurity to be a high-risk to users due to its lack of transparency in how it protects customer data, its requirement of excessive permissions, and the potential security risks involved in its use,” the advisory said.

TikTok replied in a letter challenging the cyber advisory’s concerns as false. TikTok Vice President Michael Beckerman wrote a letter requesting that the House chief administrative officer recant the warning.

“We urge the CAO to rescind the ‘TikTok Cyber Advisory,’” Mr. Beckerman wrote. “While we would have preferred a dialogue with your office prior to the Advisory being sent, we look forward to meeting with you to further discuss the facts laid out in this letter and ensure that accurate information about TikTok is shared going forward.”

TikTok is also under fire from the Senate. Sens. Richard Blumenthal, Connecticut Democrat, and Marsha Blackburn, Tennessee Republican, wrote a letter to TikTok on Thursday questioning how the company handles child sexual abuse material on its platform, according to Forbes.

SEE ALSO: Sens. Blumenthal, Blackburn propose to overhaul digital rules to protect kids from social media

Content moderators working at the third-party company Teleperformance were trained on how to censor TikTok posts using graphic videos and images of children engaged in sexual acts that were previously removed from TikTok, according to Forbes.