Connect with us

Hi, what are you looking for?

The American GeniusThe American Genius

Business News

Are TikTok and Instagram really using keystroke trackers?

Your favorite social media apps have the code for keystroke trackers to watch your every move during in-app browsing activity, but are they?

Tiktok on iphone representing keystroke trackers

Multiple articles last week carried the news that researcher Felix Krause had discovered TikTok included keystroke trackers.

Not so fast.

Krause in a blog post says his research shows the code is there that could allow keystroke tracking, but that’s not what’s happening. Also, TikTok is not the only app including JavaScript that makes tracking possible.

“Just because an app injects JavaScript into external websites, doesn’t mean the app is doing anything malicious,” Krause said in his blog post.

Advertisement. Scroll to continue reading.

“There is no way for us to know the full details on what kind of data each in-app browser collects, or how or if the data is being transferred or used. This publication is stating the JavaScript commands that get executed by each app, as well as describing what effect each of those commands might have.”

Krause explains that when you open a link on TikTok, it opens in their in-app browser.

That browser tracks multiple items, which could include each keystroke.

In response to his findings earlier, Krause has introduced InAppBrowser.com, a simple tool to list the JavaScript commands executed by the iOS app rendering the page.

In his blog post, Krause explains how to use InAppBrowser.com. TikTok then responded to Krause’s discovery of the Javascript commands and the company confirmed those features exist in the code but said TikTok is not using them.

“Like other platforms, we use an in-app browser to provide an optimal user experience, but the Javascript code in question is used only for debugging, troubleshooting, and performance monitoring of that experience — like checking how quickly a page loads or whether it crashes,” spokesperson Maureen Shanahan said in a statement.

Advertisement. Scroll to continue reading.

Also important to note, TikTok is not the only app using the code that could allow tracking. Meta’s Instagram injects script onto third-party websites as well.

Krause was able to find the following commands Instagram executes:

  • Instagram iOS subscribes to every tap on any button, link, image, or other component on external websites rendered inside the Instagram app.
  • Instagram iOS subscribes every time the user selects a UI element (like a text field) on third-party websites rendered inside the Instagram app.

Krause includes a link to everything he found on Instagram in his blog post.

Meta responded via a tweet saying, “The code in question allows us to respect people’s privacy choices by helping aggregate events (such as making a purchase online) from pixels already on websites before those events are used for advertising or measurement purposes.”

Another important note, Krause said, is that when he talks about “App subscribes to”, he means that the app subscribes to the JavaScript events of that type (e.g. all taps). There is no way to verify what happens with the data.

In his blog post announcing InAppBrowser, Krause includes more information about in-app browsing and how it could be used to track and other JavaScript information people will be interested in knowing, including how to stay safe while using apps.

Advertisement. Scroll to continue reading.

He includes again though that the companies using JavaScript to track are not stealing passwords, addresses, and credit card numbers.

“I wanted to showcase that bad actors could get access to this data with this approach,” Krause said in his blog post.

“As shown in the past, if it’s possible for a company to get access to data legally and for free, without asking the user for permission, they will track it.”

Mary Beth Lee retired from teaching in Texas this year after 28 years as a student media adviser. She spends her time these days reading, writing, fighting for public education and enjoying the empty nester life in Downtown Fort Worth.

Click to comment

Leave a Reply

Your email address will not be published.

The
American Genius
news neatly in your inbox

Subscribe to our mailing list for news sent straight to your email inbox.

Advertisement

KEEP READING!

Social Media

(SOCIAL MEDIA) Social media has evolved from being only community-oriented to career-oriented. See how users are getting jobs by being creative.

Tech News

In typical fashion, TikTok releases their latest AI project focused on text-to-image generation, right after Meta's similar announcement.

Business Marketing

That amazing zeitgeist of organic content and sharing leading to marketing or sales hits that companies never dreamed of has met its match with...

Social Media

(SOCIAL MEDIA) The popular short-form app, TikTok, finally launches the anticipated Insights feature, where content creators can view target audience data.

The American Genius is a strong news voice in the entrepreneur and tech world, offering meaningful, concise insight into emerging technologies, the digital economy, best practices, and a shifting business culture. We refuse to publish fluff, and our readers rely on us for inspiring action. Copyright © 2005-2022, The American Genius, LLC.