TikTok and Meta may be tracking users' data outside the apps without their permission, according to research
Posted: Thu Dec 05, 2024 10:12 am
Recent research shows that TikTok and Instagram may be using JavaScript code to collect user interaction data without their consent.
Erick Bernard
Sep 6, 22 | 5 min read
TikTok and Meta may be tracking user data
Reading time: 4 minutes
Data privacy is basically a concern of every living being on the Internet. The latest updates on the end of cookies, third-party data collection, and GDPR regulations gave even more visibility to privacy concerns.
Companies need to be very careful when collecting user data, and we know that social media giants don't always do an exemplary job in this department.
While recent research shows that switzerland email list TikTok can track every tap made by its users, a recent analysis also found that Facebook and Instagram can track users' behavior on websites on iOS.
Both without their knowledge, of course.
Since privacy on these platforms is at risk, I invite you to take a closer look at these cases (and, of course, learn from them).
TikTok could know everything you write (and more)
There's no denying that TikTok is a hit . The platform turned short videos into a trend and quickly established itself as one of the most used social media channels worldwide.
New trend, new privacy concerns. The app has its own built-in browser and here is the first problem pointed out by Felix Krause in a recent research on privacy, especially for iOS users.
The article shows that when opening a link through the TikTok app, users are not given the option to open in the default browser, so they are “forced” to navigate within the app.
This can be a bit annoying when we look at it from a user experience perspective, but there is a long way to go when it comes to privacy issues.
In addition to having just the browser in the app, users can have their personal information captured by a Javascript code. According to Felix Krause, this code is able to detect every touch the user makes on the screen, including the keyboard .
Yes, this could mean that TikTok can access all your keyboard inputs, such as passwords, credit card information, etc.
Krause said it's unclear whether the app actually collects and uses this information in any way or simply has the ability to track it.
According to the New York Times , the Chinese company stated that "contrary to what the report claims, we do not collect keystrokes or text input through this code," justifying the feature being used for "debugging, troubleshooting and performance monitoring."
But that’s not all. Recent research led by Microsoft 365 Defender shows that TikTok had a breach that was leading users to extremely vulnerable experiences. This issue could allow attackers to hijack a user’s account with literally a single click on a crafted link.
In this case, the breach could be used to steal or “hijack” one’s account with a single click. Attackers could then gain access to a user account’s app features, such as posting videos, sending messages, interacting with other accounts, and even changing personal information. The issue was most likely to occur with Android users.
Fortunately, TikTok has already fixed it and the Microsoft 365 Defender research team has not identified any major exploits. Therefore, it is highly recommended that users keep their app updated, using the latest version.
Instagram is riding the TikTok wave… even on privacy issues
Meta (formerly Facebook Inc.) is not far behind when it comes to privacy issues. Felix Krause found potential problems within Instagram apps, quite similar to what happened with TikTok.
In addition to having an option to open links in your device's default browser, Meta apps have their own browser, which is the first to open links within the apps. Whenever you click on a link on Instagram, the app takes you to a page without having to open your smartphone's browser.
In this case, there is also a JavaScript code that can track user interactions on a third-party page, such as TikTok, but not as aggressively. This code can track the interaction between the user and any link, button, image, or UI element.
According to Krause : "Meta stated that they only inject the script to respect the user's choice of ATT and additional 'security and user features'."
In this case of Instagram, the damage caused may be less catastrophic than that mentioned about TikTok. Despite this, it does not mean that we can feel 100% safe while browsing a website within the application, since it is possible that data has been collected without us realizing it.
Erick Bernard
Sep 6, 22 | 5 min read
TikTok and Meta may be tracking user data
Reading time: 4 minutes
Data privacy is basically a concern of every living being on the Internet. The latest updates on the end of cookies, third-party data collection, and GDPR regulations gave even more visibility to privacy concerns.
Companies need to be very careful when collecting user data, and we know that social media giants don't always do an exemplary job in this department.
While recent research shows that switzerland email list TikTok can track every tap made by its users, a recent analysis also found that Facebook and Instagram can track users' behavior on websites on iOS.
Both without their knowledge, of course.
Since privacy on these platforms is at risk, I invite you to take a closer look at these cases (and, of course, learn from them).
TikTok could know everything you write (and more)
There's no denying that TikTok is a hit . The platform turned short videos into a trend and quickly established itself as one of the most used social media channels worldwide.
New trend, new privacy concerns. The app has its own built-in browser and here is the first problem pointed out by Felix Krause in a recent research on privacy, especially for iOS users.
The article shows that when opening a link through the TikTok app, users are not given the option to open in the default browser, so they are “forced” to navigate within the app.
This can be a bit annoying when we look at it from a user experience perspective, but there is a long way to go when it comes to privacy issues.
In addition to having just the browser in the app, users can have their personal information captured by a Javascript code. According to Felix Krause, this code is able to detect every touch the user makes on the screen, including the keyboard .
Yes, this could mean that TikTok can access all your keyboard inputs, such as passwords, credit card information, etc.
Krause said it's unclear whether the app actually collects and uses this information in any way or simply has the ability to track it.
According to the New York Times , the Chinese company stated that "contrary to what the report claims, we do not collect keystrokes or text input through this code," justifying the feature being used for "debugging, troubleshooting and performance monitoring."
But that’s not all. Recent research led by Microsoft 365 Defender shows that TikTok had a breach that was leading users to extremely vulnerable experiences. This issue could allow attackers to hijack a user’s account with literally a single click on a crafted link.
In this case, the breach could be used to steal or “hijack” one’s account with a single click. Attackers could then gain access to a user account’s app features, such as posting videos, sending messages, interacting with other accounts, and even changing personal information. The issue was most likely to occur with Android users.
Fortunately, TikTok has already fixed it and the Microsoft 365 Defender research team has not identified any major exploits. Therefore, it is highly recommended that users keep their app updated, using the latest version.
Instagram is riding the TikTok wave… even on privacy issues
Meta (formerly Facebook Inc.) is not far behind when it comes to privacy issues. Felix Krause found potential problems within Instagram apps, quite similar to what happened with TikTok.
In addition to having an option to open links in your device's default browser, Meta apps have their own browser, which is the first to open links within the apps. Whenever you click on a link on Instagram, the app takes you to a page without having to open your smartphone's browser.
In this case, there is also a JavaScript code that can track user interactions on a third-party page, such as TikTok, but not as aggressively. This code can track the interaction between the user and any link, button, image, or UI element.
According to Krause : "Meta stated that they only inject the script to respect the user's choice of ATT and additional 'security and user features'."
In this case of Instagram, the damage caused may be less catastrophic than that mentioned about TikTok. Despite this, it does not mean that we can feel 100% safe while browsing a website within the application, since it is possible that data has been collected without us realizing it.