![]() "Whenever you open a link from any app, see if the app offers a way to open the currently shown website in your default browser," wrote Krause. Krause said users who wish to protect themselves from any potential malicious usage of JavaScript code in in-app browsers should switch to viewing a given link in the platform's default browser if possible, such as Safari on the iPhone and iPad. ![]() "Like other platforms, we use an in-app browser to provide an optimal user experience, but the Javascript code in question is used only for debugging, troubleshooting and performance monitoring of that experience - like checking how quickly a page loads or whether it crashes," the statement said, according to Forbes. In a statement shared with Forbes, a TikTok spokesperson acknowledged the JavaScript code in question, but said it is only used for debugging, troubleshooting, and performance monitoring to ensure an "optimal user experience." However, the researcher added that "just because an app injects JavaScript into external websites, doesn't mean the app is doing anything malicious." "From a technical perspective, this is the equivalent of installing a keylogger on third party websites," wrote Krause, in regards to the JavaScript code that TikTok injects. Krause said TikTok's in-app browser "subscribes" to all keyboard inputs while a user interacts with an external website, including any sensitive details like passwords and credit card information, along with every tap on the screen. ![]() TikTok's custom in-app browser on iOS reportedly injects JavaScript code into external websites that allows TikTok to monitor "all keyboard inputs and taps" while a user is interacting with a given website, according to security researcher Felix Krause, but TikTok has reportedly denied that the code is used for malicious reasons.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |