Social media apps can read all your…


News broke this week that TikTok can track everything in its own browser, after privacy researcher Felix Krause’s blockbuster warning.

“As you interact with the website, TikTok subscribes to all keystrokes (including passwords, credit card information, etc.) and screen presses, such as buttons and the links you click on,” wrote the former Google engineer.

This can include passwords, credit card information and other sensitive user data, which is “equivalent to installing a keylogger on third-party websites,” he added, noting that he had only tested this in Apple’s iOS operating system.

The news obviously made all the privacy conspiracy theorists and Chinese detractors foam in their mouths – although other apps also offer such built-in browsers and can track your behavior just as easily.

Chinese company TikTok responded that “contrary to the report’s claims, we do not collect typing or text input through this code.” He said this unnecessarily intrusive software was intended for “debugging, troubleshooting, and performance monitoring.”

Krause says other apps, like Instagram and Facebook, “inject JavaScript code into third-party websites that pose potential risks to user security and privacy.”

Visit daily maverick homepage for more news, analysis and surveys

They are owned by the world’s largest surveillance capital firm (playing a sleight of hand by renaming itself Meta), which is notorious for tracking its users (and non-users) as they roam the web.

What really surprises me, however, is that people use the built-in browser inside any app. Why would you? If you’re less security-minded and save your passwords in a browser — or use Apple’s Keychain or a password manager like LastPass — there’s no need to save your name username and password in another browser.

Since it’s the only social media app on my phone, Twitter, for example, always launches links in its own browser. Why? Because it keeps you inside the app. When you’re done reading this New York Times article on Krause’s findings and click done, you’re still on Twitter. That’s what Twitter, or in this case TikTok, wants you to do – keep you where they can show you ads. The same is true on Facebook and Instagram.

I specifically use software from two companies that don’t mine data for me as a user – Apple and Microsoft. On my phone, I alternate between Apple Safari and Microsoft Edge. Being the underdog really suits Microsoft, as the excellent browser attests.

By the way, there are many good reasons not to use Google’s Chrome browser, which is usually resource-intensive. But Google makes its money from surveillance capitalism and therefore focuses more on tracking its users than on privacy. To protect yourself, you need to change a number of settings and strengthen your privacy.

So why would you use the browser in an app that makes money selling you advertising? It’s like Arthur Fraser leaning on your shoulder while you browse through anything. These apps actively crawl your data to learn more about your activity. Why would you trust them with your login credentials? For nothing?

But what did you have in mind? DM/BM

This story first appeared in our weekly newspaper Daily Maverick 168, which is available nationwide for R25.


Comments are closed.