The article shows that when opening a link through the

[sumonasumonakha.tu]

TikTok app, users do not have an option to open in the default browser, so they are “forced” to navigate inside the app. This can be a little annoying when we look at the user experience perspective, but there’s a long way to go towards privacy issues. Besides having only the in-app browser, users might be getting their personal information captured by a Javascript code. According to Felix Krause, this code is able to detect every single tap the user gives on the screen, including the keyboard.


So… yeah. This might mean that TikTok can have access to every keyboard input, such as email list france passwords, credit card information, etc. Krause stated that it is uncertain if the App really collects and somehow uses this information or just has the ability to track them. According to the New York Times, the Chinese company stated that “Contrary to the report’s claims, we do not collect keystroke or text inputs through this code”, justifying the feature to be used for “debugging, troubleshooting and performance monitoring.” But that’s not all.



Recent research led by Microsoft 365 Defender Research team shows that TikTok had a breach that was leading users to extremely vulnerable experiences. This issue could allow attackers to hijack a user’s account with literally a single click of a crafted link. Hijack according to the Cambridge Dictionary means “to force someone to give you control of a vehicle, aircraft, or ship that is in the middle of a trip.” In this case, the breach could be used to steal or “kidnap” one’s account with a single click.