Thursday, November 21, 2024

Tech News, analysis, updates, comments, reviews

TikTok, Meta can see user behavior on in-app browsers

A researcher found that these apps can track clicks, screenshots, and even passwords.

Next time you click on someone’s “link in bio,” you might be unsuspectingly granting more access to your data than previously understood.

Instagram, Facebook, and TikTok have the ability to track interactions like searches, clicks, screenshots, and “form inputs” (like passwords and credit card numbers) within what’s called an in-app browser, according to tech researcher Felix Krause.

Next time you click on someone’s “link in bio,” you might be unsuspectingly granting more access to your data than previously understood.

Instagram, Facebook, and TikTok have the ability to track interactions like searches, clicks, screenshots, and “form inputs” (like passwords and credit card numbers) within what’s called an in-app browser, according to tech researcher Felix Krause.

In research published last week on his blog, Krause was able to show that Meta appears to have access to all sorts of data when users open Instagram’s in-app browser—without allowing users a way to opt out. That’s notable because Apple’s currently engaged in a full-court press against tracking that’s made it harder for marketers to measure conversions on apps like Instagram and Facebook. (Krause works part-time for Google as a consultant.)

He followed up that research this week, finding that TikTok’s in-app browser appears to have the ability to monitor “all keyboard inputs” including “every tap on any button, link, image, or other component rendered”  on the in-app browser. TikTok confirmed to Forbes that “those features exist in the code,” but said that it is not using them.

US legislators on both sides of the aisle have expressed concern about TikTok, specifically over whether its Chinese parent company, ByteDance, is sharing American user data with Beijing. Some have suggested that any data collected could pose a national-security risk, with FCC commissioner Brendan Carr recommending it be booted from app stores, and staff working in the House of Representatives encouraged not to use or download the app.

Basically, companies like Meta and TikTok can inject JavaScript into every website that loads within their in-app browsers. Once it loads, they can then collect some information about what the user does on that webpage.

  • According to Krause’s research, Meta could be able to receive when a user selects text and takes a screenshot.

It also injects what’s called a “pcm script.” Meta told Krause the pcm script is used to help aggregate data like online purchases before it is used for targeted advertising and measurement and “helps Meta respect the user’s ATT opt out choice” in cases where the website has the Meta Pixel installed. Meta Spokesperson Andy Stone tweeted the same thing.

Later, Meta Spokesperson Alisha Swinteck said over email to Marketing Brew that “like many other tech companies, we’ve built security, integrity, and other features on our in-app browser that would not be as effective using the system browser.”

In-app browsers are “something those companies have built consciously, it’s not a nontrivial effort they put in to build that,” Krause told Marketing Brew. “If this is about respecting the user’s choice around ATT,” they could open the more privacy-conscious Safari browser, he explained. “There must be more to this story, but I don’t know what. We didn’t get a clear answer from Facebook.”

Even so, he said, “if there is a way to get additional data, companies are going to use it.”

Bad actors could take advantage of the access—they could insert their own ads or change content, like rewriting headlines in a news article, Krause noted.

While its ads position it as a company that’s pro-privacy and anti-tracking, creating an in-app browser isn’t currently against Apple’s own app-development guidelines. It only recommends that companies rely on Safari as an in-app browser. “Attempting to replicate the functionality of Safari in your app is unnecessary and discouraged,” its guidelines state.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Get notified whenever we post something new!

spot_img

Migrate to the cloud

Make yourself future-proof by migrating your infrastructure and services to the cloud. Become resilient, efficient and distributed.

Continue reading

Concerns about the ICT Bill 2024 in Kenya

THis post has been updated after the attention it is gannering. The original post can be found here: https://web.archive.org/web/20240813033032/https://blog.blancorpsolutions.com/kenya/concerns-about-the-ict-bill-2024-in-kenya/ Kenya's tech industry has been a beacon of innovation and growth, thanks in part to a regulatory environment that has allowed...

What are the real intentions of tracking IMEI numbers?

Imagine if you had a magic map that could show you where all your favorite toys were at any time. Sounds pretty? Well, in Kenya, the government wants to do something similar, but with people’s phones. They plan to...

The Tor Project + Tails, A Game-Changing Merger for Privacy Advocates

In a significant development for digital privacy enthusiasts, the Tor Project and Tails have merged their operations, uniting two of the most trusted tools in the fight against online surveillance. This merger, announced this month, combines the power of...

Enjoy exclusive discounts

Use the promo code SDBR002 to get amazing discounts to our software development services.