Sunday, April 21, 2024

Tech News, analysis, updates, comments, reviews

TikTok, Meta can see user behavior on in-app browsers

A researcher found that these apps can track clicks, screenshots, and even passwords.

Next time you click on someone’s “link in bio,” you might be unsuspectingly granting more access to your data than previously understood.

Instagram, Facebook, and TikTok have the ability to track interactions like searches, clicks, screenshots, and “form inputs” (like passwords and credit card numbers) within what’s called an in-app browser, according to tech researcher Felix Krause.

Next time you click on someone’s “link in bio,” you might be unsuspectingly granting more access to your data than previously understood.

Instagram, Facebook, and TikTok have the ability to track interactions like searches, clicks, screenshots, and “form inputs” (like passwords and credit card numbers) within what’s called an in-app browser, according to tech researcher Felix Krause.

In research published last week on his blog, Krause was able to show that Meta appears to have access to all sorts of data when users open Instagram’s in-app browser—without allowing users a way to opt out. That’s notable because Apple’s currently engaged in a full-court press against tracking that’s made it harder for marketers to measure conversions on apps like Instagram and Facebook. (Krause works part-time for Google as a consultant.)

He followed up that research this week, finding that TikTok’s in-app browser appears to have the ability to monitor “all keyboard inputs” including “every tap on any button, link, image, or other component rendered”  on the in-app browser. TikTok confirmed to Forbes that “those features exist in the code,” but said that it is not using them.

US legislators on both sides of the aisle have expressed concern about TikTok, specifically over whether its Chinese parent company, ByteDance, is sharing American user data with Beijing. Some have suggested that any data collected could pose a national-security risk, with FCC commissioner Brendan Carr recommending it be booted from app stores, and staff working in the House of Representatives encouraged not to use or download the app.

Basically, companies like Meta and TikTok can inject JavaScript into every website that loads within their in-app browsers. Once it loads, they can then collect some information about what the user does on that webpage.

  • According to Krause’s research, Meta could be able to receive when a user selects text and takes a screenshot.

It also injects what’s called a “pcm script.” Meta told Krause the pcm script is used to help aggregate data like online purchases before it is used for targeted advertising and measurement and “helps Meta respect the user’s ATT opt out choice” in cases where the website has the Meta Pixel installed. Meta Spokesperson Andy Stone tweeted the same thing.

Later, Meta Spokesperson Alisha Swinteck said over email to Marketing Brew that “like many other tech companies, we’ve built security, integrity, and other features on our in-app browser that would not be as effective using the system browser.”

In-app browsers are “something those companies have built consciously, it’s not a nontrivial effort they put in to build that,” Krause told Marketing Brew. “If this is about respecting the user’s choice around ATT,” they could open the more privacy-conscious Safari browser, he explained. “There must be more to this story, but I don’t know what. We didn’t get a clear answer from Facebook.”

Even so, he said, “if there is a way to get additional data, companies are going to use it.”

Bad actors could take advantage of the access—they could insert their own ads or change content, like rewriting headlines in a news article, Krause noted.

While its ads position it as a company that’s pro-privacy and anti-tracking, creating an in-app browser isn’t currently against Apple’s own app-development guidelines. It only recommends that companies rely on Safari as an in-app browser. “Attempting to replicate the functionality of Safari in your app is unnecessary and discouraged,” its guidelines state.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Get notified whenever we post something new!

spot_img

Migrate to the cloud

Make yourself future-proof by migrating your infrastructure and services to the cloud. Become resilient, efficient and distributed.

Continue reading

A Rant: Stripping Privacy in This Era

The world has a privacy problem. Everything connected to the Internet (which is almost everything today), is for the taking. Looking around an average person's daily routine, it exposes the enlarging attack surface with each device we purchase, each...

Unveiling the Future: AI Breakthroughs and Their Impact

Welcome to the era where science fiction meets reality – the world of Artificial Intelligence (AI). In this exploration, we embark on a journey through recent AI breakthroughs, uncovering the marvels of advanced image recognition and natural language understanding....

 Navigating the Ethical Landscape of Artificial Intelligence

Introduction Welcome to a critical exploration of the brave new world of Artificial Intelligence (AI), where innovation and ethics intertwine. In this thought-provoking piece, we delve deep into the ethical considerations surrounding AI technologies. From the responsible use of AI...

Enjoy exclusive discounts

Use the promo code SDBR002 to get amazing discounts to our software development services.