Monday, May 27, 2024

Tech News, analysis, updates, comments, reviews

TikTok, Meta can see user behavior on in-app browsers

A researcher found that these apps can track clicks, screenshots, and even passwords.

Next time you click on someone’s “link in bio,” you might be unsuspectingly granting more access to your data than previously understood.

Instagram, Facebook, and TikTok have the ability to track interactions like searches, clicks, screenshots, and “form inputs” (like passwords and credit card numbers) within what’s called an in-app browser, according to tech researcher Felix Krause.

Next time you click on someone’s “link in bio,” you might be unsuspectingly granting more access to your data than previously understood.

Instagram, Facebook, and TikTok have the ability to track interactions like searches, clicks, screenshots, and “form inputs” (like passwords and credit card numbers) within what’s called an in-app browser, according to tech researcher Felix Krause.

In research published last week on his blog, Krause was able to show that Meta appears to have access to all sorts of data when users open Instagram’s in-app browser—without allowing users a way to opt out. That’s notable because Apple’s currently engaged in a full-court press against tracking that’s made it harder for marketers to measure conversions on apps like Instagram and Facebook. (Krause works part-time for Google as a consultant.)

He followed up that research this week, finding that TikTok’s in-app browser appears to have the ability to monitor “all keyboard inputs” including “every tap on any button, link, image, or other component rendered”  on the in-app browser. TikTok confirmed to Forbes that “those features exist in the code,” but said that it is not using them.

US legislators on both sides of the aisle have expressed concern about TikTok, specifically over whether its Chinese parent company, ByteDance, is sharing American user data with Beijing. Some have suggested that any data collected could pose a national-security risk, with FCC commissioner Brendan Carr recommending it be booted from app stores, and staff working in the House of Representatives encouraged not to use or download the app.

Basically, companies like Meta and TikTok can inject JavaScript into every website that loads within their in-app browsers. Once it loads, they can then collect some information about what the user does on that webpage.

  • According to Krause’s research, Meta could be able to receive when a user selects text and takes a screenshot.

It also injects what’s called a “pcm script.” Meta told Krause the pcm script is used to help aggregate data like online purchases before it is used for targeted advertising and measurement and “helps Meta respect the user’s ATT opt out choice” in cases where the website has the Meta Pixel installed. Meta Spokesperson Andy Stone tweeted the same thing.

Later, Meta Spokesperson Alisha Swinteck said over email to Marketing Brew that “like many other tech companies, we’ve built security, integrity, and other features on our in-app browser that would not be as effective using the system browser.”

In-app browsers are “something those companies have built consciously, it’s not a nontrivial effort they put in to build that,” Krause told Marketing Brew. “If this is about respecting the user’s choice around ATT,” they could open the more privacy-conscious Safari browser, he explained. “There must be more to this story, but I don’t know what. We didn’t get a clear answer from Facebook.”

Even so, he said, “if there is a way to get additional data, companies are going to use it.”

Bad actors could take advantage of the access—they could insert their own ads or change content, like rewriting headlines in a news article, Krause noted.

While its ads position it as a company that’s pro-privacy and anti-tracking, creating an in-app browser isn’t currently against Apple’s own app-development guidelines. It only recommends that companies rely on Safari as an in-app browser. “Attempting to replicate the functionality of Safari in your app is unnecessary and discouraged,” its guidelines state.

DEJA UNA RESPUESTA

Por favor ingrese su comentario!
Por favor ingrese su nombre aquí

Get notified whenever we post something new!

spot_img

Migrate to the cloud

Make yourself future-proof by migrating your infrastructure and services to the cloud. Become resilient, efficient and distributed.

Continue reading

Google I/O 2024 Unveils the Future?

Google I/O 2024 was an impressive showcase of how Google continues to push the envelope with artificial intelligence. This year's event introduced significant advancements across multiple services and platforms, demonstrating Google's commitment to an AI-first future. Below, I try...

On-Premises vs. Cloud Security

As usual, we begin by championing cybersecurity. It stands as the foremost concern for organizations striving to safeguard their sensitive data and digital assets. Among the many strategies available, two dominant paradigms have emerged: on-premises security and cloud security....

Regulation Insights from Starlink’s in Zimbabwe

In recent times, the journey of Starlink, Elon Musk's ambitious satellite internet venture under SpaceX, has been marked by regulatory challenges, particularly in Zimbabwe. Meanwhile the Posts and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ) issued a directive instructing Starlink...

Enjoy exclusive discounts

Use the promo code SDBR002 to get amazing discounts to our software development services.