social networks Facebook, Instagram and TikTok may be using the web browser built into iOS apps to monitor user actions such as page clicks, password entry or image viewing.
This information was revealed by investigator Felix Krause, which had already left the alert that the applications of the social networks Facebook and Instagram, for the iOS operating system, contained a JavaScript code inserted into the internet browser integrated into the application. This allows the companies responsible for the applications to monitor all user interactions in navigation based on clicks on addresses present on social networks. And this same system was also found in the TikTok iOS application.
In practical terms, Meta or ByteDance can monitor user actions on external websites, including entering passwords, filling in fields with credit card numbers, registering internet addresses or any other interaction through taps. on the keyboard, without asking the user for consent.
BUT: Academic defends responsible use of social networks in time of General Elections
According to the specialist, this only happens in applications for iOS because the applications use an internal browser so that the user can navigate directly from the links where he clicks. And these overlap with the default browser that the user chooses on the device, in this case Safari, since the browser opens directly in the application.
These browsers inject JavaScript codes into all websites browsed by the user, including ad taps. Despite the monitoring potential, companies assume the use of JavaScript not to access sensitive data, but to aggregate data with the effect of personalized advertising, while respecting the privacy preferences of users, Meta previously mentioned.
In the case of TikTok now presented, the researcher says that the social network application is the only one, of those he analyzed, that does not offer an option to open the addresses in the equipment's default browser, forcing the user to navigate through the application.
In statements to Forbes, TikTok confirms that the tracking features exist in the Java code, but that it does not use them. It states that like other platforms, it uses the internal browser to offer a better user experience, but the mentioned JavaScript code is only used for debugging purposes, looking for problems and performance monitoring, such as checking how fast a page opens or if it locks.
The researcher points out that applications such as Snapchat or Robinhood do not modify the pages or collect metadata from the websites opened by the user. Still, he adds that companies have ways to hide JavaScript activity in their applications, which could in theory mean doing more background monitoring.
To help users detect whether the apps they use hide JavaScript commands, Felix Krause shared the tool he uses called InAppBrowser, which users of iOS systems can test.
