TikTok’s In-App Browser tracks what you do on other sites. Do other apps do the same?
In 2021, TikTok passed 1 billion users, and it continues to grow and amass more users, firmly establishing itself as a major player in the social media game – and quite possibly, claiming to be the app of most popular social media.
But TikTok’s privacy issues are almost as concerning as its growth is impressive. The company has been repeatedly accused of aggressive data harvesting, and since TikTok admitted that data from outside China is accessible from China, and likely also available by the authoritarian Chinese government, it’s obviously cause for concern. Robert Potter, the author of a report on TikTok, found that despite what TikTok claims, the app grants Chinese authorities access to its device data when it connects to Chinese servers. It’s unclear exactly what data is being shared, but that may just be the tip of the iceberg.
According to a study published by Felix Krause, a Vienna-based computer scientist, TikTok also employs a dubious practice. When you access a website through a link in the TikTok app, the app inserts a code that allows TikTok to track what you do on those other websites; it can do things like monitor your keystrokes and what you click on.
Krause also looked at other apps, including Facebook, Facebook Messenger, Instagram, Snapchat, Amazon and Robinhood – of these, TikTok is the only one to use this practice. So when it comes to apps that threaten user privacy, TikTok seems to be ahead of the pack, not least because it’s not something that can happen by accident.
“It was an active choice that the company made,” Krause told Forbes, which first reported the results. “This is a non-trivial engineering task. This does not happen by mistake or by chance. Krause is the founder of app testing company Fastlane, which Google acquired five years ago.
TikTok denied the claims, saying the code is only used for “debugging”, but since it was the only major app that uses this approach, the rejection seemed unconvincing.
“Contrary to the report’s claims, we do not collect typing or text input through this code, which is only used for debugging, troubleshooting, and performance monitoring,” the company said in its statement.
Apps, and social media apps in particular, are becoming a hot spot for privacy issues because so many people use them. Facebook has 3 billion users, TikTok more than a billion and WhatsApp 2 billion. While there’s certainly a lot of overlap between users of social media apps, we’re talking about billions of users who may be exposed to breaches, data leaks, or just data that the apps themselves collect and transmit to other parties.
For example, Instagram, Facebook, TikTok, and other social media services may keep track of your location. You can revoke this permission on most devices, but the vast majority of people don’t. Of course, that doesn’t really mean that Facebook considers your every move a stalker, but they can use that kind of data to advertise and show suggestions and things like that. But the problem is that they still store a lot of user data, and the data can be leaked.
In 2021, for example, a user of a hacking forum published the phone numbers and personal data of hundreds of millions of Facebook users. This includes phone numbers, Facebook IDs, full names, locations, birth dates, biographies, and in some cases email addresses. Insider reporters have confirmed the validity of several of these entries, and it appears the leak is real and not made up. Facebook said the leak was due to a vulnerability patched in 2019.
Of course, apps also collect much finer information. Their overall goal is to create a digital persona based on the information they collect from your devices, so they can anticipate the type of recommendation or ad you’re most likely to like and make that recommendation. . There are positive aspects to this, such as when an app recommends a nearby restaurant that you actually like; but there are also obvious problems.
Leaks are one such problem, but even if data is kept safe (which is a big “if”), offering companies so much information about billions of people has profound implications for our society. This kind of data could be used to suppress dissent, or influence voters, or impair human rights – many of these issues are already active.
As the internet has become a mainstay of our civilization and smart devices are virtually ubiquitous, protecting your privacy and anonymity is increasingly difficult. But there are a few best practices you can put into place.
For example, you can use a VPN for your laptop or smartphone, and you should always check which permissions you grant to which apps. Using an alternate email for social media apps (or apps in general) can also be a good idea, as can using encrypted email services just to communicate with your friends.