Chinese Communist Party-backed social media platform TikTok inserted code into its app to allow for the tracking of users’ activity on external websites, including their keystrokes, according to a stunning new report.
The evidence – originally authored by software engineer Felix Krause who shared it with Forbes – also found that TikTok could capture a user’s credit card details, passwords, and other forms of personal information.
TikTok retains this tracking capability due to the way it codes websites launched by users on the in-app browser. When people click on TikTok ads or visit links affiliated with a creator’s profile, for example, the app uses its own in-app browser as opposed to traditional browsers such as Safari or Chrome.
Special lines of code enable TikTok to track this content, with Krause alleging “this was an active choice the company made.”
“This is a non-trivial engineering task. This does not happen by mistake or randomly.”
Krause is the founder of Fastlane, a service for testing and deploying apps, which Google acquired five years ago.
His report includes an analysis of seven popular iPhone apps that use in-app browsers: TikTok, Facebook, Facebook Messenger, Instagram, Snapchat, Amazon and Robinhood.
Of the seven apps Krause tested, TikTok was the sole app with code allowing it to monitor keystrokes and appeared to be monitoring user activity considerably more than its counterparts. By tracking keystrokes, the app could potentially gather sensitive information related to someone’s bank accounts, finances, identity, or passwords.
The report follows continued controversy over the app and its ties to the Chinese Communist Party, with fears about the regime using the app to covertly promote propaganda or specific agendas prompting a federal government-led effort to ban it.
TikTok’s parent company ByteDance employs former Chinese Communist Party officials, including individuals with military ties, to executive roles and grants party members preferential treatment in hiring processes. Its founder has also pledged to use ByteDance to “promote socialist core values” and devotion to the Chinese Communist Party, which recently acquired an official stake in the company.