TikTok is one of many apps that use a built-in browser that allows access to external links to third-party websites without leaving the app (Image: Reuters)

According to security researchers, TikTok can track every keystroke you make while using the app’s browser.

Software engineer Felix Krause recently discovered that TikTok’s in-app browser can inject JavaScript code into external websites and track everything you search for and type, including sensitive information like passwords and bank details.

TikTok is one of many apps that use a built-in browser that allows you to access external links to third-party websites without leaving the app.

When you open a website from the TikTok iOS app, you insert code that can monitor all keyboard input, which can include credit card details, passwords and other sensitive information, Krause said in a Twitter thread.

“TikTok also has code that tracks all touches, including button and link clicks.”

Dark web, darknet, hacking concept. Hacker with mobile phone. A man using the dark web on his smartphone. Mobile phone fraud, online fraud, cyber security threats. Scammer with stolen cell phone. AR data code.

Security researchers say TikTok can track every keystroke you make while using the app’s browser (Image: Getty Images/iStockphoto)

Krause explained that it was unclear what TikTok would do with this data collection, but technically speaking, he believed it was the same as “installing a keylogger on a third-party website.”

A keylogger is a type of surveillance software commonly used by hackers to collect the keystrokes you type for sensitive information, so it’s not something you need on your device.

The company has since responded on social media that the report is “false” and “inaccurate.”

The official TikTok account said: “Contrary to claims, we do not collect any keystrokes or text input through this code and it is used only for debugging, troubleshooting and performance monitoring.

some iOS developers I have it “TikTok does not need to ‘debug’, ‘troubleshoot’ or ‘monitor’ third-party websites”

Other developers disagree with TikTok’s use of monitoring code as not necessarily malicious.

TikTok isn’t the only app that uses its own browser. Other social media apps like Instagram, Messenger, and Facebook also use it to manipulate and extract data to some extent.

Whether TikTok actually monitors passwords is debatable, but we recommend avoiding the in-app browser if possible.

When you try to open a link from your app, make sure you open the link in your default browser. However, TikTok remains the only app that doesn’t offer this option, so its intentions seem especially suspicious.

Chinese video-sharing apps are still unfreezing with US regulators. In June, US telecommunications regulators asked Apple and Google to ban the app on “national security” grounds.