PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

TikTok's iOS In-App Browser Monitors All Keyboard Input and Screen Taps

What TikTok does is 'the equivalent of installing a keylogger,' according to security researcher Felix Krause.

Matthew Humphries
 & Matthew Humphries Former Senior Editor

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS

A security researcher has discovered TikTok's in-app browser monitors all keyboard input and screen taps every time it's used to open a link.

As MacRumors reports, the discovery was made by researcher Felix Krause who summarized the functionality as being "the equivalent of installing a keylogger." Any external link opened from within the iOS app will trigger TikTok to monitor all keyboard entries and taps on the screen as you browse.

In response to this revelation, a TikTok spokesperson denied the claims being made:

"The report's conclusions about TikTok are incorrect and misleading. The researcher specifically says the JavaScript code does not mean our app is doing anything malicious, and admits they have no way to know what kind of data our in-app browser collects. Contrary to the report's claims, we do not collect keystroke or text inputs through this code, which is solely used for debugging, troubleshooting, and performance monitoring."

TikTok also points to a CNN interview from July with Michael Beckerman, VP, Head of Public Policy, Americas at TikTok denying keylogging is used by TikTok.

Recommended by Our Editors

The Best Weather Apps for 2026
The Best Weather Apps for 2026
Airbnb Goes Beyond Homes With Hotels, Airport Rides, Grocery Deliveries, More
Airbnb Goes Beyond Homes With Hotels, Airport Rides, Grocery Deliveries, More
WhatsApp Plus Subscription Is Reportedly Rolling Out to Select iOS Users
WhatsApp Plus Subscription Is Reportedly Rolling Out to Select iOS Users

Krause readily admits that "just because an app injects JavaScript into external websites, doesn’t mean the app is doing anything malicious." In other words, only TikTok knows what data is being collected, transferred, and used, and based on what TikTok is saying, it's limited to ensuring the app is running bug-free.

If this all sounds very familiar, it's because Krause recently discovered that the Facebook and Instagram apps are doing the same thing. In response, Krause created InAppBrowser.com which can be launched from within an app you want to analyze. It produces a report explaining which JavaScript commands get executed. It's open source and Krause hopes the community will continue to improve it over time.

Interestingly, of all the apps analyzed by Krause so far, TikTok is the only one that doesn't have an option to open links using a device's default browser. However, according to a TikTok spokesperson, to use a browser outside the app would be a "suboptimal / clunky experience" and wouldn't allow the company to ensure a secure user experience.

Editors' Note: This story was upated with comment from TikTok.

About Our Expert

Matthew Humphries

Matthew Humphries

Former Senior Editor

My Experience

I started working at PCMag in November 2016, covering all areas of technology and video game news. Before that I spent nearly 15 years working at Geek.com as a writer and editor. I also spent the first six years after leaving university as a professional game designer working with Disney, Games Workshop, 20th Century Fox, and Vivendi.

I hold two degrees: a Bachelor's degree in Computer Science and a Master's degree in Games Development. My first book, Make Your Own Pixel Art, is available from all good book shops.

My Areas of Expertise

  • PC components and system building
  • Raspberry Pi
  • Software development
  • Storage technology
  • Video games and gaming hardware

Read the latest from Matthew Humphries

Read full bio