Last week, Meta was found to have bypassed Apple's anti-ad tracking system by using the web browser built into the Facebook and Instagram apps. Meta injects Javascript scripts into the built-in web browser code when a user clicks on a link in the app to see the user's purchasing and advertising habits.
Recently the same security researcher, Felix Krause, has found the same thing in the TikTok app. According to him, the web browser built into the TikTok application can track any input that users press on the keyboard such as text, numbers, passwords, credit card details and more.
TikTok gave a statement to Forbes about this, where they admitted that this Javascript code exists. But it is only for application performance monitoring, identifying problems and ensuring users have a smooth usage experience. They don't use it to track user activity like Meta does.
According to Felix Krause if the user feels apprehensive and insecure, the user is encouraged to use the default web browser on the device which can only be done through the application settings. He also developed a special tool for users to check if the web browser built into the application is tracking or not by entering the URL address of InAppBrowser.com into the web browser.