Facebook, TikTok, and Instagram Caught Monitoring Users Private Keystrokes: “We Can See Your Passwords”

Fact checked
Facebook, TikTok and Instagram caught monitoring users' private keystrokes

Facebook, TikTok and Instagram are able to spy on users’ personal information when it is entered into the in-app browser, a new investigation has discovered.

Felix Krause, a software engineer and security researcher looked into the coding built into Tiktok, the Communist Chinese produced app’s infrastructure, which led to his disturbing revelation.

Users who click on links within Tiktok are led to a native in-app browser produced by Tiktok.

Nationalfile.com reports: The JavaScript code in Tiktok’s in-app browser can allow the company to monitor every keystroke. This means the social media company could access every action taken on the screen, even passwords or credit card information.

Krause explained that while Tiktok allegedly does not have the feature enabled at this moment, the infrastructure is in place. “Installing a keylogger is obviously a huge thing… according to TikTok it’s disabled at the moment. The problem is they do have the infrastructure and the systems in place to be able to track all these keystrokes… that on its own is a huge problem.”

A Tiktok spokesman claimed the code is in place for “debugging, troubleshooting, and performance monitoring” purposes. “We do not collect keystroke or text inputs through this code, which is solely used for debugging, troubleshooting, and performance monitoring.”

After looking into the coding of Instagram, Krause came to a similar conclusion. According to Krause, Instagram’s infrastructure is also able to log phone taps and clicks on images.

When Instagram users click on links in the app they are brought to an in-app browser that could track sensitive and personal information entered by the user. Meta operates in a likewise manner, with their in-app browser.

A Meta spokesperson refuted that any private information was being harvested: “We use in-app browsers to enable safe, convenient, and reliable experiences, such as making sure auto-fill populates properly or preventing people from being redirected to malicious sites. Adding any of these kinds of features requires additional code. We have carefully designed these experiences to respect users’ privacy choices, including how data may be used for ads.”