ST. LOUIS, Missouri — If you click on an ad or a link to another website from inside the TikTok app on your smartphone, you could potentially be exposing your private, sensitive information to a form of surveillance often used by malicious hackers, according to new research from a technology expert.
Tech developer Felix Krause published new research last week showing how one of the world's most popular social media platforms has the ability to deploy an in-app keystroke logger, the same kind of devastating tool hackers often use to glean passwords, credit card information, or other sensitive information.
At that point, the Austrian-based tech engineer warns TikTok users the Chinese company could see each and every letter you type on your keyboard.
"They would also have tracking codes that could potentially track the activity of users on external websites," Felix Krause said during a Sunday afternoon interview with 5 On Your Side.
"That piece of software is always used when you click on the link inside the TikTok app," Krause said. "Once you're inside your browser, Safari, Firefox, then you're on the safe side."
TikTok told the New York Times the research was "incorrect and misleading" saying "we do not collect keystroke or text inputs through this code," so Krause responded by posting the evidence and code online for everyone to see. His new findings have added fuel to the skeptical fires of Western scrutiny toward the Chinese tech company.
Krause designed a series of fake websites to track information in and out of TikTok and found evidence TikTok could log your keystrokes once you click on a link inside the in-app browser.
"It was kind of like traps I set up, and I would see if somebody calls those traps," he explained. "Those traps were JavaScript functions, and JavaScript is the language that's being used by websites on the front end.
"I just saw if there's like any activity happening that shouldn't be happening and turns out, it was," he said.
Cyber security experts have long warned about the invasive ways TikTok spies on users: from saving images stored on your photo album to tracking your location or copying information saved to your clipboard.
The Pentagon already bans American soldiers from using TikTok.
The U.S. House just strongly discouraged members of Congress from using the app for the aggressive way it spies on users.
"People should be in control of what data they share," Krause said.
Senators Mark Warner (D-Virginia) and Marco Rubio (R-Florida), top members of the Senate Intelligence Committee, urged the Federal Trade Commission last month to investigate TikTok for "improper access."
In June, a top commissioner at the Federal Communications Commission pressed Google and Apple to remove TikTok from its app stores.
"The main change I believe will happen, at least on the Apple side of things, is that Apple will be way stricter about those things," Krause said. "Apple actually cares about the privacy of their users."
Krause recently published a different study that found Meta, the parent company of Facebook and Instagram, has a similar feature, but he says those apps make it much easier for users to leave their in-app browser and surf the web more safely.
If you use TikTok, Instagram, or Facebook to access another website, that's where Krause warns your data could become more vulnerable.
If you see something irresistible and want to learn more, he suggests you should leave the app, go search for it in a separate, safe browser, and don't click on the link from inside the app.