TikTok, Meta can track user data on in-app browsers, research shows

Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.

TikTok, Meta user data tracking research overview: 

• Who: Tech researcher Felix Krause has published research on TikTok and Meta’s ability to track users of their in-app browsers. 
• Why: Krause asserts TikTok and Meta are able to track web interactions such as credit card and password inputs, searches, screenshots, and clicks, among other things. 
• Where: TikTok and Meta are used nationwide.   

Facebook, Meta, TikTok, and Instagram are able to track web interactions such as password and credit card inputs, screenshots, searches, and clicks, when a user is in an in-app browser, new research shows. 

Tech researcher and part-time Google consultant Felix Krause has shown in research published in a blog post last week Meta has the ability to access a variety of data when one of its users opens the in-app browser for Instagram.

Instagram, Krause asserts, is able to render links made to external websites inside of its browser, rather than Safari, which is built in. 

“This allows Instagram to monitor everything happening on external websites, without the consent from the user, nor the website provider,” Krause says. 

Krause claims Instagram puts its JavaScript code into each website that is shown, as well as when an advertisement is clicked on. 

“Even though the injected script doesn’t currently do this, running custom scripts on third party websites allows them to monitor all user interactions, like every button & link tapped, text selections, screenshots, as well as any form inputs, like passwords, addresses and credit card numbers,” Krause writes. 

TikTok’s in-app browser purported to be able to track keyboard inputs 

Krause followed up with another blog posted this week with research purporting to show TikTok’s in-app browser also is able to track any keyboard inputs, including “every tap on any button, link, image, or other component rendered.” 

The ability to engage in cross-host tracking is a big deal, Krause writes, because it can take away from a user’s ability to control being able to give permission for their data to be tracked across third-party apps. 

Apple, Google, and Firefox are all working to prevent cross-host tracking, according to Krause.

“With web browsers and iOS adding more and more privacy controls into the user’s hands, it becomes clear why Instagram is interested in monitoring all web traffic of external websites,” Krause writes. 

TikTok wrote a letter to nine Republican senators in July in order to address privacy concerns following a BuzzFeed article that reported their China-based employees had access to the data of users from the U.S. 

Meta, meanwhile, agreed to pay $90 million earlier this month in order to resolve claims that unlawfully tracked its users while they were on non-Facebook websites. 

Are you concerned that TikTok and Meta can track your data while using their in-app browsers? Let us know in the comments! 

Read About More Class Action Lawsuits & Class Action Settlements:

• Anti-abortion group reportedly collects data from pro-life pregnancy resource centers
• $92M TikTok settlement over biometric privacy receives final approval
• GameStop class action claims company shares customer data with Facebook
• ID.me lawsuit claims company violates data storage requirements