Tiktok, Instagram, Facebook: their built-in browsers on mobile can monitor all your web activity
[EN VIDÉO] 3 unusual ways to store digital data To store files, music or videos, most of us use DVD or hard drive. But researchers have developed sometimes surprising alternative methods.
The browsers integrated into apps from some social networks can log all of your activity, including typed text, according to cybersecurity researcher Felix Kraus. It is in any case true iOSbut it did not scan Android versions of apps.
Users of TikTokInstagram, Facebook and Messenger are all exposed to surveillance when they open a link in these applications without going through an external browser. Each has its own built-in browser, which injects JavaScript code into viewed pages without the consent of either the user or the website.
A browser that behaves like a keylogger
Although it cannot say what data is actually collected, the JavaScript code contains all the functions necessary to record all interactions with the pages consulted, including the text entered (passwords, credit card numbers, etc.) , open links and even screenshots. It is the very principle of a keylogger.
Meta, Facebook parent companyas well as TikTok both replied that the code in question did not record any personal data. In the case of Meta, it would primarily serve to allow not to be tracked by Meta pixel (equivalent to Google Analytics) when the user objects. On his side, TikTok indicated that his code is used for diagnostic and performance monitoring, such as page load times. However, it is difficult to imagine that these companies would ignore data collection when the code already contains all the necessary functions. In any case, there is a simple solution to avoid any surveillance risk. Always opt to open links in the default browser of the mobileand not in that of the application.
Subscribe to the newsletter the daily : our latest news of the day. All our newsletters
