Thanks to a simple computer code, these applications can have control of sensitive data, such as passwords, personal information or even banking information.
Applications like TikTok, Instagram or even Facebook divert an amount of data that is sometimes unimaginable for the simple user. Engineer Felix Krause, who had researched these practices in Meta, described a similar process in the Chinese app TikTok, in a blog post published on August 18.
When a user clicks a link on TikTok, the app will send the request to a “home” browser, other than Google Chrome or Safari, for example. There, the application will inject a computer code to collect information related to the user.
This process is carried out by means of a “pixel”, a computer code that digital platforms regularly use to “identify the preferences of users”, that is, to track all their movements. It is also used by Meta social networks.
All saved searches
As soon as the user uses this system, all his searches will be registered, through the actions carried out on the keyboard. The application will then be able to collect the searches carried out, but not only: passwords, credit card code or any other sensitive data.
For example, it is possible to see creators or even artists on TikTok, who offer the link of their online store in their profile. As soon as a user clicks on this link, they are redirected, via the app’s “home” browser, to this store’s website. There, the articles that the user will consult, the purchases that he may eventually make can be registered by the application.
The vice does not end there: TikTok also has a code to record other user actions, such as clicking on a link, using the “Like” buttons, sharing posts, etc.
The same in Meta
Engineer Felix Krause had already denounced a similar process on Meta’s social networks. On Instagram, or Facebook, same story: the code injected by the application leaves no room for user discretion.
It should be noted, however, that TikTok offers to search in another browser, such as Safari from the iOS app, as identified by a user.
An alternative that seems preferable, in a context where the Chinese app is regularly scrutinized for its links to the Chinese Communist Party, to which it is suspected of sending the user data it collects.
If the app has regularly defended itself against such practices, its parent company has loose ties to the government of the day.
However, the engineer points out that despite the presence of these codes, it is impossible to know the real scope of the data collection, nor the use made of them.
“Just because an application injects code into external websites does not mean that it is engaging in malicious practices. There is no way for us to know the full details of these collections, or how data is transferred and used. This post is simply intended to show how this process works, and to detail the effects it could have”, says the engineer.
Other practices are safer
On the other hand, however, Krause highlights more “secure” apps, which do not maintain these privacy-sensitive practices for users. This is particularly the case with Twitter, YouTube or Telegram, for example.
In this list, apps attached to the expression “Default Browser” will switch the user to their default browser. These are iOS apps, so they can only be used on Apple products. Applications followed by the expression “SFSafariViewController” switch to Safari, Apple’s browser.
#Comment #TikTok #Facebook #Instagram #vous #traquent #lorsque #vous #cliquez #sur #des #liens