TWEETSTORM is an occasional feature on decentralize.today where we share threads , mostly from Twitter, that we think deserve a wider audience, some are informative, some educational, some amusing and others yet are controversial...we dig these out for you so you don't have to!
Today's is short but shocking!
TikTok, when opening any website in their app, injects tracking code that can monitor all keystrokes, including passwords, and all taps.
When opening a website from within the TikTok iOS app, they inject code that can observe every keyboard input (which may include credit card details, passwords or other sensitive information) TikTok also has code to observe all taps, like clicking on any buttons or links.
Apps that use the recommended SFSafariViewController approach, don’t have any of those problems. Even with the WKContentWorld system, there is no way the iOS app can inject JS code into external websites, making it the safest choice for the user.
FAQ for non-tech readers
Wow, what an honour to have my work featured on @forbes Including statements by TikTok confirming the code I found exists and does what I expected.
This is some truly scary people...GET OUT AND GET OUT NOW!!!