TikTok And Meta Can Track User’s Data Outside The Apps Without Their Permission, According to Research


Data privacy is basically a concern of every living being that is on the internet. The latest updates regarding the end of cookies, third-party data collection and GDPR regulations has brought even more visibility to privacy concerns.

Businesses need to be very careful when collecting users’ data — and we know that social media giants don’t always do an exemplary job in this department.

While recent research shows that TikTok can track every keystroke made by its users, recent analysis also found out that Facebook and Instagram can track user behavior on websites on iOS.

Both without their knowledge, of course. 

As privacy on these platforms is at risk, I invite you to take a closer look at these cases (and, of course, learn from them). Follow me.

TikTok can see everything you type (and more)

We can’t deny that TikTok is a success. The video platform made short videos a trend and quickly became one of the most used social media channels worldwide.

New trend, new privacy concerns. The app has its own built-in browser and here is the first issue pointed out by Felix Krause in a recent research about privacy, especially for iOS users. 

The article shows that when opening a link through the TikTok app, users do not have an option to open in the default browser, so they are “forced” to navigate inside the app. 

This can be a little annoying when we look at the user experience perspective, but there’s a long way to go towards privacy issues.

Besides having only the in-app browser, users might be getting their personal information captured by a Javascript code. According to Felix Krause, this code is able to detect every single tap the user gives on the screen, including the keyboard

So… yeah. This might mean that TikTok can have access to every keyboard input, such as passwords, credit card information, etc.

Krause stated that it is uncertain if the App really collects and somehow uses this information or just has the ability to track them.  

According to the New York Times, the Chinese company stated that “Contrary to the report’s claims, we do not collect keystroke or text inputs through this code”, justifying the feature to be used for “debugging, troubleshooting and performance monitoring.”

But that’s not all. Recent research led by Microsoft 365 Defender Research team shows that TikTok had a breach that was leading users to extremely vulnerable experiences. This issue could allow attackers to hijack a user’s account with literally a single click of a crafted link. 

Hijack according to the Cambridge Dictionary means “to force someone to give you control of a vehicle, aircraft, or ship that is in the middle of a trip.” In this case, the breach could be used to steal or “kidnap” one’s account with a single click. Then, attackers could have access to the in-app features of a user account, such as publishing videos, sending messages, interacting with other accounts and even changing personal information. The issue was more likely to happen with Android users.

Fortunately, TikTok has already fixed it and the Microsoft 365 Defender Research Team has not identified any major exploitation. So, it is strongly recommended that users keep their app up to date, using the latest version of it.

Instagram surfing TikTok’s wave… even on privacy issues

Meta (formerly Facebook Inc.) has not been left behind when it comes to privacy questions. Felix Krause found potential issues within Instagram, quite similar to what happened with TikTok.

Besides having an option to open links in the device default browser, Meta apps have their own browser, which is the first one to open the links inside the apps. Whenever you click on a link on Instagram, the app drives you to a page without having to open your smartphone browser. 

In this case, there is also a JavaScript code that is able to track user’s interactions on a third-party page, just like TikTok, but not so aggressively. This code is able to track the interaction between the user and any link, button, image or UI element. 

According to Krause: “Meta claimed they only inject the script to respect the user’s ATT choice, and additional ‘security and user features’.” 

In this Instagram case, the harm caused may be less catastrophic than the one mentioned about TikTok. In spite of that, it does not mean that we can feel 100% safe while navigating a web page inside the app, since data might have been collected without us being aware.

A lesson for Marketing professionals

The truth is, whether it is for Marketing, business or (hopefully not) just bad intentions, some  companies are still on a long path of learning when it comes to collecting information and data privacy. 

Data is an extremely relevant resource for business in current times. We already have important regulations about that, but there must be a limit and stronger surveillance on that. 

The constant evaluation of these strategies made by companies like Microsoft and Developers like Felix Krause play an important role in keeping the eyes of experts on topics that general users may not be aware of. 

And for us, marketers and brand owners that (one way or another) rely on social media partially or entirely in our Marketing strategies, I want to reinforce a tip here: there are other ways to collect valuable and consented information by getting first-party data. 

As you just read it, relying only on social media to capture your audience’s insights might be risky not only in legal terms but also in trust. 

Making surveys and engaging your audience through interactive experiences are some examples of how you can get amazing insights without having to worry too much about privacy concerns.

And, if you want to continue to be updated with Marketing Trends, I strongly suggest that you subscribe to The Beat, Rock Content’s interactive newsletter. There, you’ll find all the trends that matter in the Digital Marketing landscape. See you there!



Source link