This is why I always make sure I use the Safari web browser instead of using the in-app browser when I am interested. FaceBook app does that and it even automatically filled in which made me leery and question the approach. It's not ok. There is literally no justification for in-app browser other than to keep track of what users are doing with them.
There are serious problems with Apple's own Messages app. I am getting numerous messages from unknown source enticing I to click the links in the message. Obviously these messages are from criminals. I also receive many phones calls from Apple's own Phone app. They are obviously trying to commit fraud. Yet our FBI and FCC are doing nothing to stop or arrest these criminals. Domestic terroisim is more serious in US. Yet the government and congress is obsessed with the hatred toward China.
DBAD.
This isn't an issue with the iMessage App security. It is an issue with the user not understanding the app.
Your support of the largest authoritarian government in the world is well established, as is its control over China's population. Whatever issues the U.S. has with privacy pales in comparison to what citizens of the PRC endure.
That the U.S. has become "obsessed" with China started about the time Xi Jinping became Chairman of the Communist Party of China, and the PRC. There isn't anyone in the world that believes that China has become less authoritarian under Xi Jinping. Needless to state, the PRC telegraphs its intentions to challenge the existing rules of order every single day, rules which have served the Global community pretty well since the end of WWII, including the lifting of the people of China out of poverty. But it is China's growing militarism in the Indo-Pacific that is rallying Western democracies to counter, not Xi's internal rule and human rights violations.
There are serious problems with Apple's own Messages app. I am getting numerous messages from unknown source enticing I to click the links in the message. Obviously these messages are from criminals. I also receive many phones calls from Apple's own Phone app. They are obviously trying to commit fraud. Yet our FBI and FCC are doing nothing to stop or arrest these criminals. Domestic terroisim is more serious in US. Yet the government and congress is obsessed with the hatred toward China.
DBAD.
This isn't an issue with the iMessage App security. It is an issue with the user not understanding the app.
Your support of the largest authoritarian government in the world is well established, as is its control over China's population. Whatever issues the U.S. has with privacy pales in comparison to what citizens of the PRC endure.
That the U.S. has become "obsessed" with China started about the time Xi Jinping became Chairman of the Communist Party of China, and the PRC. There isn't anyone in the world that believes that China has become less authoritarian under Xi Jinping. Needless to state, the PRC telegraphs its intentions to challenge the existing rules of order every single day, rules which have served the Global community pretty well since the end of WWII, including the lifting of the people of China out of poverty. But it is China's growing militarism in the Indo-Pacific that is rallying Western democracies to counter, not Xi's internal rule and human rights violations.
Tomsguide method does not stop span texts on iPhone with message. It is an exaggeration.
This is why I always make sure I use the Safari web browser instead of using the in-app browser when I am interested. FaceBook app does that and it even automatically filled in which made me leery and question the approach. It's not ok. There is literally no justification for in-app browser other than to keep track of what users are doing with them.
While I largely agree, there is a user experience argument for using an in-app browser - on iOS the visual cues of switching to the different app have, to me, always felt jarring; The Icon Factory had an issue with Apple rejecting one of their app updates for this reason (they argued, in the end successfully, that sending the user to Safari was the correct process because of the security problems with in-app browsers).
It's the same logic as for the use of in-app payments; removing the friction of sending the user outside the app will result in increased sales.
TikTok's in-app browser injects JavaScript into external websites, allowing the app to monitor all input, including passwords and credit card numbers.
<snip>
"This was an active choice the company made," Krause told Forbes. "This is a non-trivial engineering task. This does not happen by mistake or randomly."
A TikTok spokesperson told Forbes that the code isn't malicious but instead is used for "debugging, troubleshooting, and performance monitoring."
Additionally, TikTok claimed that the JavaScript is part of a third-party software development kit but did not disclose who made it.
Krause could not say whether or not TikTok has been collecting data from users, merely that it can.
To avoid being monitored, Krause suggests opening links shared in TikTok -- and nearly every other service with an in-app browser -- with Safari.
Update
TikTok reached out to AppleInsider to provide the following statement.
"The report's conclusions about TikTok are incorrect and misleading. The researcher specifically says the JavaScript code does not mean our app is doing anything malicious, and admits they have no way to know what kind of data our in-app browser collects. Contrary to the report's claims, we do not collect keystroke or text inputs through this code, which is solely used for debugging, troubleshooting, and performance monitoring."
Or, as Bart Simpson put it: "I didn't do it, nobody saw me do it, you can't prove anything."
Someone is collecting the data. And that data must include text inputs for debugging/troubleshooting to be effective. Is TikTok relying on the developer of the SDK to handle the operational aspects of its app? Doubtful, therefore we can assume the data is going to TikTok.
It won't take much effort for an interested party to set up a local proxy and sift through the network traffic to identify the endpoints being referenced, at which point there will be proof.
From there, we have to trust that TikTok is being truthful when it claims that it isn't using some parts of the data. The company has already been caught out regarding access to the data of US-based users, so I remain skeptical.
It's no secret that TikTok monitors everything users do when using the app. What many people don't realize, though, is that TikTok's in-app browser actually injects JavaScript into external websites. This allows the app to monitor all input, including passwords and credit card numbers. While this may be a bit concerning, it's not all that unusual. Many apps and websites use similar techniques to track user activity. The difference with TikTok is that it's much more invasive than most other platforms. I've read that if you're concerned about your privacy, the best thing you can do is avoid using TikTok's in-app browser. Use a different browser on your phone or tablet, or even better, a desktop or laptop computer. This will help to protect your information from being tracked by TikTok.
Comments
This isn't an issue with the iMessage App security. It is an issue with the user not understanding the app.
https://www.tomsguide.com/how-to/how-to-stop-spam-texts-on-iphone-with-message-filtering
Your support of the largest authoritarian government in the world is well established, as is its control over China's population. Whatever issues the U.S. has with privacy pales in comparison to what citizens of the PRC endure.
That the U.S. has become "obsessed" with China started about the time Xi Jinping became Chairman of the Communist Party of China, and the PRC. There isn't anyone in the world that believes that China has become less authoritarian under Xi Jinping. Needless to state, the PRC telegraphs its intentions to challenge the existing rules of order every single day, rules which have served the Global community pretty well since the end of WWII, including the lifting of the people of China out of poverty. But it is China's growing militarism in the Indo-Pacific that is rallying Western democracies to counter, not Xi's internal rule and human rights violations.
It's the same logic as for the use of in-app payments; removing the friction of sending the user outside the app will result in increased sales.
But yeah, using Safari on iOS is my preference.
Someone is collecting the data. And that data must include text inputs for debugging/troubleshooting to be effective. Is TikTok relying on the developer of the SDK to handle the operational aspects of its app? Doubtful, therefore we can assume the data is going to TikTok.
It won't take much effort for an interested party to set up a local proxy and sift through the network traffic to identify the endpoints being referenced, at which point there will be proof.
From there, we have to trust that TikTok is being truthful when it claims that it isn't using some parts of the data. The company has already been caught out regarding access to the data of US-based users, so I remain skeptical.
Unity springs to mind.