Comment by paxys
4 years ago
They do a lot more than that.
> TikTok iOS subscribes to every tap on any button, link, image or other component on websites rendered inside the TikTok app.
> TikTok iOS uses a JavaScript function to get details about the element the user clicked on, like an image (document.elementFromPoint)
And that's just a sample of the calls the author was able to find.
This seems perfectly reasonable btw. The extension to the in-app browser existing and logging non-tiktok browsing is troublesome.
Perhaps Apple should ban in-app browsers? But what about Safari? Apple itself collects and benefits from Safari data for its ad product
If I build an analytics company and build a product that my customers can use to "analyze" their users activity it'd almost be a total neglect on my end not to include common tracking mechanisms that are well documented like simple event hooks in js. I really don't get the rage against tiktok.
What they do that is publicly known is not bad. Maybe there is something bad they're doing but these random HN top stories are not it. If NSA/US govt really wants us to avoid tiktok it needs better convincing than "omg they're stealing the x,y of your finger when you tap on an image."
You're writing as if this is just analytics tracking a user's actions in their own UI. It's not! This is tracking actions users take, and data users enter, on 3rd-party websites.
That is not "what happens in Tiktok's app," as you put it in your reply. It may be hosted "in" the app in a technical sense, but the typical user who is fullscreen viewing a totally different website may not feel like they are "in" the app at all. I wouldn't bet that most users even get that there's a distinction between an in-app browser vs. opening a tab in the main OS browser (on Android at least, the back gesture takes you back to the app either way). Users almost certainly doesn't expect the original app to be able to read passwords and other text that they type on those 3rd-party sites.
And how do we know Instagram and yelp are not doing something similar? If you have in app browser you can track user activity much more invasively. That’s not an argument against tiktok, that’s an argument against in app browsers. If you’re so concerned with user privacy ask Apple to remove that functionality from all apps instead of slyfully picking and choosing the apps to attack.
1 reply →
If you sold a phone that sent call details back to the manufacturer you’d likely get locked up.
Tik tok are not a party to these communications, and they’re not a carrier or service provider. What they’re doing is wire tapping.
TikTok is not a browser and has zero obligation to provide private communications. What you do inside TikTok's app is quite literally TikTok's business.
7 replies →
What happens in tiktok app is very much tiktok's business and their IP.
Are you possibly conflating tiktok tracking its own users within its app with somehow it gaining access to the OS itself and tracking users at that level? That is clearly not happening as far as what is publicly known as much as stories like this want you to believe for it to be the case.
5 replies →