Keylogging Controversy Brings TikTok Back Under US Government Scrutiny
Image from Shutterstock

Keylogging Controversy Brings TikTok Back Under US Government Scrutiny

TikTok, the social app that’s so popular that some are using it as a search engine at this point, remains as vital destination as ever for Pink Sauce connoisseurs. Still, the company’s PR headaches continued this week.

Independent research performed by developer Felix Krause found code injected by the social network’s operating system enabling it to monitor all keyboard inputs and tags, even without hitting “submit,” a process known as “keylogging.”

As Krause explained on his blog, this could potentially include recording sensitive information such as passwords and credit card numbers. And because TikTok comes with an internal browser, this functionally gives the app the ability to monitor its users as they browse around third-party websites and services.

TikTok’s certainly not alone in checking out all of your data as you type. A previous post by Krause focused on tracking code within Meta’s Facebook and Instagram iOS apps, allowing them to potentially follow users within in-app browsers as well. A recent survey of the top 100,000 most popular websites found that 1,844 logged an EU user’s email address without their consent, and 2,950 recorded a U.S. user’s email data in some form. The keylogging protocol has also been used as a way for employers to monitor the activity of remote employees.

Though it certainly sounds sinister, keylogging is not necessary by definition malicious. TikTok claims that the code in question is used for “debugging, troubleshooting, and performance monitoring,” and in a statement, a representative denied that the company even collects specific keystroke or text input data. (The company also pointed out similar code in GitHub that’s used for an alternative purpose than keylogging, as a third party example.)

Still, the very mention of privacy concerns and TikTok in the same sentence is enough to raise some eyebrows in the U.S., where the app–which is owned by the Chinese parent company ByteDance–has always operated under a dark cloud of suspicion. Allegations in 2019 that the app was hoovering up data from underage users and censoring content on behalf of China’s ruling Communist Party led to calls for investigations from high-profile politicians. In December of that year, just as TikTok was taking over as the world’s most downloaded app, the U.S. Department of Defense was recommending that all military personnel delete it from their phones.

In 2020, President Trump signed a series of executive orders banning U.S. companies from doing business with TikTok (as well as the Chinese-owned WeChat app). These orders were later reversed by the Biden administration, which nonetheless urged Americans handling sensitive information to consider the apps a “heightened risk.”

The House of Representatives’ Chief Administrative Officer (CAO) echoed these concerns just this week following the keylogging report, issuing a “cyber advisory” about security on TikTok, noting that, despite its Culver City headquarters, it’s still “a Chinese-owned company.”

So even a U.S. government that was initially inclined to be more TikTok friendly may be having second thoughts.

LA Tech Week: How These Six Greentech Startups Are Tackling Major Climate Issues
Samson Amore

At Lowercarbon Capital’s LA Tech Week event Thursday, the synergy between the region’s aerospace industry and greentech startups was clear.

The event sponsored by Lowercarbon, Climate Draft (and the defunct Silicon Valley Bank’s Climate Technology & Sustainability team) brought together a handful of local startups in Hawthorne not far from LAX, and many of the companies shared DNA with arguably the region’s most famous tech resident: SpaceX.

Read moreShow less
Samson Amore

Samson Amore is a reporter for dot.LA. He holds a degree in journalism from Emerson College. Send tips or pitches to and find him on Twitter @Samsonamore.
Here's How To Get a Digital License Plate In California

Thanks to a new bill passed on October 5, California drivers now have the choice to chuck their traditional metal license plates and replace them with digital ones.

The plates are referred to as “Rplate” and were developed by Sacramento-based Reviver. A news release on Reviver’s website that accompanied the bill’s passage states that there are “two device options enabling vehicle owners to connect their vehicle with a suite of services including in-app registration renewal, visual personalization, vehicle location services and security features such as easily reporting a vehicle as stolen.”

Read moreShow less
Steve Huff
Steve Huff is an Editor and Reporter at dot.LA. Steve was previously managing editor for The Metaverse Post and before that deputy digital editor for Maxim magazine. He has written for Inside Hook, Observer and New York Mag. Steve is the author of two official tie-ins books for AMC’s hit “Breaking Bad” prequel, “Better Call Saul.” He’s also a classically-trained tenor and has performed with opera companies and orchestras all over the Eastern U.S. He lives in the greater Boston metro area with his wife, educator Dr. Dana Huff.