How Tiktok, Facebook, Instagram and Co monitor our behavior on third party websites – and save our data.
If you click on a provider link, advertisement or news article in Tiktok or Instagram, the provider’s website will open. At first glance, it always seems to happen when a page on the Internet is called up. What most people don’t know: Many applications do not use the regular browser of the operating system at the moment, but the so-called “browser within the application”. The app provider can control their own browser – unlike a browser like Chrome, Firefox or Safari.
Control gives the provider a huge advantage: it can access any third-party website and user behavior. What is possible is also done. This is the conclusion reached by security expert Felix Krause. He was able to demonstrate on iOS devices how popular app providers add their own codes to external websites in order to access information.
Facebook and Instagram, for example, are concerned with which links users click and where they browse the Internet. Tiktok goes further. The Chinese IT group app also monitors the keyboard. If we enter a password or provide our credit card number when shopping online, Tiktok can intercept and save this information.
How do app providers react?
Using iOS apps, Felix Krause was able to show how app publishers can use the in-app browser to access sensitive data behind the backs of unsuspecting users. What happens to the information after that is unknown. Krause has not investigated whether this is also possible on Android devices. Tiktok writes that this information is only used to fix bugs. Instagram also rejects all claims.
As a user of these applications, you must assume that the application does everything that is technically possible.
How can I protect myself?
If possible, links should be opened in a normal browser. This works differently, depending on the smartphone model and the app. To choose how to open a link, you can press and hold the link on touch devices. This does not work for Instagram – this function appears to be deactivated. So you must first open the link in the browser within the app and then select the “Open in Browser” option in the menu.
Open Instagram links in your own browser
Tiktok makes it more difficult. There is usually no way to open links in your own browser. What’s left: Enter the site address in the external browser manually.
Legal consequences
Research conducted by security researcher Felix Krause may have legal consequences. There are two pending cases against Meta in the United States. According to TechCrunch, the Data Protection Commission in Ireland, the European headquarters of Meta and TikTok, also wants to take a closer look.
