TikTok, Meta can see user behavior on in-app browsers, according to research

Next time you click on someone’s “link in bio,” you might be unsuspectingly granting more access to your data than previously understood.

Instagram, Facebook, and TikTok have the ability to track interactions like searches, clicks, screenshots, and “form inputs” (like passwords and credit card numbers) within what’s called an in-app browser, according to tech researcher Felix Krause.

In research published last week on his blog, Krause was able to show that Meta appears to have access to all sorts of data when users open Instagram’s in-app browser—without allowing users a way to opt-out. That’s notable because Apple’s currently engaged in a full-court press against tracking that’s made it harder for marketers to measure conversions on apps like Instagram and Facebook. (Krause works part-time for Google as a consultant.)

He followed up that research this week, finding that TikTok’s in-app browser appears to have the ability to monitor “all keyboard inputs” including “every tap on any button, link, image, or other component rendered”  on the in-app browser. TikTok confirmed to Forbes that “those features exist in the code,” but said that it is not using them.