A California resident has sued social app TikTok for allegedly logging keystrokes of iPhone owners who visit outside websites through TikTok's in-app browser.
“Through the use of its in-app browser, TikTok has secretly amassed massive amounts of highly invasive information and data about its users by tracking their activities on third-party websites,” Austin Recht alleges in a class-action complaint filed late last week in the U.S. District Court for the Central District of California.
“While a user is interacting with the third-party website via the TikTok app, TikTok subscribes to all keyboard inputs -- the equivalent of installing a keylogger,” the complaint alleges. “It also records every tap on any button, link, image or other website element and logs details about what that element is.”
The lawsuit, like a similar one against Meta Platforms, relies on research by security researcher Felix Krause, who reported in August that TikTok's in-app browser contains Javascript code that can track people's keystrokes on outside websites.
“When you open any link on the TikTok iOS app, it’s opened inside their in-app browser,” Krause wrote. “While you are interacting with the website, TikTok subscribes to all keyboard inputs (including passwords, credit card information, etc.) and every tap on the screen, like which buttons and links you click.”
A TikTok spokesperson told Forbes at the time that TikTok didn't track users through the in-app browser, adding that the Javascript code flagged by Krause is only used for “debugging, troubleshooting and performance monitoring.”
Recht alleges that he downloaded TikTok in 2019, and subsequently clicked on external websites and made purchases.
TikTok “surreptitiously collected data associated with plaintiff’s use of third-party websites without his knowledge or consent, including his contact and credit card information,” the complaint alleges.
He claims that TikTok is violating the federal and California wiretap laws, among other laws.
The lawsuit comes as TikTok faces increasing scrutiny over its data practices.
Federal Communications Commissioner Brendan Carr has condemned the company, arguing that it should be banned from operating in the U.S.
In addition, Senators Mark Warner (D-Virginia) and Marco Rubio (R-Florida) recently urged the Federal Trade Commission to investigate TikTok over reports that employees in China accessed data about U.S. users of the service.
Advocacy group Public Citizen separately encouraged the FTC to investigate TikTok, in response to a Forbes report that said the tech company planned to use the app to track locations of at least two U.S. citizens.