Unpacking TikTok's Data Tracking Controversy

Subscribe to HubSpot's Website Blog
Madhu Murali
Madhu Murali



TikTok is the latest social media app to take the world by storm and is changing social media marketing. But if you’ve followed the news, you’ll know that TikTok has also made headlines for the type of data it allegedly collects, such as keystrokes & keyboard monitoring.

Woman reading about TikTok's keystroke & keyboard monitoring controversy and deciding whether or not to delete the app

Click Here to Subscribe to HubSpot's Website Blog

With another bill being introduced in Congress to potentially ban TikTok, it’s an excellent time to examine one reason why the app has been seen as controversial and what web builders can take away from this situation.

What TikTok Is Reportedly Tracking

TikTok and Meta-owned social media companies (Instagram, Facebook, Messenger) were caught using a new data tracking strategy in late 2022.

If you’re using an app like Instagram or TikTok, and you click on a link within the app, this will either open up an in-application web browser or prompt you to open the link in your default browser. Apps can potentially use these in-app browsers to get more access to your data.

In August, a developer named Felix Krause created a tool - https://inappbrowser.com/ - which allows you to see if any extra JavaScript commands are injected into an in-app browser. If you want to try it out yourself, all you need to do is share the URL somewhere within the app and then open it. Here’s an example of what the tool’s results look like on Snapchat.

Krause used this tool to look at what several popular social media apps were tracking on mobile devices. Here’s what his results found

Image Source

As you can see, if you open any external links within TikTok (or Instagram, Messenger, or Facebook), the company can possibly add tracking codes to get further information about user data.

For example, if you log into your bank account through TikTok’s in-app browser, the company could theoretically track your keystroke patterns and obtain your password. However, just because the code exists does not mean it is used maliciously.

TikTok, in response to an article by Forbes, confirmed that the code exists but stated that it is not used maliciously. “‘Like other platforms, we use an in-app browser to provide an optimal user experience, but the JavaScript code in question is used only for debugging, troubleshooting, and performance monitoring of that experience — like checking how quickly a page loads or whether it crashes,’ spokesperson Maureen Shanahan said in a statement.”

Is This Data Tracking Strategy Necessary or Intrusive?

Proponents of this data-tracking strategy being necessary would say that in-app browsers are a necessary part of the growing reach of tracking. They would argue that such data-tracking methods enhance user experience through better, more personalized content recommendations.

It’s hard to argue against the results as Prabhakar Raghavan, a senior VP at Google, said that almost 40% of young people use TikTok or Instagram as recommendations for food rather than Google Search or Maps.

The ability to track users' data is especially important to companies like Facebook. When Apple first introduced anti-tracking measures, Forbes estimated that Facebook stood to lose $12 billion. In-app browsers are one way that companies sidestep this tracking measure.

Others would argue that this data-tracking strategy is an overreach for simple advertising efforts and is too intrusive. The breadth of the information collected and its use isn’t clear, and allowing access to this information without consent could be a breach of privacy.

While an aggressive data tracking strategy can certainly have short-term benefits, it has been proven to erode user trust. According to a study in late 2021, only 13% of people trust Meta to protect the personal data of people who use its social media apps.

Whether TikTok uses its in-app browsers to track keystrokes and keyboard data is irrelevant. The fact that it can do so threatens privacy in and of itself. A survey found that 72% of Americans are extremely concerned about online privacy.

Website Data Experts Weigh In

TikTok’s tracking measures have been under scrutiny for quite some time. Two bills have been introduced to institute a nationwide ban on the app.

A study done by “Disconnect found that data being transmitted to TikTok can include your IP address, a unique ID number, what page you’re on, and what you’re clicking, typing, or searching for, depending on how the website has been set up.”

TikTok spokesperson Maureen Shanahan says this data is used to “among other things, help show relevant content and ads to users, comply with applicable laws, and detect and prevent fraud and inauthentic behavior."

Data tracking is still a sensitive subject, as companies are working to help improve user privacy. Google plans to follow the lead of browsers like Safari, Brave, and Firefox and phase out third-party cookies in Chrome and introduce alternatives due to privacy concerns.

But new tracking techniques are already emerging that don’t need third-party cookies. As a web builder, it is important to adhere to best data practices so that your users feel safe visiting your website.

What Web Builders Can Learn from this Controversy

It seems that data tracking will remain an integral part of advertising strategy moving forward. As website builders, the best option is to develop your website in a way that respects user privacy. This means observing best data privacy practices and only collecting the data you need with the consent of your user.

Your website reflects your business, so establishing trust with your users is important. While you can’t control how other apps and businesses track users, you can control how yours does.


Related Articles

Get daily updates from HubSpot's Service Blog delivered right to your inbox.


Marketing software that helps you drive revenue, save time and resources, and measure and optimize your investments — all on one easy-to-use platform