You're writing as if this is just analytics tracking a user's actions in their own UI. It's not! This is tracking actions users take, and data users enter, on 3rd-party websites.

That is not "what happens in Tiktok's app," as you put it in your reply. It may be hosted "in" the app in a technical sense, but the typical user who is fullscreen viewing a totally different website may not feel like they are "in" the app at all. I wouldn't bet that most users even get that there's a distinction between an in-app browser vs. opening a tab in the main OS browser (on Android at least, the back gesture takes you back to the app either way). Users almost certainly doesn't expect the original app to be able to read passwords and other text that they type on those 3rd-party sites.

And how do we know Instagram and yelp are not doing something similar? If you have in app browser you can track user activity much more invasively. That’s not an argument against tiktok, that’s an argument against in app browsers. If you’re so concerned with user privacy ask Apple to remove that functionality from all apps instead of slyfully picking and choosing the apps to attack.

Instagram does do the same thing afaik

If you sold a phone that sent call details back to the manufacturer you’d likely get locked up.

Tik tok are not a party to these communications, and they’re not a carrier or service provider. What they’re doing is wire tapping.

But when you click a link in the TikTok app, TikTok opens an in-app browser for you to view it in - and that’s where it’s gathering all the information. It’s a deceptive practice, since most users won’t realize that they’re not simply surfing a website as usual.

Not only that, but per the article, TikTok is the only popular app that does this while not providing an option to open the link in regular browser from within the built-in one.

This is just an idiotic statement. Almost all social media apps do this. In addition apps like Yelp do this to the determent of business owners.

Did you just wake up today after reading this article and learned about the existence of in-app browsers? This is a common practice by almost all social media apps.

You are aware of the various privacy laws in a lot of countries?

Unfortunately, the issue of consent is extremely muddy as it's easy to argue that the average person is not informed enough about the issue at hand, and so they have improperly developed expectations when engaging with the TikTok browser.

Lack of consent and lack of transparency, make this whole thing pretty messed up.

surely slurping up passwords at least seems ominous?

It makes sense when you’re a slick lawyer appealing to technicalities, but in reality users don’t know how their devices work and where borders of an app are. If tiktok was a restaurant, we would talk about its restroom surveillance here. It may not collect too private information like passwords or messages, but the doubt is reasonable.

Would consider it right for a browser to snoop on every page opened, every link clicked, every character typed and send it to the cloud without informing the user?

No my point is why single out tiktok when every other social app is doing the same exact thing for all we know in their in-app browsers. Just because the researcher in this particular article happened to go after tiktok?

Why not use an example if you know they are doing it, if you don’t have time to lookup what all the others are doing? Its a pretty weak defense that everyone else is doing the same wrong thing.

It's not a defense, I'm simply asking why is everyone pilling on tiktok over some javascript trickery just bc they're deemed an enemy of the state by our all mighty government?