TikTok injects code into third-party web pages when a user opens a browser page in the TikTok app. This code could serve as a keylogger, among other things. According to the social medium, the code in question is only used for development purposes.
The controversial code. Image via Felix Krause
Thus, the keylogger portion of the code from the third party SDK would not be used. It is not clear who this third party is and whether they would actually need a keylogger for development purposes. TikTok further suggests that certain registered data is only processed locally on the device and is not forwarded to servers of the social medium.
It is therefore not a given that TikTok does indeed register the keyboard input of users, let alone send it to its own servers or otherwise store it. It is, however, almost certain that this would be possible. For that reason, according to Krause, it is wise to copy browser links via TikTok, but also via Facebook and Instagram, and paste them directly into a trusted browser. In this way, the relevant applications cannot inject code to register sensitive data in this way.