shortcuts

Escaping TikTok's iOS Browser Sandbox (iOS Shortcut)

Update 3 03/19/2023: Over the past few months, TikTok updated their app to include an option to open links in the default browser versus forcing users to stay in the in-app browser. To do this, visit a link in the TikTok app and tap the three dots (…). Choose “default browser” from the list of options and it will launch your phone’s default web browser. As a result, this shortcut now has little practical use. This will be the final update regarding this post.

Update 2 03/19/2022: Added action to restore original functionality. Shortcut link in article has been updated.


Update 1 03/19/2022: The most recent version of iOS (15.4 at the time of this writing) has broken the Shortcut and only extracts the first line of text of the screenshot passed into it. I’m working to update the Shortcut and restore functionality.

I finally got fed up with TikTok’s hostile UX and locking iOS users to using only TikTok’s in-app web browser when visiting creators’ independent websites on their TikTok profiles. I call it hostile behavior because of the difficulty TikTok makes to open a creator’s website in a separate app, be it Safari or 3rd-party app like Chrome, Firefox, or Brave. This is also shady behavior on TikTok by forcing users to stay within the confines of the in-app web browser. If a website does not have appropriate traffic encryption in place, TikTok may be able to capture and siphon any information passing through the in-app browser and tying that browsing history to the user. This means:

  • First and last names typed in for online petitions

  • Email addresses submitted for newsletters

  • Shipping addresses provided for purchases

  • Login information to access other online services

  • Other private information entered through text

TikTok ensures this web traffic goes through only their in-app browser so that it stays within their sandbox of iOS to stockpile this information and more. TikTok pushes a number of tricks on iOS to accomplish this.

An “Ominous” Message

When a user visits a profile weblink that is properly secured so the Clock App cannot eavesdrop on web traffic, TikTok gives a message of caution to the user through a confirmation screen before displaying the page, stating:

“You’re about to open an external website. Be cautious and keep your personal information safe.”

Ironically, TikTok only presents this “warning” when your personal information is safe from prying eyes, even TikTok’s.

Screenshot of TikTok’s confirmation screen before visiting secure websites.


Making the URL Text Inaccessible

Another method employed by TikTok is making the text of the URL nearly inaccessible to iOS users. When visiting a creator’s profile, we can easily enough copy the creator’s username from the Clock App by tapping on the username itself, but when trying to copy the text of the URL so we can paste it into Safari the task is not so simple. Even when visiting the creator’s profile page through the “Copy Link” feature on their profile page (tapping the three dots in the upper right-hand corner) and pasting this link into Safari, TikTok hides the creator’s website URL in when visiting the profile page in a mobile web view. See below, where @underthedesknews linktr.ee URL is visible on the TikTok app view (left) versus when viewing their same profile page through the mobile web app view in Safari (right):

The Workaround (ios shortcut)

After searching the web for a workaround and finding none, I eventually discovered and developed my own. By taking a screenshot of the TikTok creator’s profile page, I could use the Live Text OCR (object character recognition) feature integrated into iOS (versions 13 and up) to copy the URL and paste it into Safari. However, the process was very cumbersome switching between apps and copying/pasting over and over, and whenever something gets repetitive it’s best to make a Shortcut.

After more brainstorming and research I was able to build off the work of iOS Shortcuts wizard Matthew Cassinelli by taking his “Extract text from photo” Shortcut and modifying it. The Shortcut takes any photo containing text (in this case, a screenshot of the TikTok creator’s profile with their URL), and scrapes out any text in the photo. From the lines of text the Shortcut scraped, we select the one that contains the website link. That line of text containing the URL to the “Get URLs from” operator, which keeps only the text making up the URL. The Shortcut finally opens the URL in Safari.

Shortcut demo

Play the video from my tweet below to see a demo of the Shortcut in action.

Caveats

The Shortcut can be run through the Share Sheet or separately from within the Shortcuts app. I prefer to run it immediately after I take a screenshot through the Share Sheet. However, keep in mind that each time a screenshot is taken the screenshot will end up in the Camera Roll, so don’t forget to clear them out from time to time if you don’t want screenshots clogging it up.

Remember: this Shortcut can only work with the text it is able to detect and “see” in the photo. That means if a URL is too long that it goes off the screen and the link trails off with ellipses (…), then the URL may not render properly and the user may see receive a 404 error when trying to visit the website.

I’ll update the link to the Shortcut above as I find better ways to improve the process of opening links from the TikTok app into Safari. If you’re as irked by TikTok’s web browser sandboxing as I am and you have any suggestions or alternatives to my method, let me know on TikTok, Instagram, Twitter, or in the comments below