‘TikTok Spies On You and Transfers Data to Chinese Authorities.’ But Is It All That Bad?
Recently, the news broke that TikTok, a popular Chinese online platform and mobile app for sharing short-form mobile videos, collects user personal data in an amount unusual for a social media app.
The issue was raised by redditor bangorlol who claimed to have reverse-engineered the TikTok app and analyzed how it operates. According to bangorlol’s findings, TikTok is essentially a data collection service masqueraded as a social network. “If there is an API [Application Programming Interface] to get information on you, your contacts, or your device… well, they’re using it,” they said.
“TikTok Is a Mass Surveillance App”
Among the data harvested by TikTok, there is information about a user’s phone hardware, including its central processing unit type, screen dimensions, memory usage, disk space, other applications installed, everything related to the network such as IP, router MAC, Wi-Fi access point name, among other things.
TikTok allegedly also collects information about whether a user’s device was rooted or jailbroken. Bangorlol claimed that some variants of TikTok had GPS pinging enabled at the time—roughly once every 30 seconds—which is enabled by default if a user ever location-tag a post IIRC.
Moreover, the app allegedly sets up a local proxy server on a user’s device for “transcoding media,” which, according to bangorlol, can be easily abused as it has zero authentication. The redditor continued saying that the most concerning issue about TikTok is that the commands for collecting data can be configured remotely:
“The scariest part of all of this is that much of the logging they’re doing is remotely configurable and unless you reverse every single one of their native libraries and manually inspect every single obfuscated function. They have several different protections in place to prevent you from reversing or debugging the app as well. App behavior changes slightly if they know you’re trying to figure out what they’re doing.”
For a long period of time, TikTok also did not use the secure HTTPS protocol, so user data—such as their email address and secondary email addresses used for password resets, real names, and birth dates—could be leaked and viewed by third parties.
Is It All That Bad?
To compare the volume of collected user data, bangorlol also reverse-engineered social media platforms such as Instagram, Facebook, Reddit, and Twitter. They eventually concluded that those apps do not harvest anywhere near the same amount of information that TikTok does. “It’s like comparing a cup of water to the ocean—they just don’t compare,” Bangorlol stated.
To further elaborate on the matter, forklog. media contacted a security researcher working for one of the world’s leading cybersecurity companies, who wanted to remain anonymous. Here what they said:
“Code obfuscation is quite common for popular apps, and the reason is usually not hiding malicious functionality but preventing competitors from code theft. There is no evidence that TikTok violates its privacy policy or abuses given permissions for malicious purposes. According to its privacy policy and required permissions (which are quite typical for audio-video social network apps), TikTok doesn’t collect data that can be called sensitive (which includes SMS, call logs, passwords, bank account data, etc.). There are no reasons to call it malicious and remove it from markets.”
They continued noting that big data is quite valuable nowadays. “App developers and advertising agencies want to know the age, gender, geolocation, OS version, phone model of the users. Usually, this data is collected for statistics only and helps to create the portrait of the user so that ads will be more targeted,” the researcher added.
Responding to the question of whether TikTok continues to collect data from a user’s device even if the user deleted the app, the researcher assured that if the app is removed from the phone, the data is not collected anymore.
Also, opening TikTok links in a browser is ostensibly safe. “Just check that it’s the official TikTok website, and not phishing—a standard check when opening any links in a browser,” the researcher said.
Response From the Public
The idea that TikTok is actually malware developed by Chinese authorities for mass surveillance was subsequently supported by the famous hacker group Anonymous, which urged users to immediately remove the application from their devices.
Delete TikTok now; if you know someone that is using it explain to them it is essentially malware operated by the Chinese government running a massive spying operation. https://t.co/J7N9FS7PvG
— Anonymous (@YourAnonCentral) July 1, 2020
Anonymous pointed out that transferring user data to Chinese authorities could have potential consequences for everyone, including for those who are not afraid of surveillance by China.
"what do I have to lose if China is spying on me?" let's say anyone that follows this account likes any of our tweets and then 5 years from now you visit China, you'll be arrested. More likely you will have your financial info stolen, data corrupted, and will be manipulated.
— Anonymous (@YourAnonCentral) July 1, 2020
Anonymous referred to bangorlol’s analysis, which makes it unclear whether the hacker group had carried out their own investigation into the TikTok app before making its statements.
Interestingly, the Indian government banned a slew of Chinese applications, including TikTok claiming that “they are engaged in activities which is prejudicial to sovereignty and integrity of lndia, defence of India, security of state and public order.”
In an official press release from the country’s Ministry of Information Technology, it is said that the 59 apps in question have raised serious concerns regarding data security and safeguarding the privacy of Indians. The release read:
“The Ministry of Information Technology has received many complaints from various sources including several reports about misuse of some mobile apps available on Android and IoS platforms for stealing and surreptitiously transmitting users’ data in an unauthorized manner to servers which have locations outside India.”
In the meantime, TikTok continues to enjoy great popularity, with 800 million monthly active users out of 3.81 billion social media users globally, who represent 49% of the world’s total population.
Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.
Subscribe to our Newsletter
<Subscribe
Related posts
- How Centralized Social Media are Forced to Censor Content: Facebook Case
- Data Brokers: How Law Enforcement Rely on Inaccurate Data to Supplement Investigations
- UK Supplies Spyware and Telecoms Interception Devices to Countries With Repressive Regimes
- Trump Acknowledges 2018 Cyberattack Against Russian Troll Farm
- Stalkerware Usage in on the Rise as Domestic Violence Rates Surge During Lockdown
- Chinese Ponzi Scheme PlusToken Shows Signs of Exit Scam
- Voice Social Media App Goes Live, Dan Larimer Shares Glimpse of New World Order
- Chinese Scammers Exploit Cardano Brand and CEO’s Photo to Target Wealthy Farmers