A Reddit user called Bangorlol has reverse-engineered the TikTok app to reveal that the Chinese based app was collecting information on users’ phone hardware, apps, network-related information, and much more. The Reddit thread picked up a lot of notoriety in the past week and comes just after India permanently banned TikTok and 58 other Chinese apps. The Redditor very plainly states in the thread “TikTok is a data collection service that is thinly-veiled as a social network. If there is an API to get information on you, your contacts, or your device… well, they’re using it.” The fact that TikTok has become increasingly popular during the coronavirus pandemic and the fact the majority of the app’s users are children make the data super sensitive and worrisome if it were to be used with malice.
The researcher reportedly found that TikTok collected information about user phone hardware, applications on their devices, network-related details such as IP address, router mac, name of the Wi-Fi access point and whether a user’s device was rooted or jailbroken. The research also showed that in certain versions of the app it would take the phone’s GPS location and ping it every 30 seconds sending locational and tracking data to TikTok.
According to the Reddit thread, “they have several different protections in place to prevent you from reversing or debugging the app as well. App behavior changes slightly if they know you’re trying to figure out what they’re doing. There’s also a few snippets of code on the Android version that allows for the downloading of a remote zip file, unzipping it, and executing said binary.” There is no legitimate reason for any of these functions other than to hide what they are doing with the data and their true intentions for collecting all of this data.
But who cares? A lot of people argue that if they already have Facebook, Instagram, Snapchat, Twitter, and other social media platforms then why not TikTok as well? Well according to Bangorlol, “It’s like comparing a cup of water to the ocean – they just don’t compare.” The reddit user reverse-engineered the Facebook app, the Twitter app, and the Reddit app and while they all did collect data it was miniscule in comparison to TikTok. Not only was the amount of data collected vastly different, but TikTok purposely hides and prevents users from seeing what data is sent back to TikTok with an algorithm that changes every app update and encrypts the data. The blatant attempt at camouflaging their intentions with users’ data is worrisome given the current tensions between the US and China. Even more worrisome is how much of that information and data belongs to minors.
Just this past December, ByteDance, the company which owns the popular social media and video platform TikTok, was being sued for allegedly collecting and selling data of kids violating The Children’s Online Privacy Protection Act (COPPA). That was not even their first legal battle with the FTC over violating COPPA regulations in the US. Also, the latest Apple iOS updates show that TikTok was one of 55 apps to be secretly stealing user information from the phone’s clipboard including passwords, usernames, addresses, and more. Bangorlol ends the first edit of his thread saying, “TikTok is essentially malware that is targeting children. Don’t use TikTok. Don’t let your friends and family use it.”