Privacy

The Sins of TikTok, Part 1: Extreme Privacy Theft by China-Based Company

Scott Buchanan1 Comment

Social media apps are nosy by nature; it is no secret that their main business model is to snoop out information about you, the user, and package and sell that information to advertisers who can target you. But there is one wildly popular app which goes beyond the norms of intrusiveness and privacy invasion AND is targeted largely at children and adolescents AND is based in China and thus is subject to Big Brother’s request for any and all data. That app is TikTok.

To avoid a bunch of re-wording, I will largely share excerpts from “ The Privacy Risks of TikTok – Why This Invasive App is So Dangerous “ by Priscilla Sherman at VPNOverview. Other articles echo her concerns with TikTok:

TikTok is an extremely popular social media video app owned by the Chinese tech company ByteDance. On TikTok, users can create and share short-form videos using a variety of filters and effects. The platform is full of dancing, comedy, and other entertaining videos….

Several agencies and news outlets are now sounding the alarm and reporting on the many problems that have surfaced. ByteDance claims to want to break away from its Chinese background in order to serve a global audience and says it will never share data with the Chinese government. This claim, however, seems impossible now that new security laws have been introduced in Hong Kong.

TikTok’s user base mostly consists of children and adolescents, which many consider to be vulnerable groups. This is a main reason for different authorities to express their worries. However, it isn’t just the youth that might be in danger from TikTok. From December 2019 onwards, U.S. military personnel were no longer allowed to use TikTok, as the app was considered a ‘cyber threat’…

[Hacker group] Anonymous has published a video listing the many dangers of TikTok. They quote a source that has done extensive research on TikTok: “Calling it an advertising platform is an understatement. TikTok is essentially malware that is targeting children. Don’t use TikTok. Don’t let your friends and family use it. Delete TikTok now […] If you know someone that is using it, explain to them that it is essentially malware operated by the Chinese government running a massive spying operation.”

These claims fit in with the recent developments surrounding TikTok. For example, Apple researchers announced that TikTok deliberately spies on users.

Claims keep piling up, showing that TikTok is a very invasive application that poses a substantial privacy risk. It seems that the data collection at TikTok goes much further than other social platforms such as Facebook or Instagram. This is surprising, since both of these companies have already faced backlash for the way they’ve dealt with user privacy. TikTok seems to collect data on a much larger scale than other social media platforms do. This, combined with TikTok’s origins makes it quite plausible that the Chinese government has insight into all of this collected data…..

Research from a German data protection website has revealed that TikTok installs browser trackers on your device. These track all your activities on the internet. According to ByteDance, these trackers were put in place to recognize and prevent “malicious browser behavior”. However, they also enable TikTok to use fingerprinting techniques, which give users a unique ID. This enables TikTok to link data to user profiles in a very targeted way.

Unfortunately, this happens with a great disregard of privacy – perhaps intentionally so. The German researchers indicate, for example, that IP addresses aren’t anonymized when TikTok uses Google Analytics, meaning your online behavior is directly linked to your IP address. An IP address provides information about your location and, indirectly, about your identity…

A user on Reddit used reverse engineering to figure out more about TikTok. Anonymous quoted the results in the video we mentioned earlier. The Reddit user discovered that TikTok collects all kinds of information:

  • Your smartphone’s hardware (CPU type, hardware IDs, screen size, dpi, memory usage, storage space, etc.);
  • Other apps installed on your device;
  • Network information (IP, local IP, your router’s MAC address, your device’s MAC address, the name of your Wi-Fi network);
  • Whether your device was rooted/jailbroken;
  • Location data, through an option that’s turned on automatically when you give a post a location tag (only happens on some versions of TikTok);

Additionally, the app creates a local proxy server on your device, which is officially used for “transcoding media”. However, this is done without any form of authentication, making it susceptible to misuse….

We asked investigative journalist and writer Maria Genova about her vision on TikTok. … Genova says: There’s a reason several countries have banned it. It’s unbelievable how much information an app like that pulls from your phone”…

TikTok needs access to your camera and microphone in order to work properly… However, there aren’t any specifications explaining how exactly these permissions are used. Therefore, TikTok could theoretically record conversations and sounds using your microphone, even when you aren’t filming a TikTok video.

We could go on and on with the technical details here, but you get the point. The fact that “IP addresses aren’t anonymized“ is really a big, bad deal. The article concludes:

The current findings and concerns surrounding TikTok are reason enough for us [the staff at VPNOverview] to remove the app from our devices. Whether TikTok’s main target group – young people between 14 and 25 – is sensitive to the privacy concerns that have come to light, remains to be seen.

Indeed.

One more quote , from Brendan Carr of the U.S. Federal Communications Commission (FCC), regarding the reliability of TikTok’s claims that they do not share data with the Chinese government:

“China has a national security law that compels every entity within its jurisdiction to aid its espionage and what they view as their national security efforts,” Carr said earlier this year, alluding to the fact that Chinese companies must make all the data they collect available to the Chinese Communist Party (CCP).

Stay tuned for Part 2, dealing with some larger market ramifications of TikTok’s evasion of  Apple and Android privacy protections.

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

This just in from BuzzFeed (added to original post here):

“Leaked Audio From 80 Internal TikTok Meetings Shows That US User Data Has Been Repeatedly Accessed From China”

For years, TikTok has responded to data privacy concerns by promising that information gathered about users in the United States is stored in the United States, rather than China, where ByteDance, the video platform’s parent company, is located. But according to leaked audio from more than 80 internal TikTok meetings, China-based employees of ByteDance have repeatedly accessed nonpublic data about US TikTok users — exactly the type of behavior that inspired former president Donald Trump to threaten to ban the app in the United States.

The recordings, which were reviewed by BuzzFeed News, contain 14 statements from nine different TikTok employees indicating that engineers in China had access to US data between September 2021 and January 2022, at the very least. Despite a TikTok executive’s sworn testimony in an October 2021 Senate hearing that a “world-renowned, US-based security team” decides who gets access to this data, nine statements by eight different employees describe situations where US employees had to turn to their colleagues in China to determine how US user data was flowing. US staff did not have permission or knowledge of how to access the data on their own, according to the tapes.

“Everything is seen in China,” said a member of TikTok’s Trust and Safety department in a September 2021 meeting.

The Future of the World’s Tiniest Billboards

Joy1 Comment

Ben Lange, a business student at Samford, writes:

In January of this year, Apple made a big announcement. It wasn’t about a new iPhone. Apple announced that it will soon release an update to their software that allows users to choose whether they give permissions to apps such as Facebook to track their browsing history on other companies’ apps and websites.(WSJ) This has implications for data usage and availability in advertising. As technology has advanced, regulations surrounding exactly what a company is allowed to do with your data has  stayed relatively stagnant, especially for smartphones. Companies such as Facebook and Twitter are allowed to monitor your searches not only on their apps, but also on your phone browser and other apps.

Continue reading