The Sins of TikTok, Part 1: Extreme Privacy Theft by China-Based Company

Social media apps are nosy by nature; it is no secret that their main business model is to snoop out information about you, the user, and package and sell that information to advertisers who can target you. But there is one wildly popular app which goes beyond the norms of intrusiveness and privacy invasion AND is targeted largely at children and adolescents AND is based in China and thus is subject to Big Brother’s request for any and all data. That app is TikTok.

To avoid a bunch of re-wording, I will largely share excerpts from “ The Privacy Risks of TikTok – Why This Invasive App is So Dangerous “ by Priscilla Sherman at VPNOverview. Other articles echo her concerns with TikTok:

TikTok is an extremely popular social media video app owned by the Chinese tech company ByteDance. On TikTok, users can create and share short-form videos using a variety of filters and effects. The platform is full of dancing, comedy, and other entertaining videos….

Several agencies and news outlets are now sounding the alarm and reporting on the many problems that have surfaced. ByteDance claims to want to break away from its Chinese background in order to serve a global audience and says it will never share data with the Chinese government. This claim, however, seems impossible now that new security laws have been introduced in Hong Kong.

TikTok’s user base mostly consists of children and adolescents, which many consider to be vulnerable groups. This is a main reason for different authorities to express their worries. However, it isn’t just the youth that might be in danger from TikTok. From December 2019 onwards, U.S. military personnel were no longer allowed to use TikTok, as the app was considered a ‘cyber threat’…

[Hacker group] Anonymous has published a video listing the many dangers of TikTok. They quote a source that has done extensive research on TikTok: “Calling it an advertising platform is an understatement. TikTok is essentially malware that is targeting children. Don’t use TikTok. Don’t let your friends and family use it. Delete TikTok now […] If you know someone that is using it, explain to them that it is essentially malware operated by the Chinese government running a massive spying operation.”

These claims fit in with the recent developments surrounding TikTok. For example, Apple researchers announced that TikTok deliberately spies on users.

Claims keep piling up, showing that TikTok is a very invasive application that poses a substantial privacy risk. It seems that the data collection at TikTok goes much further than other social platforms such as Facebook or Instagram. This is surprising, since both of these companies have already faced backlash for the way they’ve dealt with user privacy. TikTok seems to collect data on a much larger scale than other social media platforms do. This, combined with TikTok’s origins makes it quite plausible that the Chinese government has insight into all of this collected data…..

Research from a German data protection website has revealed that TikTok installs browser trackers on your device. These track all your activities on the internet. According to ByteDance, these trackers were put in place to recognize and prevent “malicious browser behavior”. However, they also enable TikTok to use fingerprinting techniques, which give users a unique ID. This enables TikTok to link data to user profiles in a very targeted way.

Unfortunately, this happens with a great disregard of privacy – perhaps intentionally so. The German researchers indicate, for example, that IP addresses aren’t anonymized when TikTok uses Google Analytics, meaning your online behavior is directly linked to your IP address. An IP address provides information about your location and, indirectly, about your identity…

A user on Reddit used reverse engineering to figure out more about TikTok. Anonymous quoted the results in the video we mentioned earlier. The Reddit user discovered that TikTok collects all kinds of information:

  • Your smartphone’s hardware (CPU type, hardware IDs, screen size, dpi, memory usage, storage space, etc.);
  • Other apps installed on your device;
  • Network information (IP, local IP, your router’s MAC address, your device’s MAC address, the name of your Wi-Fi network);
  • Whether your device was rooted/jailbroken;
  • Location data, through an option that’s turned on automatically when you give a post a location tag (only happens on some versions of TikTok);

Additionally, the app creates a local proxy server on your device, which is officially used for “transcoding media”. However, this is done without any form of authentication, making it susceptible to misuse….

We asked investigative journalist and writer Maria Genova about her vision on TikTok. … Genova says: There’s a reason several countries have banned it. It’s unbelievable how much information an app like that pulls from your phone”…

TikTok needs access to your camera and microphone in order to work properly… However, there aren’t any specifications explaining how exactly these permissions are used. Therefore, TikTok could theoretically record conversations and sounds using your microphone, even when you aren’t filming a TikTok video.

We could go on and on with the technical details here, but you get the point. The fact that “IP addresses aren’t anonymized“ is really a big, bad deal. The article concludes:

The current findings and concerns surrounding TikTok are reason enough for us [the staff at VPNOverview] to remove the app from our devices. Whether TikTok’s main target group – young people between 14 and 25 – is sensitive to the privacy concerns that have come to light, remains to be seen.

Indeed.

One more quote , from Brendan Carr of the U.S. Federal Communications Commission (FCC), regarding the reliability of TikTok’s claims that they do not share data with the Chinese government:

“China has a national security law that compels every entity within its jurisdiction to aid its espionage and what they view as their national security efforts,” Carr said earlier this year, alluding to the fact that Chinese companies must make all the data they collect available to the Chinese Communist Party (CCP).

Stay tuned for Part 2, dealing with some larger market ramifications of TikTok’s evasion of  Apple and Android privacy protections.

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

This just in from BuzzFeed (added to original post here):

“Leaked Audio From 80 Internal TikTok Meetings Shows That US User Data Has Been Repeatedly Accessed From China”

For years, TikTok has responded to data privacy concerns by promising that information gathered about users in the United States is stored in the United States, rather than China, where ByteDance, the video platform’s parent company, is located. But according to leaked audio from more than 80 internal TikTok meetings, China-based employees of ByteDance have repeatedly accessed nonpublic data about US TikTok users — exactly the type of behavior that inspired former president Donald Trump to threaten to ban the app in the United States.

The recordings, which were reviewed by BuzzFeed News, contain 14 statements from nine different TikTok employees indicating that engineers in China had access to US data between September 2021 and January 2022, at the very least. Despite a TikTok executive’s sworn testimony in an October 2021 Senate hearing that a “world-renowned, US-based security team” decides who gets access to this data, nine statements by eight different employees describe situations where US employees had to turn to their colleagues in China to determine how US user data was flowing. US staff did not have permission or knowledge of how to access the data on their own, according to the tapes.

“Everything is seen in China,” said a member of TikTok’s Trust and Safety department in a September 2021 meeting.

Gen Z on TikTok

I did an informal survey among undergraduate students. This is not a representative sample of American youth. Before answering the question “How is TikTok affecting your peers?” they had just heard about the TikTok recommendation algorithm. Answers might have been slightly different if they had not been primed to think about the app from a business perspective.

Most of the answers were negative, both among students who use TikTok themselves and especially from students who are staying off of the app. Some answers presented both a positive and a negative reply.

Here is one of the more positive replies:

“TikTok is affecting my peers in a few different ways. On the positive side, people can learn very useful things on the app. On the negative side, it can be very time consuming. I have heard from many friends how they have wasted a lot of their time on TikTok when they could have been doing something more productive.”

Some students emphasized the social aspect:

“TikTok is one of the biggest social platforms amongst my friends and I. When we hangout, we are creating our own TikToks, but when we are apart we are able to share videos with each other. TikTok for me is a big rabbit hole that I find myself spending way too much time on.”

Also, they believe that this platform, more so than the original social networks, allow a new user to break out. “The idea that a normal, average person can post on TikTok and have a likelihood of it becoming viral is what has launched the platform.” I can see how a 20-year-old today would think Twitter is less fun because it is hard for a newcomer to get noticed.

Some students mentioned the addictive aspect of TikTok:

“I see a lot of my peers stay on the app for long periods of time. I can’t count the amount of times people say something about how they didn’t realize they were scrolling for an hour before they looked at the clock.”

“I have three friends back home who are being affected by Tik Tok in the worse way possible. All they do is watch Tik Toks all day and has even affected their sleep schedule cause they can’t put their phone down. It’s hard to see my friends sucked in the rabbit hole.”

“Personally, I have had to set screen time limits for TikTok through my phone’s settings because I can easily spend extended periods of time of the app without even realizing it; and even then, sometimes, I even override the limits I have set in place because I want to see even more content.”

The funniest line award goes to: “I personally hate TikTok and think it is rat poison.”

I wonder how the responses might have differed if I had asked a similar question to college students about TV and video games 20 years ago.

I use Twitter frequently. Maybe I spend more time on it than I should, and I don’t support as many paid media outlets as I might otherwise. Thus, the non-Twitter world is less rich for today’s college students.

For balance, here’s how Big Tech helped me in the past week. I needed to help my son build a model rocket from a kit. Some stranger kind young man had made an excellent YouTube video detailing how to make this rocket. This video really helped me, and the man should get the satisfaction of one more watch on his views count.