tech2 News StaffJul 01, 2020 16:26:19 IST
Just after the Indian government banned TikTok and 58 other Chinese apps in India for 'protecting user data', a Reddit thread has picked up steam where a hobbyist researcher claims that "TikTok is a data collection service that is thinly-veiled as a social network."
A Redditor who goes by the username bangorlol, reverse-engineered the TikTok app. The Redditor claims that they "figure out how apps work for a job".
The research was done two months ago. The inputs from the research have been added to the Reddit thread in four edits. The first edit is concluded with a strongly-worded statement: "TikTok is essentially malware that is targeting children. Don't use TikTok. Don't let your friends and family use it."
The researcher reportedly found that TikTok was collecting information on users' phone hardware, the apps on their phone, network-related information like IP address, router mac, Wi-Fi access point name, and if a user's phone was rooted or jailbroken.
The research also reveals that in some versions of the app, GPS pinging was also enabled, sending location data roughly once every 30 seconds.
Reportedly, the app has various ways to prevent a user from reversing or debugging the app as well.
"App behavior changes slightly if they know you're trying to figure out what they're doing. There's also a few snippets of code on the Android version that allows for the downloading of a remote zip file, unzipping it, and executing said binary. There is zero reason a mobile app would need this functionality legitimately," the researcher/Redditor writes.
Further, the researcher claims that they "also reversed the Instagram, Facebook, Reddit, and Twitter apps. They don't collect anywhere near the same amount of data that TikTok does, and they sure as hell aren't outright trying to hide exactly what's being sent like TikTok is."
This isn't the only recent report questioning Tiktok's practices when it comes to security and privacy. We recently covered research by Talal Haj Bakry and Tommy Mysk, according to which, TikTok was among 54 iOS apps that were snooping on users' sensitive clipboard data including passwords, addresses and anything else in the clipboard. The issue came to light after Apple released the iOS 14 developer beta update. A novel feature in the new iOS iteration shows users a warning every time an app reads clipboard contents. TikTok was among the apps that triggered the warning.
This research by Bakry and Mysk was originally carried out in March. Back then, TikTok claimed to have fixed the issue with an update. However, as per an ArsTechnica report, TikTok "continues to access some of Apple users’ most sensitive data, which can include passwords, cryptocurrency wallet addresses, account-reset links, and personal messages."
Find latest and upcoming tech gadgets online on Tech2 Gadgets. Get technology news, gadgets reviews & ratings. Popular gadgets including laptop, tablet and mobile specifications, features, prices, comparison.