TikTok Data-Mining or Data Collection Practices...

BRiT

(>• •)>⌐■-■ (⌐■-■)
Moderator
Legend
Supporter
An interesting read for anyone who's curious about the app or data security. Here's a few of the beginning snippets to get your attention.


https://www.boredpanda.com/tik-tok-reverse-engineered-data-information-collecting/

Guy Who Reverse-Engineered TikTok Reveals The Scary Things He Learned, Advises People To Stay Away From It

2 months ago, Reddit user bangorlol made a comment in a discussion about TikTok. Bangorlol claimed to have successfully reverse-engineered it and shared what he learned about the Chinese video-sharing social networking service. Basically, he strongly recommended that people never use the app again, warning about its intrusive user tracking and other issues.

“TikTok put a lot of effort into preventing people like me from figuring out how their app works. There’s a ton of obfuscation involved at all levels of the application, from your standard Android variable renaming grossness to them (bytedance) forking and customizing ollvm for their native stuff. They hide functions, prevent debuggers from attaching, and employ quite a few sneaky tricks to make things difficult. Honestly, it’s more complicated and annoying than most games I’ve targeted,” Bangorlol explained.

“TikTok might not meet the exact criteria to be called “Malware”, but it’s definitely nefarious and (in my humble opinion) outright evil,” Bangorlol said. “There’s a reason governments are banning it. Don’t use the app. Don’t let your children use it. Tell your friends to stop using it. It offers you nothing but a quick source of entertainment that you can get elsewhere without handing your data over to the Chinese government. You are directly putting yourself and those on your network (work and home) at risk.”

tik-tok-reverse-engineered-data-information-collecting-3-5ef3407a24cd3__700.jpg


tik-tok-reverse-engineered-data-information-collecting-4-5ef3407c09ecb__700.jpg


tik-tok-reverse-engineered-data-information-collecting-5-5ef3407e1578a__700.jpg


tik-tok-reverse-engineered-data-information-collecting-6-5ef340809b3f8__700.jpg


...

tik-tok-reverse-engineered-data-information-collecting-13-5ef34090b561c__700.jpg
 
The aggressive clipboard spying maybe due to old Google analytics or admob bundle.

The other spying seems pretty similar to what Facebook did a few years ago.

Did Facebook got fined or any penalty for that (other than uproar on tech circle)? If no penalty, tiktik got no reason to change behavior.
 
They totally have - if years before it is made clear that this kind of behavior is not allowed by Facebook, no other app should do this either. But then the app stores should also not allow this app.

However recent attention has had some impact, there have been some big updates to parental and privacy options and such.

Still, I literally just had this discussion today with a parent asking if she should allow her son to have a TikTok account as all the kids do.

The platform also has had issues with Chinese censorship, promoting ‘prettier’ people in the results (this one according to my son) etc. It looks beyond shabby.
 
The aggressive clipboard spying maybe due to old Google analytics or admob bundle.
I wasn't even aware that there was an API to read the clipboard by background apps. This definitely needs to be behind an OS permission with the usual iOS options of: Never. Always. While using the App.
 
I wasn't even aware that there was an API to read the clipboard by background apps. This definitely needs to be behind an OS permission with the usual iOS options of: Never. Always. While using the App.
Yeah phone os, especially Android is security nightmare. It's as it they are being developed with banking on "developers are good guys/gals". They're getting better but not as fast as I'm comfortable with.

Hilariously, many of android security shortcomings have been fixed by lineageos privacy guard since eons ago. But Google never adopted it.

For example, android apps used to need to ask for permission to read all your contacts just to get your identity/identifier. Android apps also used to need to be able to read all sms messages just to be able to automatically reads token key/number on sms. Some apps works just fine if you disagree. Some other will simply close.

Lineageos' privacy guard allows your to give dummy data. So the app will still work, your data stays safe.
 
Back
Top