TikTok Data-Mining or Data Collection Practices...

Discussion in 'General Discussion' started by BRiT, Jun 27, 2020.

  1. BRiT

    BRiT Verified (╯°□°)╯
    Moderator Legend Alpha

    Joined:
    Feb 7, 2002
    Messages:
    16,004
    Likes Received:
    14,986
    Location:
    Cleveland
    An interesting read for anyone who's curious about the app or data security. Here's a few of the beginning snippets to get your attention.


    https://www.boredpanda.com/tik-tok-reverse-engineered-data-information-collecting/

    Guy Who Reverse-Engineered TikTok Reveals The Scary Things He Learned, Advises People To Stay Away From It

    2 months ago, Reddit user bangorlol made a comment in a discussion about TikTok. Bangorlol claimed to have successfully reverse-engineered it and shared what he learned about the Chinese video-sharing social networking service. Basically, he strongly recommended that people never use the app again, warning about its intrusive user tracking and other issues.

    “TikTok put a lot of effort into preventing people like me from figuring out how their app works. There’s a ton of obfuscation involved at all levels of the application, from your standard Android variable renaming grossness to them (bytedance) forking and customizing ollvm for their native stuff. They hide functions, prevent debuggers from attaching, and employ quite a few sneaky tricks to make things difficult. Honestly, it’s more complicated and annoying than most games I’ve targeted,” Bangorlol explained.

    “TikTok might not meet the exact criteria to be called “Malware”, but it’s definitely nefarious and (in my humble opinion) outright evil,” Bangorlol said. “There’s a reason governments are banning it. Don’t use the app. Don’t let your children use it. Tell your friends to stop using it. It offers you nothing but a quick source of entertainment that you can get elsewhere without handing your data over to the Chinese government. You are directly putting yourself and those on your network (work and home) at risk.”

    [​IMG]

    [​IMG]

    [​IMG]

    [​IMG]

    ...

    [​IMG]
     
    TheAlSpark, Lightman and Pete like this.
  2. Pressure

    Veteran Regular

    Joined:
    Mar 30, 2004
    Messages:
    1,437
    Likes Received:
    366
    They also query your clipboard information ... so never copy/paste sensitive information.

     
    Lightman and iroboto like this.
  3. orangpelupa

    orangpelupa Elite Bug Hunter
    Legend Veteran

    Joined:
    Oct 14, 2008
    Messages:
    8,452
    Likes Received:
    1,848
    The aggressive clipboard spying maybe due to old Google analytics or admob bundle.

    The other spying seems pretty similar to what Facebook did a few years ago.

    Did Facebook got fined or any penalty for that (other than uproar on tech circle)? If no penalty, tiktik got no reason to change behavior.
     
    DSoup likes this.
  4. Arwin

    Arwin Now Officially a Top 10 Poster
    Moderator Legend

    Joined:
    May 17, 2006
    Messages:
    18,069
    Likes Received:
    1,662
    Location:
    Maastricht, The Netherlands
    They totally have - if years before it is made clear that this kind of behavior is not allowed by Facebook, no other app should do this either. But then the app stores should also not allow this app.

    However recent attention has had some impact, there have been some big updates to parental and privacy options and such.

    Still, I literally just had this discussion today with a parent asking if she should allow her son to have a TikTok account as all the kids do.

    The platform also has had issues with Chinese censorship, promoting ‘prettier’ people in the results (this one according to my son) etc. It looks beyond shabby.
     
    orangpelupa likes this.
  5. DSoup

    DSoup meh
    Legend Veteran Subscriber

    Joined:
    Nov 23, 2007
    Messages:
    12,788
    Likes Received:
    8,175
    Location:
    London, UK
    I wasn't even aware that there was an API to read the clipboard by background apps. This definitely needs to be behind an OS permission with the usual iOS options of: Never. Always. While using the App.
     
    BRiT likes this.
  6. orangpelupa

    orangpelupa Elite Bug Hunter
    Legend Veteran

    Joined:
    Oct 14, 2008
    Messages:
    8,452
    Likes Received:
    1,848
    Yeah phone os, especially Android is security nightmare. It's as it they are being developed with banking on "developers are good guys/gals". They're getting better but not as fast as I'm comfortable with.

    Hilariously, many of android security shortcomings have been fixed by lineageos privacy guard since eons ago. But Google never adopted it.

    For example, android apps used to need to ask for permission to read all your contacts just to get your identity/identifier. Android apps also used to need to be able to read all sms messages just to be able to automatically reads token key/number on sms. Some apps works just fine if you disagree. Some other will simply close.

    Lineageos' privacy guard allows your to give dummy data. So the app will still work, your data stays safe.
     
    Silent_Buddha and BRiT like this.
Loading...

Share This Page

  • About Us

    Beyond3D has been around for over a decade and prides itself on being the best place on the web for in-depth, technically-driven discussion and analysis of 3D graphics hardware. If you love pixels and transistors, you've come to the right place!

    Beyond3D is proudly published by GPU Tools Ltd.
Loading...