TikTok Doesn’t Belong On Your Phone Because It Is A Privacy & Security Nightmare Says Security Researcher
According to a security researcher who posted to Reddit, TikTok is one app that if you value your privacy and security, you need to delete ASAP. Here’s why:
TikTok is a data collection service that is thinly-veiled as a social network. If there is an API to get information on you, your contacts, or your device… well, they’re using it.
- Phone hardware (cpu type, number of course, hardware ids, screen dimensions, dpi, memory usage, disk space, etc)
- Other apps you have installed (I’ve even seen some I’ve deleted show up in their analytics payload – maybe using as cached value?)
- Everything network-related (ip, local ip, router mac, your mac, wifi access point name)
- Whether or not you’re rooted/jailbroken
- Some variants of the app had GPS pinging enabled at the time, roughly once every 30 seconds – this is enabled by default if you ever location-tag a post IIRC
- They set up a local proxy server on your device for “transcoding media”, but that can be abused very easily as it has zero authentication
The stuff that I’ve listed above is pretty bad. But it gets worse:
Here’s the thing though.. they don’t want you to know how much information they’re collecting on you, and the security implications of all of that data in one place, en masse, are f**king huge. They encrypt all of the analytics requests with an algorithm that changes with every update (at the very least the keys change) just so you can’t see what they’re doing. They also made it so you cannot use the app at all if you block communication to their analytics host off at the DNS-level.
For what it’s worth I’ve reversed the Instagram, Facebook, Reddit, and Twitter apps. They don’t collect anywhere near the same amount of data that TikTok does, and they sure as hell aren’t outright trying to hide exactly whats being sent like TikTok is. It’s like comparing a cup of water to the ocean – they just don’t compare.
This is just downright scary. And this Reddit thread is gaining attention. Security company Zimperium had its own look at TikTok and it says its a security risk. Anonymous has said to “delete this Chinese spyware now.” The Pentagon advises that TikTok should be deleted from phones. Something that the US Army has taken heed of. And while this likely has more to do with a border issue between China and India, the latter has banned a pile of Chinese apps, which includes TikTok.
The point is that it’s pretty clear that TikTok is a security risk of epic proportions. If you value your security, I would read the Reddit thread and then make your own decision as to if TikTok deserves a place on your smartphone. Or your kids smartphone for that matter.
July 7, 2020 at 1:39 pm
[…] This comes after TikTok and other Chinese apps got banned in India. Not to mention that TikTok is a …. Now some of this is because of politics as well. After all, the current US government doesn’t like China. But plenty of teens and millennials like TikTok. Thus any ban would likely spark a reaction from those groups. […]
July 22, 2020 at 10:11 am
[…] been a lot of talk about TikTok. Most notably that it is a security risk because of how aggressive the popular app is at collecting d…. That’s led to it being banned in India and has also led to discussions about it being banned […]
July 29, 2020 at 10:00 am
[…] India recently banned TikTok as part of an ongoing spat with China where India cites security reasons for the ban. But news out of India indicates that this may not be the end as the Indian government is looking to ban hundreds of Chinese apps citing the same security reasons: […]
December 31, 2020 at 8:58 am
[…] threat. Perhaps that’s true as TikTok does do some things that are kind of sketchy. Such as the app itself being incredibly invasive, and the company sending info about American job applicants to China. Or perhaps it’s because […]