Turns out TikTok has questionable security, and frequently data mines users

4

Again, a large tech company has questionable data policies. Are we even surprised? Hells no. A few years ago, Facebook underwent an inquisition after reports surfaced that user information was being sold to advertising agencies. Since then, multiple reports have come out about social platforms misusing user data. It happens almost daily.

A Reddit user and software engineer went and reverse-engineered TikTok to see what makes it tick (heh). And what he found is very worrying, and somewhat expected, knowing what information apps and social platforms know about their users. But still worrying. 

It’s interesting to see that Facebook, Instagram, Google and Twitter are basically online security havens compared to TikTok, according to the engineer who did all of the heavy lifting for us. “ reverse-engineered the app, and feel confident in stating that I have a very strong understanding for how the app operates (or at least operated as of a few months ago),” he said in his comment. 

What TikTok knows

Bangorlol, who has 15 years of software engineering experience, basically recommended that people stop using TikTok, and definitely shouldn’t allow their children to use the app, following his findings. Considering that TikTok was the 4th most popular free iPhone app download in 2019, this is worrying.

“TikTok is a data collection service that is thinly-veiled as a social network. If there is an API to get information on you, your contacts, or your device… well, they’re using it.” According to his research, TikTok collects more data than he has ever seen an app collects on its users, including CPU type, your phone number, hardware IDS, screen dimensions, DPI, memory usage and disk space. And we haven’t even gotten to personal information and location tracking yet. 

It may even track “[o]ther apps you have installed (I’ve even seen some I’ve deleted show up in their analytics payload – maybe using as cached value?)” It even tracks network info, including your IP, local IP, router mac number, your mac number, and even the wifi access point name. 

“Some variants of the app had GPS pinging enabled at the time, roughly once every 30 seconds – this is enabled by default if you ever location-tag a post-IIRC.” This is one of the most intrusive location-tracking tactics we’ve heard of. Luckily, most newer models of both iOS and Android allows you to turn off location tracking in apps completely, and it will prompt you to give consent when opening the app for the first time. 

There are many more security flaws in this app according to Bangorlol, but we won’t bore you with any more technical talk. All you need to know is that TikTok is hella insecure when it comes to user information, and a professional in-app reverse engineering completely warns against using the Chinese app. 

Share.

About Author

Deputy Editor at Stuff. Never mind the fancy title, I like writing about things that are cool. Like games, gadgets and sometimes even software. Depending on how cool it is.