TikTok Reverse Engineered: What Was Discovered Will Make You Delete It ASAP

tiktok 2
Yesterday, we brought you news that the TikTok app has been doing some shady things behind the scenes with devices running iOS. Following the release of the first iOS 14 beta, it was discovered that TikTok was pinging the system clipboard constantly and pasting that data for its own use.

Without the steady stream of pop-up notifications about clipboard access being presented to endusers -- which is a new feature in iOS 14 to help spot any potential privacy violations -- most people wouldn't have even known about TikTok's nefarious behavior, which developer ByteDance said was in place to "identify repetitive, spammy behavior."

However, this isn't the first time that the TikTok app has come under fire for how it handles private data. Roughly two months ago, redditor Bangorlol posted a thread talking about the disturbing details he found while reverse-engineering the app. The app, which has already drawing negative attention as a potential spying platform for the Chinese government, came under scrutiny for a number of shady practices.

Right off the bat, Bangorlol accused the app of being a "data collection service that is thinly-veiled as a social network." After sifting through TikTok's code, this is what Bangorlol found:

  • Phone hardware (cpu type, number of course, hardware ids, screen dimensions, dpi, memory usage, disk space, etc)
  • Other apps you have installed (I've even seen some I've deleted show up in their analytics payload - maybe using as cached value?)
  • Everything network-related (ip, local ip, router mac, your mac, wifi access point name)
  • Whether or not you're rooted/jailbroken
  • Some variants of the app had GPS pinging enabled at the time, roughly once every 30 seconds - this is enabled by default if you ever location-tag a post IIRC
  • They set up a local proxy server on your device for "transcoding media", but that can be abused very easily as it has zero authentication

Even more disturbing according to the analysis was that the logging activity is configured remotely, which makes reverse engineering and trying to determine what ByteDance is actually up to increasingly difficult. And it gets even creepier from there, as the redditor wrote, "Oh, there's also a ton of creepy old men who have direct access to children on the app, and I've personally seen (and reported) some really suspect stuff. 40-50 year old men getting 8-10 year old girls to do "duets" with them with sexually suggestive songs."

And here's food for thought; Bangorlol alleges that reverse engineering other popular social media apps like Facebook, Instagram and Twitter didn't find nearly as much data collection going on -- there was absolutely no comparison.

tiktok

He concludes his findings, writing, "tl;dr; I'm a nerd who figures out how apps work for a job. Calling it an advertising platform is an understatement. TikTok is essentially malware that is targeting children. Don't use TikTok. Don't let your friends and family use it."

We have to be clear here that these are just the findings of one software engineer, but they do line up with the reprehensible clipboard behavior that was outed by iOS 14. Tell us what you think about TikTok in the comments section, and if you have the app installed. If so, do you plan on keeping it or ditching it following these new revelations?


Show comments blog comments powered by Disqus