_edited.jpg)
.png)
NEWS INSIGHT
TikTok’s Excessive Data Collection
by Duygu BAYRAM
Humans have been developing ways to convince consumers to buy their products since they had any products to sell. This desire gave rise to advertising which, until recently, depended on broad strategies to convince masses through manipulation of human psychology. With social media, companies, organizations, and politicians alike now have the power to individualize their advertisements to more effectively target specific people and audiences based on their user profiles. Almost all information you put out there is processed and saved and sold, sometimes in favor of companies and sometimes governments.
There is a lot to discuss whether internet services are worth such an invasion of privacy, or whether we even have the chance to reject these services. Is growing surveillance in exchange for comfort the way to go? Is this just change that we should get used to, is it only an overreaction or needless paranoia to be against data collection? That is up to the user to decide, but regardless of how someone may feel about the fact, it is still important to know what is going on before making a decision.
To narrow down a broad subject, one can look at the recent and ever-growing list of news of social media apps being revealed to collect an excessive amount of user data. This data is later used for marketing so companies can advertise to people who are more likely to buy their product in ways that are more likely to convince them so they can cut costs on advertising. Politicians can also use it in favor of their campaign, to sway voters and to control which information the public gets to see. In short, your data is sold to more effectively manipulate you to benefit the buyer. Now, this is not new nor is it necessarily a secret. Regardless, most people seem to still be in dark about how much of their data is being collected and what exactly is being done with it, despite the privacy laws. TikTok is a recent example of that.
TikTok effectively replaced Vine and managed to become one of the most used social media apps currently. (1) However, recently it’s been revealed it may be secretly collecting more data than other known social media apps. Some have argued this claim is somewhat political, that people seem to be fine with it when the US does it and not when China does. Nevertheless, TikTok does seem to be holding a lot of information on its users that people should know about and was found to censor videos that do not favor China (2).
In December 2019, TikTok faced a lawsuit that accused them of sending user data to China (3). The company was additionally accused of taking user content without their consent and having vague privacy policies, as listed and explained in this Guardian article. The accuser also expressed concern over potential biometric data collection as the videos feature the users’ faces.
Misty Hong, the college student who filed the lawsuit, found that TikTok created a shadow profile for her despite her never creating an account. She accused TikTok of sending her videos to China servers despite her never saving or publishing the videos she had made. The lawsuit also claimed Tiktok collects information on the user’s phone and social network contacts, email addresses, IP address, location, and more. TikTok also seems to hide that they are transferring this data and that they continue to store this data even when the app is closed.
In March 2020, two researchers, Talal Haj Bakry and Tommy Mysk found that TikTok copies the Clipboard content of its users (4). TikTok responded by a statement saying they would remove the feature; however, in June 2020 it was found the app still performs this action as revealed by a new iOS update (5). Twitter user @jeremyburge shared a video showing this action as it happens (6).
In 2020, three months ago, Reddit user Bangorlol made a comment (7) claiming that he has reverse-engineered TikTok and found that the app collects a worrying amount of data. To quote, “TikTok is a data collection service that is thinly-veiled as a social network. If there is an API to get information on you, your contacts, or your device... well, they're using it.” He told Bored Panda that his career has been reversing mobile applications and building third-party functionality around them (8). On his Reddit comment, he provides a list of what kind of information TikTok collects:
-
Phone hardware (cpu type, number of course, hardware ids, screen dimensions, dpi, memory usage, disk space, etc)
-
Other apps you have installed (I've even seen some I've deleted show up in their analytics payload - maybe using as cached value?)
-
Everything network-related (ip, local ip, router mac, your mac, wifi access point name)
-
Whether or not you're rooted/jailbroken
-
Some variants of the app had GPS pinging enabled at the time, roughly once every 30 seconds - this is enabled by default if you ever location-tag a post IIRC
-
They set up a local proxy server on your device for "transcoding media", but that can be abused very easily as it has zero authentication
He also pointed out that TikTok goes to great lengths to hide this fact. He explained further to Bored Panda, “TikTok put a lot of effort into preventing people like me from figuring out how their app works. There is a ton of obfuscation involved at all levels of the application, from your standard Android variable renaming grossness to them (Bytedance) forking and customizing OLLVM for their native stuff. They hide functions, prevent debuggers from attaching, and employ quite a few sneaky tricks to make things difficult. Honestly, it is more complicated and annoying than most games I have targeted.”
Additionally, he explains that the app has features that a mobile app does not need, such as code allowing the download of a zipped file, unzipping it, and executing it. TikTok also encourages its users to indulge in their app by featuring new videos more frequently and subsequently giving the user a sense of virality. Bangorlol warned TikTok users in his discussion with Bored Panda, “TikTok might not meet the exact criteria to be called ‘Malware’, but it is definitely nefarious and (in my humble opinion) outright evil. There is a reason governments are banning it. Do not use the app. Do not let your children use it. Tell your friends to stop using it. It offers you nothing but a quick source of entertainment that you can get elsewhere without handing your data over to the Chinese government. You are directly putting yourself and those on your network (work and home) at risk.”
TikTok is consistently wrapped up in controversy, sometimes of the social kind, being criticized for its user base of minors and the concerning culture of the app, and sometimes of the legal and technical kind regarding its censorship and data policies. Furthermore, the company seems to have a history of not fixing these issues despite their promises of looking into them. While the app offers great entertainment, potential users should be aware of its often condemned actions.
