TikTok is not something new or unknown for most of you. Even if you haven’t used it, you are likely to have heard about it and quite possibly seen videos that were uploaded from the app and even heard of some of its viral dance trends.
Source: celebmix.com
What you may not have known was that TikTok (launched in 2017) is a close copy of an app called Douyin (launched in 2016) which is extremely popular in China. Both these have their parent company as ByteDance and TikTok really took off after its merger with Musical.ly in August of 2018. Now, TikTok is one the most downloaded apps in the running with other apps like WhatsApp and Facebook and it has users spending almost as much time on it as users do on YouTube. All this means that TikTok is reported to have had a net profit in 2019 of $3 Billion (that’s not a typo).
But with all this popularity, TikTok’s scandal has recently become the latest hot topic around. Now it’s not uncommon for social media platforms to have their share of user data related scandals, like Facebook’s Cambridge Analytica scandal in 2018. However, what’s scary is that even computer security experts believe that those scandals are child’s play compared to what TikTok does. On top of all this, TikTok’s parent company being in China has not done anything to help lessen the scare people have about this scandal.
One of the main sources that really blew this scandal up was because a computer application developer was able to reverse engineer the app (work out the functionality by studying how the app works at a very basic level) and found some very alarming problems. Going by the Reddit username “bangorlol”, the researcher called the app a “data collection service that is thinly-veiled as a social network” and recommended people to remove the app from their phones immediately. He has found the app capturing a host of data that no app would legitimately have any need for. The TikTok app was seen to be capturing information about your phone, about you, your contacts, you network information like the name of your WiFi and identifying if your phone is rooted / jailbroken (this means that the restrictions on the apps in your phone have been removed).
On top of this information, several more issues were found that are even more alarming and some that hit a little too close for comfort. It was found that some previous versions of the app were pinging and getting your GPS location every 30 seconds. This is something that would freak you out if it was a loved one who did it but to think that this was being done by some company and people you knew nothing about, should really have us scrambling to get rid of this app.
The TikTok scandal also took another sharp turn for the worse when a new iOS feature that was being tested out by some users, found that the app was constantly pulling the content off your clipboard. This was found thanks to a new security feature in the latest version of iOS which throws up a prompt each time some app copies content that is on your clipboard (this is where your phone stores stuff you copy temporarily).
Source: www.forbes.com
Now to be fair a lot of other apps have also been caught doing this, though they all claim that this was not intentional. However, with all the concerns that are there with TikTok, this newest piece of news simply piles on to the growing problem. Now, we don’t know if something similar happens on Android since this isn’t a feature that is yet available. But hopefully Android will follow soon with a similar feature.
If you are wondering what sorts of implications copying stuff off your clipboard can have, just remember that this is being done even when you are not on the app and it means that it could potentially be copying stuff like your password or bank account information as you copy it to try and use it with other legitimate app. No one however knows for certain what the app is doing with these details, but it has certainly added a lot of fuel to the TikTok fire storm.
Some older versions of the TikTok app have also been seen to be able to download zip files from remote servers and then unzip and run the content as executable files. If you are not someone familiar with Cyber security too much, you won’t realize how horrifying this is until you find out that this is basically what viruses do on a regular basis. The comparison to a malware continues as researchers have found that the app takes extra ordinary precautions to hide what the app is actually doing. It was found that the app intentionally changes the way it behaves when it detects that it is being studied. Now, you can argue that this is simply to protect the code from competitors but with everything else that this app has been found doing, the app is looking more, and more like a malware. In fact, it has also been found that the app simply doesn’t work if you try to block it from communicating with a remote analytics server, which is not something a normal app should reasonably be doing.
Now all of this is not just based on one researcher’s report. Other cyber security firms like Check Point have found that the app has backdoors (ways for someone to remotely access the app and potentially your phone) and many more security flaws. It has in fact, actually been called as a “spyware” which is not a name that should be associated with a basic video sharing app.
Others have gone on to say that TikTok has a “philosophy focused on constant capture of all kinds of user data” and that “these issues are not mistakes or carelessness but are by design”.
To add to all this, the cherry on top is that TikTok has on several occasions been accused of censoring content that was seen as harmful towards the Chinese government. Of course, TikTok has denied that it does such actions and that the reported incident was a mistake.
Now all of this is not gossip or rumors, the sources for this article include, Business Insider stories, articles on Forbes and the New York times among a few others. So, it’s generally safe to say that what is going on is a lot more complicated that a mere conspiracy. In fact, the dangers of this app are so notable that India has banned the app completely along with several other Chinese apps over security and privacy concerns and the US armed forces personal have also been asked not to have the app installed. This is ahead of the US contemplating whether to ban the app completely.
All of this goes towards wondering how much of your privacy and personal details you are willing to risk in order to make your next dance video for social media. While other social media apps have not been saints by any measure TikTok is making them all seem like role model apps. So, what does this mean to an individual? Well, it seems that unless you are someone who’s phone has a lot of sensitive information, as it would be the case if you used your phone for a lot important work related matters, it wouldn’t be too bad to have the app installed. However, some experts fear that the bigger threat of TikTok would not be to the individual but at a national level.
This sort of a scandal also goes to show how much we expose are selves without ever realizing it when we simply sign up for a new trending app, and how much we depend on others like Apple or Android to keep us safe, because if it was not for features like in the iOS update, normal users like you and I would have no way of knowing when some app is taking advantage of us.
