According to an Australian cybersecurity firm investigation, TikTok, the overseas version of Douyin, collects massive amounts of user data.
The TikTok app on Apple’s iOS system connects to servers in mainland China, while on Android’s system, it collects data from all other running and installed apps.
A TikTok data investigation white paper report released by Internet 2.0, a cybersecurity company, on July 18 stated: “TikTok’s smart mobile application is built on a platform that does not respect the principle of privacy, while most permissions required and device information collected are unnecessary for its operation.”
Due to the limitations of Apple’s iOS system, the Internet 2.0 only performed a static analysis of TikTok on iPhones, that is, testing and examining the code without running the app. The investigation found that TikTok connected to servers in mainland China.
While TiTtok objected that the accusation of Internet 2.0 was groundless and insisted that the IP address was in Singapore, Internet 2.0 said: “The IP addresses analyzed were in China and were often changing. However, from various IP addresses, it was possible to find that they were actually connected to Guizhou, China. This was confirmed by using certain safety products and confirmation methods, including the VirusTotal, Metasploit, the open source security vulnerabilities detection tool, security tracking, and sandbox testing.”
The investigation found that TikTok on Android collects information about all other running and installed apps on users’ phones. And the information gathered did not aim at supporting the normal functioning of TikTok, and theoretically, it is sufficient to picture the actual status of a user’s phone.
Internet 2.0 analyzed two states of TikTok, running and not running the App in the Android system, and found that TikTok tracks the GPS location information of the Android device at least hourly, and even the user has denied its permission to the address book, the app keeps on asking for access to contact information until permission is granted.
“It is normal for an app to ask for permission to access the contact information at the beginning, but it is not normal for Apps to harass users to persistently ask for access to contact information. This reflects a culture that the App does not prioritize privacy or user’s privacy preferences,” the report said.
The report also found TikTok had “excessive” access to calendars. The survey found that TikTok can access continuously and modify user calendars, even if users only use TikTok at certain times, such as live broadcasts.
Internet 2.0 pointed out that TikTok’s access to external devices is also “excessive.” “While accessing external storage is a standard command for social media apps to store videos and pictures, TikTok not only retrieves and views folders in the phone but also views everything available in the list of the external storage folder, which we consider as ‘excessive,’” the report said.
Robert Potter, co-CEO of Internet 2.0, told 3AW radio that the company’s research showed that TikTok is “collecting a lot more data than they say.”
“When you open TikTok, it has access to the entire hard drive of your phone, your calendar, your contact list, and all the photos.”
Overwhelming Popularity Might Become Problematic
In a discussion about the evolution of search, Senior Vice President Prabhakar Raghavan, who runs Google’s Knowledge & Information Organization, noted that younger users would now turn to popular social media apps like TikTok for discovery purposes. “In the internal studies, almost 40 percent of young people, when looking for a place for lunch, don’t go to Google Maps or Search,” he continued. “They go to TikTok or Instagram.” said the vice president. Google also confirmed the figures were based on an internal survey of American users aged 18 to 24.
The studies showed that younger generations are more likely to download or have downloaded TikTok on their mobile devices without knowing their privacy had been breached.
The Internet 2.0 company’s white paper report has been submitted to lawmakers in Australia and the United States.
James Paterson, Senator representing the Liberal Party in Australia, tweeted: “It is worrying that user data is being collected and accessed by mainland China. It is even more disturbing to know what user data is collected by Tik Tok. The Anthony Albanese government must not sit on its hands and should take action to protect Australians’ cybersecurity and privacy.”
TikTok replied to Paterson that it could collect information about users visiting Australia from mainland China.
“This Chinese company should have been honest from the beginning, but it’s trying to hide its purpose. Americans need to know that when they’re on TikTok, the Chinese Communist Party will get the information,” Marsha Blackburn, Republican Senator of Tennessee, told Bloomberg.