According to the popular hacking group who goes by the pseudonym “Anonymous,” the popular Chinese service TikTok is actually malware developed by the PRC authorities for mass surveillance. Anonymous urged users to immediately remove the application.
Anonymous emphasizes that transferring user data to the Chinese authorities can have consequences for everyone, including those who are not afraid of surveillance by the PRC.
The fact that TikTok secretly collects personal data of users was previously reported by a Reddit user under the nickname Bangorlol, who analyzed the principles of the application.
“TikTok is a data collection service that is thinly-veiled as a social network. If there is an API to get information on you, your contacts, or your device… well, they’re using it”.
According to him, in addition to information about the user and contacts, TikTok also collects information about the device, including the type of processor and serial number, information about other installed applications, WiFi access points, IP and other data.
Bangorlol also indicated that TikTok may request location data every 30 seconds.
The worst thing he believes is that the commands for collecting data are configured remotely.
“They encrypt all of the analytics requests with an algorithm that changes with every update (at the very least the keys change) just so you can’t see what they’re doing. They also made it so you cannot use the app at all if you block communication to their analytics host off at the DNS-level,”Bangarlol (reddit).
For a long time, TikTok also did not use the secure HTTPS protocol, so user data could be viewed.
Bangorlol said the consequences of collecting user information on such a scale could be huge.
Emojipedia‘s Jeremy Burge noticed that TickTok accesses the clipboard every few seconds. He revealed this by using the beta version of iOS 14, in which users are notified when an application gains access to the clipboard.
TikTok said the problem was caused by a “function designed to detect spam” and promised to fix it, Forbes writes.
In addition to TikTok, more than 30 applications can access the clipboard, Tommy Mysk and Talal Haj Bakri discovered in March. Thus, services could access confidential information that the user copies to the clipboard. This can be absolutely any information, including bank card data or cryptocurrency wallets.
Among these applications were including Viber, Weibo and Fruit Ninja.
As of June 30, representatives of some services said that they removed the ability to access the clipboard.
In June 2020, the Indian government banned TikTok and more than 50 Chinese applications. Authorities said they received a lot of reports about using these services “to steal and secretly transfer user data to servers located outside of India.”