TikTok’s data harvesting may be more aggressive than you think

(Photo by Chesnot/Getty Images)

Over the past two years, TikTok’s explosive growth has become a rare example of a Chinese internet company’s success in the West. In addition to TikTok, which we know well in the international market, another name for the app in the Chinese market is Douyin. In fact, since TikTok has repeatedly achieved the top download in its category, there have been sceptical observations about its use and protection of personal data. As of January 2021, 43.7% of the users were aged between 18-24 years old, and 31.9% for 25-34. Opinions are largely divided on whether to ban TikTok or refine the regulations.

TikTok and Douyin

TikTok and Douyin

ByteDance and some of its subsidiaries

ByteDance and some of its subsidiaries

A few days ago, Penetrum, an Internet 2.0 company, released a technical analysis report on the TikTok app, which revealed that in its source code, 37.70% of the known IP addresses belong to Alibaba Group, a government-sanctioned ISP founded by Jack Ma, located in Hangzhou, China. The group’s privacy policy states that they share and distribute the personal information of their users.

It is true that, out of rational considerations, we do not need to be prejudiced against TikTok just because it’s a subsidiary of a Chinese company. However, it is hard to imagine companies like ByteDance that have massive influential power would be able to grow giant without the support of the Chinese government. Not only that, but many reports have shown that even though TikTok has local operation teams in the U.S. and Australia, employees at the parent company still have access to data on overseas users. Because of this unfettered authority, TikTok is in a very different position from Facebook and Google, which also collect massive amounts of user data daily.

TikTok Australia asserted that they are independent when confronted with doubts, giving the impression that they would not share user data with foreign governments. However, keep in mind that it is a law in China for companies and citizens to share their information when required by the relevant authorities in name of ‘national security.’

“When the app is in use, it has the ability to scan the entire hard drive, access the contact lists, as well as see all other apps that have been installed…..If you tell Facebook you don’t want to share something, it won’t ask you again. TikTok is much more aggressive.” says Robert Potter, the co-CEO of Internet 2.0.

According to a TikTok analysis presented by Internet 2.0, some access that TikTok requests do not seem to be necessary for a social media app:

  • Reads the GPS location once per hour (even when it’s running in the background)
  • Scans all other applications running on the phone
  • Gathers the list of all apps installed on the phone
  • Complete access to read the clipboard
  • Information of all accounts on the device
  • Retreives a list of all files on external storageByteDance
Get location code

Get location code

TikTok get longitude and latitude data requests

TikTok get longitude and latitude data requests

Get all applications and running tasks on the device

Get all applications and running tasks on the device

TikTok Android access permissions

TikTok Android access permissions

TikTok iOS access permissions

TikTok iOS access permissions

List everything in external storage

List everything in external storage

None of the permissions listed above should be essential. From the access scale, it is more of a harvesting behaviour that will potentially lead to a more valuable outcome for the business but barely anything to its end users.

Whether it’s just a political football or genuine privacy threats, as end users, we don’t necessarily have to provide a positive response to the demands of requests for permissions from the app. Keeping the permissions at a minimum level would be good enough for the apps to do the job, for you.


Source: https://ausdroid.net/2022/07/28/tiktoks-data-harvesting-may-be-more-aggressive-than-you-think/